Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers/gpu/drm/nouveau
History
Yonatan Maman 0486357541 nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error 
commit 835745a377a4519decd1a36d6b926e369b3033e2 upstream.

The `nouveau_dmem_copy_one` function ensures that the copy push command is
sent to the device firmware but does not track whether it was executed
successfully.

In the case of a copy error (e.g., firmware or hardware failure), the
copy push command will be sent via the firmware channel, and
`nouveau_dmem_copy_one` will likely report success, leading to the
`migrate_to_ram` function returning a dirty HIGH_USER page to the user.

This can result in a security vulnerability, as a HIGH_USER page that may
contain sensitive or corrupted data could be returned to the user.

To prevent this vulnerability, we allocate a zero page. Thus, in case of
an error, a non-dirty (zero) page will be returned to the user.

Fixes: 5be73b690875 ("drm/nouveau/dmem: device memory helpers for SVM")
Signed-off-by: Yonatan Maman <Ymaman@Nvidia.com>
Co-developed-by: Gal Shalom <GalShalom@Nvidia.com>
Signed-off-by: Gal Shalom <GalShalom@Nvidia.com>
Reviewed-by: Ben Skeggs <bskeggs@nvidia.com>
Cc: stable@vger.kernel.org
Signed-off-by: Danilo Krummrich <dakr@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20241008115943.990286-3-ymaman@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-23 23:21:53 +01:00
..
dispnv04 drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes 2024-11-19 14:19:34 +01:00
dispnv50 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
include Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvif Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvkm nouveau: fix instmem race condition around ptr stores 2024-11-19 11:32:23 +01:00
Kbuild Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_abi16.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_abi16.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_acpi.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_acpi.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_backlight.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bios.c drm: nv04: Fix out of bounds access 2024-11-19 11:32:21 +01:00
nouveau_bios.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo0039.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo74c1.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo85b5.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo90b5.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo5039.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_bo9039.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_boa0b5.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_chan.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_chan.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_connector.c drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes 2024-11-19 14:19:42 +01:00
nouveau_connector.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_crtc.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_debugfs.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_debugfs.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_display.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_display.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_dma.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_dma.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_dmem.c nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error 2024-11-23 23:21:53 +01:00
nouveau_dmem.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_dp.c drm/nouveau/dp: Don't probe eDP ports twice harder 2024-11-19 11:32:45 +01:00
nouveau_drm.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_drv.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_encoder.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_fbcon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_fbcon.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_fence.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_gem.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_gem.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_hwmon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_hwmon.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_ioc32.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_ioctl.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_led.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_led.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_mem.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_mem.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_nvif.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_platform.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_platform.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_prime.c drm/nouveau: prime: fix refcount underflow 2024-11-23 23:20:20 +01:00
nouveau_reg.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_sgdma.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_svm.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_svm.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_ttm.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_ttm.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_usif.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_usif.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_vga.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_vga.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nouveau_vmm.c nouveau/vmm: don't set addr on the fail path to avoid warning 2024-11-18 12:12:59 +01:00
nouveau_vmm.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv04_fbcon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv04_fence.c drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer 2024-11-18 12:12:39 +01:00
nv10_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv10_fence.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv17_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv50_display.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv50_fbcon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv50_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nv84_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvc0_fbcon.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nvc0_fence.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00