Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]udmabuf: Set the DMA mask for the udmabuf device (v2)[EOL][EOL]If the DMA mask is not set explicitly, the following warning occurs[EOL]when the userspace tries to access the dma-buf via the CPU as[EOL]reported by syzbot here:[EOL][EOL]WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188[EOL]__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188[EOL]Modules linked in:[EOL]CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted[EOL]5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0[EOL]Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS[EOL]Google 01/01/2011[EOL]RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188[EOL]Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0[EOL]83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 <0f> 0b 45[EOL]   31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00[EOL]RSP: 0018:ffffc90002a07d68 EFLAGS: 00010293[EOL]RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000[EOL]RDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408[EOL]RBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f[EOL]R10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002[EOL]R13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000[EOL]FS:  0000555556e30300(0000) GS:ffff8880b9d00000(0000)[EOL]knlGS:0000000000000000[EOL]CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033[EOL]CR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0[EOL]DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000[EOL]DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400[EOL]Call Trace:[EOL] <TASK>[EOL] dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264[EOL] get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72[EOL] begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126[EOL] dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164[EOL] dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363[EOL] vfs_ioctl fs/ioctl.c:51 [inline][EOL] __do_sys_ioctl fs/ioctl.c:874 [inline][EOL] __se_sys_ioctl fs/ioctl.c:860 [inline][EOL] __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860[EOL] do_syscall_x64 arch/x86/entry/common.c:50 [inline][EOL] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80[EOL] entry_SYSCALL_64_after_hwframe+0x44/0xae[EOL]RIP: 0033:0x7f62fcf530f9[EOL]Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89[EOL]f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01[EOL]f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48[EOL]RSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010[EOL]RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9[EOL]RDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006[EOL]RBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000[EOL]R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170[EOL]R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000[EOL] </TASK>[EOL][EOL]v2: Dont't forget to deregister if DMA mask setup fails.

CREATE(Triage):(User=lchen-cn) [CVE-2022-49983 (https://nvd.nist.gov/vuln/detail/CVE-2022-49983)