Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Improve page fault error reporting
If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer derefence (see below sample log).
Lets check whether domain is setup or not and log appropriate message.
Sample log:
amdgpu 0000:00:01.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 6
BUG: kernel NULL pointer dereference, address: 0000000000000058
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 56 Comm: irq/24-AMD-Vi Not tainted 6.2.0-rc2+ #89
Hardware name: xxx
RIP: 0010:report_iommu_fault+0x11/0x90
[…]
Call Trace:
[joro: Edit commit message]
Details
- Affected product:
- AlmaLinux 9.2 ESU
- Affected packages:
- kernel @ 5.14.0
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Improve page fault error reporting
If IOMMU domain for device group is not setup properly then we may hit IOMMU page fault. Current page fault handler assumes that domain is always setup and it will hit NULL pointer derefence (see below sample log).
Lets check whether domain is setup or not and log appropriate message.
Sample log:
amdgpu 0000:00:01.0: amdgpu: SE 1, SH per SE 1, CU per SH 8, active_cu_number 6
BUG: kernel NULL pointer dereference, address: 0000000000000058
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 2 PID: 56 Comm: irq/24-AMD-Vi Not tainted 6.2.0-rc2+ #89
Hardware name: xxx
RIP: 0010:report_iommu_fault+0x11/0x90
[…]
Call Trace:
[joro: Edit commit message]