CVE-2022-49983

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> udmabuf: Set the DMA mask for the udmabuf device (v2)<br /> <br /> If the DMA mask is not set explicitly, the following warning occurs<br /> when the userspace tries to access the dma-buf via the CPU as<br /> reported by syzbot here:<br /> <br /> WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188<br /> __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188<br /> Modules linked in:<br /> CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted<br /> 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS<br /> Google 01/01/2011<br /> RIP: 0010:__dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188<br /> Code: 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 75 71 4c 8b 3d c0<br /> 83 b5 0d e9 db fe ff ff e8 b6 0f 13 00 0f 0b e8 af 0f 13 00 0b 45<br /> 31 e4 e9 54 ff ff ff e8 a0 0f 13 00 49 8d 7f 50 48 b8 00<br /> RSP: 0018:ffffc90002a07d68 EFLAGS: 00010293<br /> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000<br /> RDX: ffff88807e25e2c0 RSI: ffffffff81649e91 RDI: ffff88801b848408<br /> RBP: ffff88801b848000 R08: 0000000000000002 R09: ffff88801d86c74f<br /> R10: ffffffff81649d72 R11: 0000000000000001 R12: 0000000000000002<br /> R13: ffff88801d86c680 R14: 0000000000000001 R15: 0000000000000000<br /> FS: 0000555556e30300(0000) GS:ffff8880b9d00000(0000)<br /> knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00000000200000cc CR3: 000000001d74a000 CR4: 00000000003506e0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> <br /> dma_map_sgtable+0x70/0xf0 kernel/dma/mapping.c:264<br /> get_sg_table.isra.0+0xe0/0x160 drivers/dma-buf/udmabuf.c:72<br /> begin_cpu_udmabuf+0x130/0x1d0 drivers/dma-buf/udmabuf.c:126<br /> dma_buf_begin_cpu_access+0xfd/0x1d0 drivers/dma-buf/dma-buf.c:1164<br /> dma_buf_ioctl+0x259/0x2b0 drivers/dma-buf/dma-buf.c:363<br /> vfs_ioctl fs/ioctl.c:51 [inline]<br /> __do_sys_ioctl fs/ioctl.c:874 [inline]<br /> __se_sys_ioctl fs/ioctl.c:860 [inline]<br /> __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:860<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> RIP: 0033:0x7f62fcf530f9<br /> Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89<br /> f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 3d 01<br /> f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48<br /> RSP: 002b:00007ffe3edab9b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010<br /> RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f62fcf530f9<br /> RDX: 0000000020000200 RSI: 0000000040086200 RDI: 0000000000000006<br /> RBP: 00007f62fcf170e0 R08: 0000000000000000 R09: 0000000000000000<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 00007f62fcf17170<br /> R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000<br /> <br /> <br /> v2: Dont&amp;#39;t forget to deregister if DMA mask setup fails.