[SRU][F][PATCH 0/1] CVE-2022-38096

[Ian Whitfield]

[Impact]

vmw_context_cotable can return either an error or a null pointer and its
usage sometimes went unchecked. Subsequent code would then try to access
either a null pointer or an error value.

The invalid dereferences were only possible with malformed userspace
apps which never properly initialized the rendering contexts.

Check the results of vmw_context_cotable to fix the invalid derefs.

[Backport]

One conflict was due to this fix expecting another commit that
partially addressed one of the error/null checks. Since this complete
fix replaces the partial one, the conflict was resolved by adjusting
context.
Another conflict was due to this patch including fixes for two feature
commits that are not applied to this tree, so these fixes were removed
from the patch.

[Fix]

Oracular: not affected
Noble:    fixed via stable updates
Jammy:    fixed via stable updates
Focal:    backport
Bionic:   not affected
Xenial:   not affected
Trusty:   not affected

[Test Case]

Compile and boot tested

[Where problems could occur]

This fix affects those who use the DRM driver for VMware Virtual GPU. An
issue with this fix would be visible to the user as a system crash.

Zack Rusin (1):
  drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

-- 
2.43.0