Bug 1225700 (CVE-2024-36022)

Summary: VUL-0: CVE-2024-36022: kernel: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Patrik Jakobsson <patrik.jakobsson>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, vasant.karasulli
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/408151/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-36022:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-05-31 08:51:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Init zone device and drm client after mode-1 reset on reload

In passthrough environment, when amdgpu is reloaded after unload, mode-1
is triggered after initializing the necessary IPs, That init does not
include KFD, and KFD init waits until the reset is completed. KFD init
is called in the reset handler, but in this case, the zone device and
drm client is not initialized, causing app to create kernel panic.

v2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.
As the previous version has the potential of creating DRM client twice.

v3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA
before SDMA init. Adding the condition to in drm client creation, on top of v1,
to guard against drm client creation call multiple times.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36022
https://www.cve.org/CVERecord?id=CVE-2024-36022
https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6
https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48
https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-36022.mbox