CVE-2022-50303

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdkfd: Fix double release compute pasid<br /> <br /> If kfd_process_device_init_vm returns failure after vm is converted to<br /> compute vm and vm-&gt;pasid set to compute pasid, KFD will not take<br /> pdd-&gt;drm_file reference. As a result, drm close file handler maybe<br /> called to release the compute pasid before KFD process destroy worker to<br /> release the same pasid and set vm-&gt;pasid to zero, this generates below<br /> WARNING backtrace and NULL pointer access.<br /> <br /> Add helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step<br /> of kfd_process_device_init_vm, to ensure vm pasid is the original pasid<br /> if acquiring vm failed or is the compute pasid with pdd-&gt;drm_file<br /> reference taken to avoid double release same pasid.<br /> <br /> amdgpu: Failed to create process VM object<br /> ida_free called for id=32770 which is not allocated.<br /> WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140<br /> RIP: 0010:ida_free+0x96/0x140<br /> Call Trace:<br /> amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]<br /> amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]<br /> drm_file_free.part.13+0x216/0x270 [drm]<br /> drm_close_helper.isra.14+0x60/0x70 [drm]<br /> drm_release+0x6e/0xf0 [drm]<br /> __fput+0xcc/0x280<br /> ____fput+0xe/0x20<br /> task_work_run+0x96/0xc0<br /> do_exit+0x3d0/0xc10<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> RIP: 0010:ida_free+0x76/0x140<br /> Call Trace:<br /> amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]<br /> amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]<br /> drm_file_free.part.13+0x216/0x270 [drm]<br /> drm_close_helper.isra.14+0x60/0x70 [drm]<br /> drm_release+0x6e/0xf0 [drm]<br /> __fput+0xcc/0x280<br /> ____fput+0xe/0x20<br /> task_work_run+0x96/0xc0<br /> do_exit+0x3d0/0xc10