| Message ID | 20190529135221.4819-1-tjaalton@ubuntu.com |
|---|---|
| Headers | show |
| Series | CVE-2019-11085: drm/i915 privilege escalation via local access | expand |
On 5/29/19 3:52 PM, Timo Aaltonen wrote: > https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11085.html > > Insufficient input validation in Kernel Mode Driver in Intel(R) i915 > Graphics for Linux before version 5.0 may allow an authenticated user to > potentially enable escalation of privilege via local access. > > Clean cherry-pick and build. I haven't been able to test it yet, but this commit is in > 5.0 and there are no followup commits to it since, so it shouldn't regress anything. > > > Zhenyu Wang (1): > drm/i915/gvt: Fix mmap range check > > drivers/gpu/drm/i915/gvt/kvmgt.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > Applied to bionic and cosmic master-next branches. Thanks, Kleber
It looks like commit 638294e56494 ("drm/i915/gvt: Fix mmap range check")
in bionic (applied for CVE-2019-11085) introduced the following build
error:
drivers/gpu/drm/i915/gvt/kvmgt.c:844:7: error: implicit declaration of function 'intel_vgpu_in_aperture'
To fix this error we need to backport two additional upstream commits:
73ebd503034c ("drm/i915: make mappable struct resource centric")
d480b28a41a6 ("drm/i915/gvt: Fix aperture read/write emulation when enable x-no-mmap=on")
NOTE: only build-tested on amd64, I haven't tried to boot the kernel and
test if the affected driver is actually working.
drivers/gpu/drm/i915/gvt/cfg_space.c | 15 +--------
drivers/gpu/drm/i915/gvt/gvt.h | 3 +-
drivers/gpu/drm/i915/gvt/kvmgt.c | 36 ++++++++++++++++++++--
drivers/gpu/drm/i915/gvt/mmio.c | 44 ---------------------------
drivers/gpu/drm/i915/i915_drv.c | 2 +-
drivers/gpu/drm/i915/i915_gem.c | 8 ++---
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +-
drivers/gpu/drm/i915/i915_gem_gtt.c | 29 ++++++++++++------
drivers/gpu/drm/i915/i915_gem_gtt.h | 4 +--
drivers/gpu/drm/i915/i915_gpu_error.c | 2 +-
drivers/gpu/drm/i915/i915_vma.c | 2 +-
drivers/gpu/drm/i915/intel_display.c | 2 +-
drivers/gpu/drm/i915/intel_overlay.c | 4 +--
drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +--
drivers/gpu/drm/i915/selftests/mock_gtt.c | 4 +--
15 files changed, 72 insertions(+), 89 deletions(-)
On 11.06.19 10:33, Andrea Righi wrote: > It looks like commit 638294e56494 ("drm/i915/gvt: Fix mmap range check") > in bionic (applied for CVE-2019-11085) introduced the following build > error: > > drivers/gpu/drm/i915/gvt/kvmgt.c:844:7: error: implicit declaration of function 'intel_vgpu_in_aperture' > > To fix this error we need to backport two additional upstream commits: > > 73ebd503034c ("drm/i915: make mappable struct resource centric") > d480b28a41a6 ("drm/i915/gvt: Fix aperture read/write emulation when enable x-no-mmap=on") > > NOTE: only build-tested on amd64, I haven't tried to boot the kernel and > test if the affected driver is actually working. > > drivers/gpu/drm/i915/gvt/cfg_space.c | 15 +-------- > drivers/gpu/drm/i915/gvt/gvt.h | 3 +- > drivers/gpu/drm/i915/gvt/kvmgt.c | 36 ++++++++++++++++++++-- > drivers/gpu/drm/i915/gvt/mmio.c | 44 --------------------------- > drivers/gpu/drm/i915/i915_drv.c | 2 +- > drivers/gpu/drm/i915/i915_gem.c | 8 ++--- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- > drivers/gpu/drm/i915/i915_gem_gtt.c | 29 ++++++++++++------ > drivers/gpu/drm/i915/i915_gem_gtt.h | 4 +-- > drivers/gpu/drm/i915/i915_gpu_error.c | 2 +- > drivers/gpu/drm/i915/i915_vma.c | 2 +- > drivers/gpu/drm/i915/intel_display.c | 2 +- > drivers/gpu/drm/i915/intel_overlay.c | 4 +-- > drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +-- > drivers/gpu/drm/i915/selftests/mock_gtt.c | 4 +-- > 15 files changed, 72 insertions(+), 89 deletions(-) > > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On 11.06.19 10:33, Andrea Righi wrote: > It looks like commit 638294e56494 ("drm/i915/gvt: Fix mmap range check") > in bionic (applied for CVE-2019-11085) introduced the following build > error: > > drivers/gpu/drm/i915/gvt/kvmgt.c:844:7: error: implicit declaration of function 'intel_vgpu_in_aperture' > > To fix this error we need to backport two additional upstream commits: > > 73ebd503034c ("drm/i915: make mappable struct resource centric") > d480b28a41a6 ("drm/i915/gvt: Fix aperture read/write emulation when enable x-no-mmap=on") > > NOTE: only build-tested on amd64, I haven't tried to boot the kernel and > test if the affected driver is actually working. > > drivers/gpu/drm/i915/gvt/cfg_space.c | 15 +-------- > drivers/gpu/drm/i915/gvt/gvt.h | 3 +- > drivers/gpu/drm/i915/gvt/kvmgt.c | 36 ++++++++++++++++++++-- > drivers/gpu/drm/i915/gvt/mmio.c | 44 --------------------------- > drivers/gpu/drm/i915/i915_drv.c | 2 +- > drivers/gpu/drm/i915/i915_gem.c | 8 ++--- > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 2 +- > drivers/gpu/drm/i915/i915_gem_gtt.c | 29 ++++++++++++------ > drivers/gpu/drm/i915/i915_gem_gtt.h | 4 +-- > drivers/gpu/drm/i915/i915_gpu_error.c | 2 +- > drivers/gpu/drm/i915/i915_vma.c | 2 +- > drivers/gpu/drm/i915/intel_display.c | 2 +- > drivers/gpu/drm/i915/intel_overlay.c | 4 +-- > drivers/gpu/drm/i915/selftests/i915_gem_gtt.c | 4 +-- > drivers/gpu/drm/i915/selftests/mock_gtt.c | 4 +-- > 15 files changed, 72 insertions(+), 89 deletions(-) > > Applied to bionic/master-next. Thanks. -Stefan