lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 4 Jan 2023 14:22:46 +0100
From:   Christian König <christian.koenig@....com>
To:     Greg KH <gregkh@...uxfoundation.org>,
        Dragos-Marian Panait <dragos.panait@...driver.com>
Cc:     stable@...r.kernel.org, Jiasheng Jiang <jiasheng@...as.ac.cn>,
        Felix Kuehling <Felix.Kuehling@....com>,
        Alex Deucher <alexander.deucher@....com>,
        Oded Gabbay <oded.gabbay@...il.com>,
        David Zhou <David1.Zhou@....com>,
        David Airlie <airlied@...ux.ie>,
        dri-devel@...ts.freedesktop.org, amd-gfx@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.19 1/1] drm/amdkfd: Check for null pointer after calling
 kmemdup

Am 04.01.23 um 13:41 schrieb Greg KH:
> On Tue, Jan 03, 2023 at 08:43:08PM +0200, Dragos-Marian Panait wrote:
>> From: Jiasheng Jiang <jiasheng@...as.ac.cn>
>>
>> [ Upstream commit abfaf0eee97925905e742aa3b0b72e04a918fa9e ]
>>
>> As the possible failure of the allocation, kmemdup() may return NULL
>> pointer.
>> Therefore, it should be better to check the 'props2' in order to prevent
>> the dereference of NULL pointer.
>>
>> Fixes: 3a87177eb141 ("drm/amdkfd: Add topology support for dGPUs")
>> Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
>> Reviewed-by: Felix Kuehling <Felix.Kuehling@....com>
>> Signed-off-by: Felix Kuehling <Felix.Kuehling@....com>
>> Signed-off-by: Alex Deucher <alexander.deucher@....com>
>> Signed-off-by: Dragos-Marian Panait <dragos.panait@...driver.com>
>> ---
>>   drivers/gpu/drm/amd/amdkfd/kfd_crat.c | 3 +++
>>   1 file changed, 3 insertions(+)
> For obvious reasons, I can't take a patch for 4.19.y and not newer
> kernel releases, right?
>
> Please provide backports for all kernels if you really need to see this
> merged.  And note, it's not a real bug at all, and given that a CVE was
> allocated for it that makes me want to even more reject it to show the
> whole folly of that mess.

Well as far as I can see this is nonsense to back port.

The code in question is only used only once during driver load and then 
never again, that exactly this allocation fails while tons of other are 
made before and after is extremely unlikely.

It's nice to have it fixed in newer kernels, but not worth a backport 
and certainly not stuff for a CVE.

Regards,
Christian.


>
> thanks,
>
> greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ