lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241008073103.987926-1-ymaman@nvidia.com>
Date: Tue, 8 Oct 2024 10:31:01 +0300
From: Yonatan Maman <ymaman@...dia.com>
To: <kherbst@...hat.com>, <lyude@...hat.com>, <dakr@...hat.com>,
	<airlied@...il.com>, <daniel@...ll.ch>, <bskeggs@...dia.com>,
	<jglisse@...hat.com>, <dri-devel@...ts.freedesktop.org>,
	<nouveau@...ts.freedesktop.org>
CC: Yonatan Maman <Ymaman@...dia.com>, <linux-kernel@...r.kernel.org>,
	<stable@...r.kernel.org>
Subject: [PATCH v3 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration

From: Yonatan Maman <Ymaman@...dia.com>

This patch series addresses two critical issues in the Nouveau driver
related to device channels, error handling, and sensitive data leaks.

- Vulnerability in migrate_to_ram: The migrate_to_ram function might
  return a dirty HIGH_USER page when a copy push command (FW channel)
  fails, potentially exposing sensitive data and posing a security
  risk. To mitigate this, the patch ensures the allocation of a non-dirty
  (zero) page for the destination, preventing the return of a dirty page
  and enhancing driver security in case of failure.

- Privileged Error in Copy Engine Channel: An error was observed when
  the nouveau_dmem_copy_one function is executed, leading to a Host Copy
  Engine Privileged error on channel 1. The patch resolves this by
  adjusting the Copy Engine channel configuration to permit privileged
  push commands, resolving the error.

Changes since V2:
- Fixed version according to Danilo Krummrich's comments.


Yonatan Maman (2):
  nouveau/dmem: Fix privileged error in copy engine channel
  nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

 drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
 drivers/gpu/drm/nouveau/nouveau_drm.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ