CVE-2022-49133
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdkfd: svm range restore work deadlock when process exit
kfd_process_notifier_release flush svm_range_restore_work which calls svm_range_list_lock_and_flush_work to flush deferred_list work, but if deferred_list work mmput release the last user, it will call exit_mmap -> notifier_release, it is deadlock with below backtrace.
Move flush svm_range_restore_work to kfd_process_wq_release to avoid deadlock. Then svm_range_restore_work take task->mm ref to avoid mm is gone while validating and mapping ranges to GPU.
Workqueue: events svm_range_deferred_list_work [amdgpu] Call Trace: wait_for_completion+0x94/0x100 __flush_work+0x12a/0x1e0 __cancel_work_timer+0x10e/0x190 cancel_delayed_work_sync+0x13/0x20 kfd_process_notifier_release+0x98/0x2a0 [amdgpu] __mmu_notifier_release+0x74/0x1f0 exit_mmap+0x170/0x200 mmput+0x5d/0x130 svm_range_deferred_list_work+0x104/0x230 [amdgpu] process_one_work+0x220/0x3c0
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 42de677f79999791bee4e21be318c32d90ab62c6 < a6be83086e91891081e0589e4b4645bf4643e897 | affected |
| Linux | Linux | 42de677f79999791bee4e21be318c32d90ab62c6 < 858822905f4bf44100d63c5e22e263109976f7cb | affected |
| Linux | Linux | 42de677f79999791bee4e21be318c32d90ab62c6 < 6225bb3a88d22594aacea2485dc28ca12d596721 | affected |
| Linux | Linux | 5.14 | affected |
| Linux | Linux | 0 < 5.14 | unaffected |
| Linux | Linux | 5.16.20 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.3 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a6be83086e91891081e0589e4b4645bf4643e897
- https://git.kernel.org/stable/c/858822905f4bf44100d63c5e22e263109976f7cb
- https://git.kernel.org/stable/c/6225bb3a88d22594aacea2485dc28ca12d596721
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.