[v4,0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration

Message ID	20241008115943.990286-1-ymaman@nvidia.com (mailing list archive)
Headers	show Return-Path: <dri-devel-bounces@lists.freedesktop.org> Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.118.232 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C From: Yonatan Maman <ymaman@nvidia.com> To: <kherbst@redhat.com>, <lyude@redhat.com>, <dakr@redhat.com>, <airlied@gmail.com>, <daniel@ffwll.ch>, <bskeggs@nvidia.com>, <jglisse@redhat.com>, <dri-devel@lists.freedesktop.org>, <nouveau@lists.freedesktop.org> CC: Yonatan Maman <Ymaman@Nvidia.com>, <linux-kernel@vger.kernel.org>, <stable@vger.kernel.org> Subject: [PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration Date: Tue, 8 Oct 2024 14:59:41 +0300 Message-ID: <20241008115943.990286-1-ymaman@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
Series	drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration \| expand [v4,0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration [v4,1/2] nouveau/dmem: Fix privileged error in copy engine channel [v4,2/2] nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

Message ID

20241008115943.990286-1-ymaman@nvidia.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.118.232 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.118.232; helo=mail.nvidia.com; pr=C
From: Yonatan Maman <ymaman@nvidia.com>
To: <kherbst@redhat.com>, <lyude@redhat.com>, <dakr@redhat.com>,
 <airlied@gmail.com>, <daniel@ffwll.ch>, <bskeggs@nvidia.com>,
 <jglisse@redhat.com>, <dri-devel@lists.freedesktop.org>,
 <nouveau@lists.freedesktop.org>
CC: Yonatan Maman <Ymaman@Nvidia.com>, <linux-kernel@vger.kernel.org>,
 <stable@vger.kernel.org>
Subject: [PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device
 Channels configuration
Date: Tue, 8 Oct 2024 14:59:41 +0300
Message-ID: <20241008115943.990286-1-ymaman@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Oct 2024 12:00:11.6247 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 2f5d69eb-3674-4cae-7971-08dce790c345
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.118.232];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 CO1PEPF000044F5.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7168
X-Mailman-Approved-At: Tue, 08 Oct 2024 13:41:08 +0000
X-BeenThere: dri-devel@lists.freedesktop.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Direct Rendering Infrastructure - Development
 <dri-devel.lists.freedesktop.org>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>

Series

drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration | expand

Message

Yonatan Maman Oct. 8, 2024, 11:59 a.m. UTC

From: Yonatan Maman <Ymaman@Nvidia.com>

This patch series addresses two critical issues in the Nouveau driver
related to device channels, error handling, and sensitive data leaks.

- Vulnerability in migrate_to_ram: The migrate_to_ram function might
  return a dirty HIGH_USER page when a copy push command (FW channel)
  fails, potentially exposing sensitive data and posing a security
  risk. To mitigate this, the patch ensures the allocation of a non-dirty
  (zero) page for the destination, preventing the return of a dirty page
  and enhancing driver security in case of failure.

- Privileged Error in Copy Engine Channel: An error was observed when
  the nouveau_dmem_copy_one function is executed, leading to a Host Copy
  Engine Privileged error on channel 1. The patch resolves this by
  adjusting the Copy Engine channel configuration to permit privileged
  push commands, resolving the error.

Changes since V3:
- Fixed version according to Danilo Krummrich's comments.

Yonatan Maman (2):
  nouveau/dmem: Fix privileged error in copy engine channel
  nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

 drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
 drivers/gpu/drm/nouveau/nouveau_drm.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)