ACK: [SRU][Jammy][PATCH 0/1] idxd: fix NULL pointer dereference reading wq op_config attribute
Philip Cox
philip.cox at canonical.com
Wed Jun 12 12:30:22 UTC 2024
On Tue, 2024-06-11 at 13:59 -0500, Jacob Martin wrote:
> BugLink: https://bugs.launchpad.net/bugs/2069081
>
> SRU Justification
>
> [Impact]
> Systems that use the Intel Data Accelerator Driver (IDXD) may see a
> kernel NULL pointer dereference when reading the op_config attribute
> of an idxd WQ, if WQs do not offer the op_config capability.
>
> On a DGXH100 system, this can be reproduced by running:
> $ cat /sys/devices/pci0000\:e7/0000\:e7\:02.0/iax3/wq3.7/op_config
>
> This affects 5.15.0-112-generic, and derivative kernels based on that
> generic version.
>
> [Fix]
>
> Author: Jacob Martin <jacob.martin at canonical.com>
> Date: Tue Jun 11 11:48:32 2024 -0500
>
> UBUNTU: SAUCE: dmaengine: idxd: set is_visible member of
> idxd_wq_attribute_group
>
> BugLink: ...
>
> The backport of commit b0325aefd398 ("dmaengine: idxd: add WQ
> operation
> cap restriction support") for K5.15 omitted a line setting the
> is_visible callback of idxd_wq_attribute_group to the
> idxd_wq_attr_visible function introduced in the same commit.
>
> This results in the op_config attribute being accessible from
> userspace
> when the underlying wq->opcap_bmap pointer used to service reads
> from it
> is uninitialized, leading to a NULL pointer dereference when the
> op_config attribute is read. Resolve this by setting the
> is_visible
> callback as the upstream commit does.
>
> Signed-off-by: Jacob Martin <jacob.martin at canonical.com>
>
> This patch adds a line setting the is_visible callback of
> idxd_wq_attribute_group to the function introduced by the Jammy K5.15
> backport of commit b0325aefd398 ("dmaengine: idxd: add WQ operation
> cap restriction support"). The backport does not set this callback,
> but the upstream version does, so this fix is just bringing us in
> sync with the upstream commit.
>
> [Test Case]
> Verified that the patch "UBUNTU: SAUCE: dmaengine: idxd: set
> is_visible member of idxd_wq_attribute_group" resolves the issue on
> DGXH100. No instances of op_config are present under /sys, and thus
> the attribute cannot be read when it is invalid to do so on this
> system.
>
> [Regression Potential]
> There is a low risk of regression:
> * this is specific to systems using IDXD.
> * this patch brings us closer in-line with the upstream change.
>
> [Other]
> The Mantic 6.5 and Noble 6.8 kernels already have the upstream
> version of patch b0325aefd398 ("dmaengine: idxd: add WQ operation cap
> restriction support") as it was introduced in v6.1. These kernels set
> the is_visible attribute, so they are unaffected by this issue. Only
> Jammy K5.15 needs this fix.
>
> Jacob Martin (1):
> UBUNTU: SAUCE: dmaengine: idxd: set is_visible member of
> idxd_wq_attribute_group
>
> drivers/dma/idxd/sysfs.c | 1 +
> 1 file changed, 1 insertion(+)
>
> --
> 2.43.0
>
>
--
Acked-by: Philip Cox <philip.cox at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240612/1bedabb6/attachment.html>
More information about the kernel-team
mailing list