hwloc: fix CVE-2022-47022

An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. References: https://nvd.nist.gov/vuln/detail/CVE-2022-47022 https://github.com/open-mpi/hwloc/issues/544 Upstream patches: https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Polampalli, Archana <archana.polampalli@windriver.com> 2023-08-30 09:21:58 +0000
committer: Armin Kuster <akuster808@gmail.com> 2023-08-31 09:10:29 -0400
commit: c5a65353e194dc51422c652fd63466329a4324a5 (patch)
tree: 98ce9fd1a110c7e5c04a67666f2a1f04c6429f53
parent: 3862ca8fe196e4bbb4794d9f24ac2da7a7546ea3 (diff)
download: meta-openembedded-c5a65353e194dc51422c652fd63466329a4324a5.tar.gz
2 files changed, 79 insertions, 1 deletions
diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
new file mode 100644
index 0000000000..1925e2605d
--- /dev/null
+++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
@@ -0,0 +1,76 @@
+From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001
+From: Brice Goglin <Brice.Goglin@inria.fr>
+Date: Wed, 23 Aug 2023 19:52:47 +0200
+Subject: [PATCH] linux: handle glibc cpuset allocation failures
+Closes #544
+CVE-2022-47022
+CVE: CVE-2022-47022
+Upstream-Status: Backport [https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace]
+Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ hwloc/topology-linux.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
+index 3f059465d..030076e7f 100644
+--- a/hwloc/topology-linux.c
+++ b/hwloc/topology-linux.c
+@@ -878,6 +878,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+   setsize = CPU_ALLOC_SIZE(last+1);
+   plinux_set = CPU_ALLOC(last+1);
+  if (!plinux_set)
+    return -1;
+   CPU_ZERO_S(setsize, plinux_set);
+   hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -958,7 +960,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology)
+   while (1) {
+     cpu_set_t *set = CPU_ALLOC(nr_cpus);
+     size_t setsize = CPU_ALLOC_SIZE(nr_cpus);
+-    int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
+    int err;
+    if (!set)
+      return -1; /* caller will return an error, and we'll try again later */
+    err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
+     CPU_FREE(set);
+     nr_cpus = setsize * 8; /* that's the value that was actually tested */
+     if (!err)
+@@ -986,8 +991,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
+   /* find the kernel nr_cpus so as to use a large enough cpu_set size */
+   kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology);
+  if (kernel_nr_cpus < 0)
+    return -1;
+   setsize = CPU_ALLOC_SIZE(kernel_nr_cpus);
+   plinux_set = CPU_ALLOC(kernel_nr_cpus);
+  if (!plinux_set)
+    return -1;
+   err = sched_getaffinity(tid, setsize, plinux_set);
+@@ -1341,6 +1350,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
+     if (!plinux_set)
+       return -1;
+      CPU_ZERO_S(setsize, plinux_set);
+      hwloc_bitmap_foreach_begin(cpu, hwloc_set)
+@@ -1432,6 +1443,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b
+      setsize = CPU_ALLOC_SIZE(last+1);
+      plinux_set = CPU_ALLOC(last+1);
+     if (!plinux_set)
+       return -1;
+      err = pthread_getaffinity_np(tid, setsize, plinux_set);
+      if (err) {
+--
+2.40.0
diff --git a/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb b/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb
index 51ceb4c262..ee766c8391 100644
--- a/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb
+++ b/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb
@@ -7,7 +7,9 @@ SECTION = "base"
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://COPYING;md5=79179bb373cd55cbd834463a514fb714"
-SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2"
+SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2 \
+           file://CVE-2022-47022.patch \
+          "
 SRC_URI[sha256sum] = "2070e963596a2421b9af8eca43bdec113ee1107aaf7ccb475d4d3767a8856887"
 UPSTREAM_CHECK_URI = "https://www.open-mpi.org/software/hwloc/v2.9/"
author	Polampalli, Archana <archana.polampalli@windriver.com>	2023-08-30 09:21:58 +0000
committer	Armin Kuster <akuster808@gmail.com>	2023-08-31 09:10:29 -0400
commit	c5a65353e194dc51422c652fd63466329a4324a5 (patch)
tree	98ce9fd1a110c7e5c04a67666f2a1f04c6429f53
parent	3862ca8fe196e4bbb4794d9f24ac2da7a7546ea3 (diff)
download	meta-openembedded-c5a65353e194dc51422c652fd63466329a4324a5.tar.gz

diff --git a/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch new file mode 100644 index 0000000000..1925e2605d --- /dev/null +++ b/meta-oe/recipes-extended/hwloc/files/CVE-2022-47022.patch
@@ -0,0 +1,76 @@
		1	From ac1f8db9a0790d2bf153711ff4cbf6101f89aace Mon Sep 17 00:00:00 2001
		2	From: Brice Goglin <Brice.Goglin@inria.fr>
		3	Date: Wed, 23 Aug 2023 19:52:47 +0200
		4	Subject: [PATCH] linux: handle glibc cpuset allocation failures
		5
		6	Closes #544
		7	CVE-2022-47022
		8
		9	CVE: CVE-2022-47022
		10
		11	Upstream-Status: Backport [https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace]
		12
		13	Signed-off-by: Brice Goglin <Brice.Goglin@inria.fr>
		14	Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
		15	---
		16	hwloc/topology-linux.c \| 15 ++++++++++++++-
		17	1 file changed, 14 insertions(+), 1 deletion(-)
		18
		19	diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c
		20	index 3f059465d..030076e7f 100644
		21	--- a/hwloc/topology-linux.c
		22	+++ b/hwloc/topology-linux.c
		23	@@ -878,6 +878,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
		24
		25	setsize = CPU_ALLOC_SIZE(last+1);
		26	plinux_set = CPU_ALLOC(last+1);
		27	+ if (!plinux_set)
		28	+ return -1;
		29
		30	CPU_ZERO_S(setsize, plinux_set);
		31	hwloc_bitmap_foreach_begin(cpu, hwloc_set)
		32	@@ -958,7 +960,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology)
		33	while (1) {
		34	cpu_set_t *set = CPU_ALLOC(nr_cpus);
		35	size_t setsize = CPU_ALLOC_SIZE(nr_cpus);
		36	- int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
		37	+ int err;
		38	+ if (!set)
		39	+ return -1; /* caller will return an error, and we'll try again later */
		40	+ err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */
		41	CPU_FREE(set);
		42	nr_cpus = setsize * 8; /* that's the value that was actually tested */
		43	if (!err)
		44	@@ -986,8 +991,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused,
		45
		46	/* find the kernel nr_cpus so as to use a large enough cpu_set size */
		47	kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology);
		48	+ if (kernel_nr_cpus < 0)
		49	+ return -1;
		50	setsize = CPU_ALLOC_SIZE(kernel_nr_cpus);
		51	plinux_set = CPU_ALLOC(kernel_nr_cpus);
		52	+ if (!plinux_set)
		53	+ return -1;
		54
		55	err = sched_getaffinity(tid, setsize, plinux_set);
		56
		57	@@ -1341,6 +1350,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c
		58
		59	setsize = CPU_ALLOC_SIZE(last+1);
		60	plinux_set = CPU_ALLOC(last+1);
		61	+ if (!plinux_set)
		62	+ return -1;
		63
		64	CPU_ZERO_S(setsize, plinux_set);
		65	hwloc_bitmap_foreach_begin(cpu, hwloc_set)
		66	@@ -1432,6 +1443,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b
		67
		68	setsize = CPU_ALLOC_SIZE(last+1);
		69	plinux_set = CPU_ALLOC(last+1);
		70	+ if (!plinux_set)
		71	+ return -1;
		72
		73	err = pthread_getaffinity_np(tid, setsize, plinux_set);
		74	if (err) {
		75	--
		76	2.40.0


diff --git a/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb b/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb index 51ceb4c262..ee766c8391 100644 --- a/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb +++ b/meta-oe/recipes-extended/hwloc/hwloc_2.9.0.bb
@@ -7,7 +7,9 @@ SECTION = "base"
7	LICENSE = "BSD-3-Clause"	7	LICENSE = "BSD-3-Clause"
8	LIC_FILES_CHKSUM = "file://COPYING;md5=79179bb373cd55cbd834463a514fb714"	8	LIC_FILES_CHKSUM = "file://COPYING;md5=79179bb373cd55cbd834463a514fb714"
9		9
10	SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2"	10	SRC_URI = "https://www.open-mpi.org/software/${BPN}/v2.9/downloads/${BP}.tar.bz2 \
		11	file://CVE-2022-47022.patch \
		12	"
11	SRC_URI[sha256sum] = "2070e963596a2421b9af8eca43bdec113ee1107aaf7ccb475d4d3767a8856887"	13	SRC_URI[sha256sum] = "2070e963596a2421b9af8eca43bdec113ee1107aaf7ccb475d4d3767a8856887"
12	UPSTREAM_CHECK_URI = "https://www.open-mpi.org/software/hwloc/v2.9/"	14	UPSTREAM_CHECK_URI = "https://www.open-mpi.org/software/hwloc/v2.9/"
13		15