[PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration

Yonatan Maman posted 2 patches 1 month, 2 weeks ago
drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
drivers/gpu/drm/nouveau/nouveau_drm.c  | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
[PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration
Posted by Yonatan Maman 1 month, 2 weeks ago
From: Yonatan Maman <Ymaman@Nvidia.com>

This patch series addresses two critical issues in the Nouveau driver
related to device channels, error handling, and sensitive data leaks.

- Vulnerability in migrate_to_ram: The migrate_to_ram function might
  return a dirty HIGH_USER page when a copy push command (FW channel)
  fails, potentially exposing sensitive data and posing a security
  risk. To mitigate this, the patch ensures the allocation of a non-dirty
  (zero) page for the destination, preventing the return of a dirty page
  and enhancing driver security in case of failure.

- Privileged Error in Copy Engine Channel: An error was observed when
  the nouveau_dmem_copy_one function is executed, leading to a Host Copy
  Engine Privileged error on channel 1. The patch resolves this by
  adjusting the Copy Engine channel configuration to permit privileged
  push commands, resolving the error.

Changes since V3:
- Fixed version according to Danilo Krummrich's comments.

Yonatan Maman (2):
  nouveau/dmem: Fix privileged error in copy engine channel
  nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

 drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
 drivers/gpu/drm/nouveau/nouveau_drm.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

-- 
2.34.1
Re: [PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration
Posted by Danilo Krummrich 1 month, 2 weeks ago
On Tue, Oct 08, 2024 at 02:59:41PM +0300, Yonatan Maman wrote:
> From: Yonatan Maman <Ymaman@Nvidia.com>
> 
> This patch series addresses two critical issues in the Nouveau driver
> related to device channels, error handling, and sensitive data leaks.
> 
> - Vulnerability in migrate_to_ram: The migrate_to_ram function might
>   return a dirty HIGH_USER page when a copy push command (FW channel)
>   fails, potentially exposing sensitive data and posing a security
>   risk. To mitigate this, the patch ensures the allocation of a non-dirty
>   (zero) page for the destination, preventing the return of a dirty page
>   and enhancing driver security in case of failure.
> 
> - Privileged Error in Copy Engine Channel: An error was observed when
>   the nouveau_dmem_copy_one function is executed, leading to a Host Copy
>   Engine Privileged error on channel 1. The patch resolves this by
>   adjusting the Copy Engine channel configuration to permit privileged
>   push commands, resolving the error.
> 
> Changes since V3:
> - Fixed version according to Danilo Krummrich's comments.
> 
> Yonatan Maman (2):
>   nouveau/dmem: Fix privileged error in copy engine channel
>   nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

Applied to drm-misc-fixes, thanks!