Bug 2323928 (CVE-2024-50090) - CVE-2024-50090 kernel: drm/xe/oa: Fix overflow in oa batch buffer
Summary: CVE-2024-50090 kernel: drm/xe/oa: Fix overflow in oa batch buffer
Keywords:
Status: NEW
Alias: CVE-2024-50090
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2324031
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-05 18:02 UTC by OSIDB Bzimport
Modified: 2024-11-05 22:17 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-11-05 18:02:45 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/xe/oa: Fix overflow in oa batch buffer

By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch
buffer, this is not a problem if batch buffer is only used once but
oa reuses the batch buffer for the same metric and at each call
it appends a MI_BATCH_BUFFER_END, printing the warning below and then
overflowing.

[  381.072016] ------------[ cut here ]------------
[  381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed!
               platform: LUNARLAKE subplatform: 1
               graphics: Xe2_LPG / Xe2_HPG 20.04 step B0
               media: Xe2_LPM / Xe2_HPM 20.00 step B0
               tile: 0 VRAM 0 B
               GT: 0 type 1

So here checking if batch buffer already have MI_BATCH_BUFFER_END if
not append it.

v2:
- simply fix, suggestion from Ashutosh

(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)
Comment 1 Robb Gatica 2024-11-05 21:14:31 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110551-CVE-2024-50090-2727@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.