diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2023-09-04 05:01:47 +0000 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2023-09-07 08:22:43 -0700 |
| commit | d14a600a3af60657f18b51487f9f21a48616fc24 (patch) | |
| tree | 1fa4efce497f46e8a321633caffb305e5e1437eb | |
| parent | 0efa5c872f6357f8639310e339d9c5a6f0315f2d (diff) | |
| download | meta-openembedded-d14a600a3af60657f18b51487f9f21a48616fc24.tar.gz | |
hwloc: fix CVE-2022-47022
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause
a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-47022
https://github.com/open-mpi/hwloc/issues/544
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch | 77 | ||||
| -rw-r--r-- | meta-oe/recipes-extended/hwloc/hwloc_2.9.2.bb | 4 |
2 files changed, 80 insertions, 1 deletions
diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch new file mode 100644 index 0000000000..c981b68b70 --- /dev/null +++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch | |||
| @@ -0,0 +1,77 @@ | |||
| 1 | From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Brice Goglin <Brice.Goglin@inria.fr> | ||
| 3 | Date: Thu, 31 Aug 2023 09:28:34 +0000 | ||
| 4 | Subject: [PATCH] linux: handle glibc cpuset allocation failures | ||
| 5 | |||
| 6 | Closes #544 | ||
| 7 | CVE-2022-47022 | ||
| 8 | |||
| 9 | Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr> | ||
| 10 | |||
| 11 | CVE: CVE-2022-47022 | ||
| 12 | |||
| 13 | Upstream-Status: Backport[https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace] | ||
| 14 | |||
| 15 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 16 | --- | ||
| 17 | hwloc/topology-linux.c | 15 ++++++++++++++- | ||
| 18 | 1 file changed, 14 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c | ||
| 21 | index c7b63d2..fd6745e 100644 | ||
| 22 | --- a/hwloc/topology-linux.c | ||
| 23 | +++ b/hwloc/topology-linux.c | ||
| 24 | @@ -870,6 +870,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, | ||
| 25 | |||
| 26 | setsize = CPU_ALLOC_SIZE(last+1); | ||
| 27 | plinux_set = CPU_ALLOC(last+1); | ||
| 28 | + if (!plinux_set) | ||
| 29 | + return -1; | ||
| 30 | |||
| 31 | CPU_ZERO_S(setsize, plinux_set); | ||
| 32 | hwloc_bitmap_foreach_begin(cpu, hwloc_set) | ||
| 33 | @@ -950,7 +952,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology) | ||
| 34 | while (1) { | ||
| 35 | cpu_set_t *set = CPU_ALLOC(nr_cpus); | ||
| 36 | size_t setsize = CPU_ALLOC_SIZE(nr_cpus); | ||
| 37 | - int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ | ||
| 38 | + int err; | ||
| 39 | + if (!set) | ||
| 40 | + return -1; /* caller will return an error, and we'll try again later */ | ||
| 41 | + err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ | ||
| 42 | CPU_FREE(set); | ||
| 43 | nr_cpus = setsize * 8; /* that's the value that was actually tested */ | ||
| 44 | if (!err) | ||
| 45 | @@ -978,8 +983,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, | ||
| 46 | |||
| 47 | /* find the kernel nr_cpus so as to use a large enough cpu_set size */ | ||
| 48 | kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology); | ||
| 49 | + if (kernel_nr_cpus < 0) | ||
| 50 | + return -1; | ||
| 51 | setsize = CPU_ALLOC_SIZE(kernel_nr_cpus); | ||
| 52 | plinux_set = CPU_ALLOC(kernel_nr_cpus); | ||
| 53 | + if (!plinux_set) | ||
| 54 | + return -1; | ||
| 55 | |||
| 56 | err = sched_getaffinity(tid, setsize, plinux_set); | ||
| 57 | |||
| 58 | @@ -1333,6 +1342,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c | ||
| 59 | |||
| 60 | setsize = CPU_ALLOC_SIZE(last+1); | ||
| 61 | plinux_set = CPU_ALLOC(last+1); | ||
| 62 | + if (!plinux_set) | ||
| 63 | + return -1; | ||
| 64 | |||
| 65 | CPU_ZERO_S(setsize, plinux_set); | ||
| 66 | hwloc_bitmap_foreach_begin(cpu, hwloc_set) | ||
| 67 | @@ -1424,6 +1435,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b | ||
| 68 | |||
| 69 | setsize = CPU_ALLOC_SIZE(last+1); | ||
| 70 | plinux_set = CPU_ALLOC(last+1); | ||
| 71 | + if (!plinux_set) | ||
| 72 | + return -1; | ||
| 73 | |||
| 74 | err = pthread_getaffinity_np(tid, setsize, plinux_set); | ||
| 75 | if (err) { | ||
| 76 | -- | ||
| 77 | 2.35.5 | ||
diff --git a/meta-oe/recipes-extended/hwloc/hwloc_2.9.2.bb b/meta-oe/recipes-extended/hwloc/hwloc_2.9.2.bb index 487b7da130..bcb615f73a 100644 --- a/meta-oe/recipes-extended/hwloc/hwloc_2.9.2.bb +++ b/meta-oe/recipes-extended/hwloc/hwloc_2.9.2.bb | |||
| @@ -7,7 +7,9 @@ SECTION = "base" | |||
| 7 | LICENSE = "BSD-3-Clause" | 7 | LICENSE = "BSD-3-Clause" |
| 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=79179bb373cd55cbd834463a514fb714" | 8 | LIC_FILES_CHKSUM = "file://COPYING;md5=79179bb373cd55cbd834463a514fb714" |
| 9 | 9 | ||
| 10 | SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2" | 10 | SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2 \ |
| 11 | file://CVE-2022-47022.patch \ | ||
| 12 | " | ||
| 11 | SRC_URI[sha256sum] = "0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf" | 13 | SRC_URI[sha256sum] = "0a87fdf677f8b00b567d229b6320bf6b25c693edaa43e0b85268d999d6b060cf" |
| 12 | UPSTREAM_CHECK_URI = "https://www.open-mpi.org/software/hwloc/v2.9/" | 14 | UPSTREAM_CHECK_URI = "https://www.open-mpi.org/software/hwloc/v2.9/" |
| 13 | 15 | ||