CVE-2023-52817

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

In certain types of chips, such as VEGA20, reading the amdgpuregssmc file could result in an abnormal null pointer access when the smc_rreg pointer is NULL. Below are the steps to reproduce this issue and the corresponding exception log:

1. Navigate to the directory: /sys/kernel/debug/dri/0
2. Execute command: cat amdgpuregssmc
3. Exception Log:: [4005007.702554] BUG: kernel NULL pointer dereference, address: 0000000000000000 [4005007.702562] #PF: supervisor instruction fetch in kernel mode [4005007.702567] #PF: errorcode(0x0010) - not-present page [4005007.702570] PGD 0 P4D 0 [4005007.702576] Oops: 0010 [#1] SMP NOPTI [4005007.702581] CPU: 4 PID: 62563 Comm: cat Tainted: G OE 5.15.0-43-generic #46-Ubunt u [4005007.702590] RIP: 0010:0x0 [4005007.702598] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. [4005007.702600] RSP: 0018:ffffa82b46d27da0 EFLAGS: 00010206 [4005007.702605] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffa82b46d27e68 [4005007.702609] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff9940656e0000 [4005007.702612] RBP: ffffa82b46d27dd8 R08: 0000000000000000 R09: ffff994060c07980 [4005007.702615] R10: 0000000000020000 R11: 0000000000000000 R12: 00007f5e06753000 [4005007.702618] R13: ffff9940656e0000 R14: ffffa82b46d27e68 R15: 00007f5e06753000 [4005007.702622] FS: 00007f5e0755b740(0000) GS:ffff99479d300000(0000) knlGS:0000000000000000 [4005007.702626] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [4005007.702629] CR2: ffffffffffffffd6 CR3: 00000003253fc000 CR4: 00000000003506e0 [4005007.702633] Call Trace: [4005007.702636] <TASK> [4005007.702640] amdgpudebugfsregssmcread+0xb0/0x120 [amdgpu] [4005007.703002] fullproxyread+0x5c/0x80 [4005007.703011] vfsread+0x9f/0x1a0 [4005007.703019] ksysread+0x67/0xe0 [4005007.703023] _x64sysread+0x19/0x20 [4005007.703028] dosyscall64+0x5c/0xc0 [4005007.703034] ? douseraddrfault+0x1e3/0x670 [4005007.703040] ? exittousermodeprepare+0x37/0xb0 [4005007.703047] ? irqentryexittousermode+0x9/0x20 [4005007.703052] ? irqentryexit+0x19/0x30 [4005007.703057] ? excpagefault+0x89/0x160 [4005007.703062] ? asmexcpagefault+0x8/0x30 [4005007.703068] entrySYSCALL64afterhwframe+0x44/0xae [4005007.703075] RIP: 0033:0x7f5e07672992 [4005007.703079] Code: c0 e9 b2 fe ff ff 50 48 8d 3d fa b2 0c 00 e8 c5 1d 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff ff 77 56 c3 0f 1f 44 00 00 48 83 e c 28 48 89 54 24 [4005007.703083] RSP: 002b:00007ffe03097898 EFLAGS: 00000246 ORIGRAX: 0000000000000000 [4005007.703088] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007f5e07672992 [4005007.703091] RDX: 0000000000020000 RSI: 00007f5e06753000 RDI: 0000000000000003 [4005007.703094] RBP: 00007f5e06753000 R08: 00007f5e06752010 R09: 00007f5e06752010 [4005007.703096] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000022000 [4005007.703099] R13: 0000000000000003 R14: 0000000000020000 R15: 0000000000020000 [4005007.703105] </TASK> [4005007.703107] Modules linked in: nftables libcrc32c nfnetlink algifhash afalg binfmtmisc nls_ iso88591 ipmissif ast intelraplmsr intelraplcommon drmvramhelper drmttmhelper amd64edac t tm edacmceamd kvmamd ccp machid k10temp kvm acpiipmi ipmisi rapl schfqcodel ipmidevintf ipm imsghandler msr parportpc ppdev lp parport mtd pstoreblk efipstore ramoops pstorezone reedsolo mon iptables xtables autofs4 ibuverbs ibcore amdgpu(OE) amddrmttmhelper(OE) amdttm(OE) iommuv 2 amdsched(OE) amdkcl(OE) drmkmshelper syscopyarea sysfillrect sysimgblt fbsysfops cec rccore drm igb ahci xhcipci libahci i2cpiix4 i2calgobit xhcipci_renesas dca [4005007.703184] CR2: 0000000000000000 [4005007.703188] ---[ en ---truncated---