lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZwUlcWka1_CgXRyG@cassiopeiae>
Date: Tue, 8 Oct 2024 14:28:33 +0200
From: Danilo Krummrich <dakr@...nel.org>
To: Yonatan Maman <ymaman@...dia.com>
Cc: kherbst@...hat.com, lyude@...hat.com, dakr@...hat.com,
	airlied@...il.com, daniel@...ll.ch, bskeggs@...dia.com,
	jglisse@...hat.com, dri-devel@...ts.freedesktop.org,
	nouveau@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device
 Channels configuration

On Tue, Oct 08, 2024 at 02:59:41PM +0300, Yonatan Maman wrote:
> From: Yonatan Maman <Ymaman@...dia.com>
> 
> This patch series addresses two critical issues in the Nouveau driver
> related to device channels, error handling, and sensitive data leaks.
> 
> - Vulnerability in migrate_to_ram: The migrate_to_ram function might
>   return a dirty HIGH_USER page when a copy push command (FW channel)
>   fails, potentially exposing sensitive data and posing a security
>   risk. To mitigate this, the patch ensures the allocation of a non-dirty
>   (zero) page for the destination, preventing the return of a dirty page
>   and enhancing driver security in case of failure.
> 
> - Privileged Error in Copy Engine Channel: An error was observed when
>   the nouveau_dmem_copy_one function is executed, leading to a Host Copy
>   Engine Privileged error on channel 1. The patch resolves this by
>   adjusting the Copy Engine channel configuration to permit privileged
>   push commands, resolving the error.
> 
> Changes since V3:
> - Fixed version according to Danilo Krummrich's comments.
> 
> Yonatan Maman (2):
>   nouveau/dmem: Fix privileged error in copy engine channel
>   nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

Applied to drm-misc-fixes, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ