Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree

Intel-XE Archive on lore.kernel.org
 help / color / mirror / Atom feed

* Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree
@ 2025-02-18 14:11 gregkh
  2025-02-18 15:01 ` ✗ CI.Patch_applied: failure for " Patchwork
  0 siblings, 1 reply; 2+ messages in thread
From: gregkh @ 2025-02-18 14:11 UTC (permalink / raw)
  To: gregkh, gustavo.sousa, intel-xe, jonathan.cavitt, lucas.demarchi,
	matthew.d.roper, radhakrishna.sripada, rodrigo.vivi,
	thomas.hellstrom
  Cc: stable-commits


This is a note to let you know that I've just added the patch titled

    drm/xe/tracing: Fix a potential TP_printk UAF

to the 6.13-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-xe-tracing-fix-a-potential-tp_printk-uaf.patch
and it can be found in the queue-6.13 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


From 07089083a526ea19daa72a1edf9d6e209615b77c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= <thomas.hellstrom@linux.intel.com>
Date: Mon, 23 Dec 2024 14:42:50 +0100
Subject: drm/xe/tracing: Fix a potential TP_printk UAF
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Thomas Hellström <thomas.hellstrom@linux.intel.com>

commit 07089083a526ea19daa72a1edf9d6e209615b77c upstream.

The commit
afd2627f727b ("tracing: Check "%s" dereference via the field and not the TP_printk format")
exposes potential UAFs in the xe_bo_move trace event.

Fix those by avoiding dereferencing the
xe_mem_type_to_name[] array at TP_printk time.

Since some code refactoring has taken place, explicit backporting may
be needed for kernels older than 6.10.

Fixes: e46d3f813abd ("drm/xe/trace: Extract bo, vm, vma traces")
Cc: Gustavo Sousa <gustavo.sousa@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Cc: Radhakrishna Sripada <radhakrishna.sripada@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
Cc: "Thomas Hellström" <thomas.hellstrom@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: intel-xe@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v6.11+
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Jonathan Cavitt <jonathan.cavitt@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241223134250.14345-1-thomas.hellstrom@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/gpu/drm/xe/xe_trace_bo.h |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

--- a/drivers/gpu/drm/xe/xe_trace_bo.h
+++ b/drivers/gpu/drm/xe/xe_trace_bo.h
@@ -55,8 +55,8 @@ TRACE_EVENT(xe_bo_move,
 	    TP_STRUCT__entry(
 		     __field(struct xe_bo *, bo)
 		     __field(size_t, size)
-		     __field(u32, new_placement)
-		     __field(u32, old_placement)
+		     __string(new_placement_name, xe_mem_type_to_name[new_placement])
+		     __string(old_placement_name, xe_mem_type_to_name[old_placement])
 		     __string(device_id, __dev_name_bo(bo))
 		     __field(bool, move_lacks_source)
 			),
@@ -64,15 +64,15 @@ TRACE_EVENT(xe_bo_move,
 	    TP_fast_assign(
 		   __entry->bo      = bo;
 		   __entry->size = bo->size;
-		   __entry->new_placement = new_placement;
-		   __entry->old_placement = old_placement;
+		   __assign_str(new_placement_name);
+		   __assign_str(old_placement_name);
 		   __assign_str(device_id);
 		   __entry->move_lacks_source = move_lacks_source;
 		   ),
 	    TP_printk("move_lacks_source:%s, migrate object %p [size %zu] from %s to %s device_id:%s",
 		      __entry->move_lacks_source ? "yes" : "no", __entry->bo, __entry->size,
-		      xe_mem_type_to_name[__entry->old_placement],
-		      xe_mem_type_to_name[__entry->new_placement], __get_str(device_id))
+		      __get_str(old_placement_name),
+		      __get_str(new_placement_name), __get_str(device_id))
 );
 
 DECLARE_EVENT_CLASS(xe_vma,


Patches currently in stable-queue which might be from thomas.hellstrom@linux.intel.com are

queue-6.13/drm-xe-tracing-fix-a-potential-tp_printk-uaf.patch

^ permalink raw reply	[flat|nested] 2+ messages in thread

* ✗ CI.Patch_applied: failure for Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree
  2025-02-18 14:11 Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree gregkh
@ 2025-02-18 15:01 ` Patchwork
  0 siblings, 0 replies; 2+ messages in thread
From: Patchwork @ 2025-02-18 15:01 UTC (permalink / raw)
  To: gregkh; +Cc: intel-xe

== Series Details ==

Series: Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree
URL   : https://patchwork.freedesktop.org/series/145018/
State : failure

== Summary ==

=== Applying kernel patches on branch 'drm-tip' with base: ===
Base commit: 4587c0599666 drm-tip: 2025y-02m-18d-09h-10m-11s UTC integration manifest
=== git am output follows ===
Patch is empty.
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To record the empty patch as an empty commit, run "git am --allow-empty".
To restore the original branch and stop patching, run "git am --abort".

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-02-18 15:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-02-18 14:11 Patch "drm/xe/tracing: Fix a potential TP_printk UAF" has been added to the 6.13-stable tree gregkh
2025-02-18 15:01 ` ✗ CI.Patch_applied: failure for " Patchwork

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox