CVE-2022-50628

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/gud: Fix UBSAN warning<br /> <br /> UBSAN complains about invalid value for bool:<br /> <br /> [ 101.165172] [drm] Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1<br /> [ 101.213360] gud 2-3.2:1.0: [drm] fb1: guddrmfb frame buffer device<br /> [ 101.213426] usbcore: registered new interface driver gud<br /> [ 101.989431] ================================================================================<br /> [ 101.989441] UBSAN: invalid-load in linux/include/linux/iosys-map.h:253:9<br /> [ 101.989447] load of value 121 is not a valid value for type &amp;#39;_Bool&amp;#39;<br /> [ 101.989451] CPU: 1 PID: 455 Comm: kworker/1:6 Not tainted 5.18.0-rc5-gud-5.18-rc5 #3<br /> [ 101.989456] Hardware name: Hewlett-Packard HP EliteBook 820 G1/1991, BIOS L71 Ver. 01.44 04/12/2018<br /> [ 101.989459] Workqueue: events_long gud_flush_work [gud]<br /> [ 101.989471] Call Trace:<br /> [ 101.989474] <br /> [ 101.989479] dump_stack_lvl+0x49/0x5f<br /> [ 101.989488] dump_stack+0x10/0x12<br /> [ 101.989493] ubsan_epilogue+0x9/0x3b<br /> [ 101.989498] __ubsan_handle_load_invalid_value.cold+0x44/0x49<br /> [ 101.989504] dma_buf_vmap.cold+0x38/0x3d<br /> [ 101.989511] ? find_busiest_group+0x48/0x300<br /> [ 101.989520] drm_gem_shmem_vmap+0x76/0x1b0 [drm_shmem_helper]<br /> [ 101.989528] drm_gem_shmem_object_vmap+0x9/0xb [drm_shmem_helper]<br /> [ 101.989535] drm_gem_vmap+0x26/0x60 [drm]<br /> [ 101.989594] drm_gem_fb_vmap+0x47/0x150 [drm_kms_helper]<br /> [ 101.989630] gud_prep_flush+0xc1/0x710 [gud]<br /> [ 101.989639] ? _raw_spin_lock+0x17/0x40<br /> [ 101.989648] gud_flush_work+0x1e0/0x430 [gud]<br /> [ 101.989653] ? __switch_to+0x11d/0x470<br /> [ 101.989664] process_one_work+0x21f/0x3f0<br /> [ 101.989673] worker_thread+0x200/0x3e0<br /> [ 101.989679] ? rescuer_thread+0x390/0x390<br /> [ 101.989684] kthread+0xfd/0x130<br /> [ 101.989690] ? kthread_complete_and_exit+0x20/0x20<br /> [ 101.989696] ret_from_fork+0x22/0x30<br /> [ 101.989706] <br /> [ 101.989708] ================================================================================<br /> <br /> The source of this warning is in iosys_map_clear() called from<br /> dma_buf_vmap(). It conditionally sets values based on map-&gt;is_iomem. The<br /> iosys_map variables are allocated uninitialized on the stack leading to<br /> -&gt;is_iomem having all kinds of values and not only 0/1.<br /> <br /> Fix this by zeroing the iosys_map variables.