ACK: [SRU][J/F][PATCH 0/2] CVE-2024-56551
Tim Whisonant
tim.whisonant at canonical.com
Tue Apr 15 01:18:59 UTC 2025
On Mon, Apr 14, 2025 at 11:49:10AM +0200, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2024-56551
>
> [ Impact ]
>
> drm/amdgpu: fix usage slab after free
>
> The root cause of the issue is that the function drm_sched_fini is called before drm_sched_entity_kill.
> In drm_sched_fini, the drm_sched_rq structure is freed, but this structure is later accessed by
> each entity within the run queue, leading to invalid memory access.
> To resolve this, the order of cleanup calls is updated:
>
> Before:
> amdgpu_fence_driver_sw_fini
> amdgpu_device_ip_fini
>
> After:
> amdgpu_device_ip_fini
> amdgpu_fence_driver_sw_fini
>
> This updated order ensures that all entities in the IPs are cleaned up first, followed by proper
> cleanup of the schedulers.
>
> Additional Investigation:
>
> During debugging, another issue was identified in the amdgpu_vce_sw_fini function. The vce.vcpu_bo
> buffer must be freed only as the final step in the cleanup process to prevent any premature
> access during earlier cleanup stages.
>
> [ Fix ]
>
> Oracular: Fixed via upstream stable updates (LP: #2095594)
> Noble: Fixed via upstream stable updates (LP: #2101915)
> Jammy: Backported from mainline
> Focal: Backported from mainline
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Where Problems Could Occur ]
>
> The fix affects the AMDGPU DRM driver.
> An issue with this fix may introduce inconsistencies
> in scheduling entity cleanup sequence, potentially
> resulting in premature release of scheduling structures.
> A user might experience problems such as system instability,
> GPU hangs or kernel crashes.
>
> --
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list