CVE-2024-36885

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau/firmware: Fix SGDEBUG error with nvkmfirmware_ctor()

Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup:

kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30 Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019 RIP: 0010:sginitone+0x85/0xa0 Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00 RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000 RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000 R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508 R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018 FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0 Call Trace: <TASK> ? die+0x36/0x90 ? dotrap+0xdd/0x100 ? sginitone+0x85/0xa0 ? doerrortrap+0x65/0x80 ? sginitone+0x85/0xa0 ? excinvalidop+0x50/0x70 ? sginitone+0x85/0xa0 ? asmexcinvalidop+0x1a/0x20 ? sginitone+0x85/0xa0 nvkmfirmwarector+0x14a/0x250 [nouveau] nvkmfalconfwctor+0x42/0x70 [nouveau] ga102gspbooterctor+0xb4/0x1a0 [nouveau] r535gsponeinit+0xb3/0x15f0 [nouveau] ? srsoreturnthunk+0x5/0x5f ? srsoreturnthunk+0x5/0x5f ? nvkmudevicenew+0x95/0x140 [nouveau] ? srsoreturnthunk+0x5/0x5f ? srsoreturnthunk+0x5/0x5f ? ktimeget+0x47/0xb0 ? srsoreturnthunk+0x5/0x5f nvkmsubdevoneinit+0x4f/0x120 [nouveau] nvkmsubdevinit+0x39/0x140 [nouveau] ? srsoreturnthunk+0x5/0x5f nvkmsubdevinit+0x44/0x90 [nouveau] nvkmdeviceinit+0x166/0x2e0 [nouveau] nvkmudeviceinit+0x47/0x70 [nouveau] nvkmobjectinit+0x41/0x1c0 [nouveau] nvkmioctlnew+0x16a/0x290 [nouveau] ? pfxnvkmclientchildnew+0x10/0x10 [nouveau] ? _pfxnvkmudevicenew+0x10/0x10 [nouveau] nvkmioctl+0x126/0x290 [nouveau] nvifobjectctor+0x112/0x190 [nouveau] nvifdevicector+0x23/0x60 [nouveau] nouveaucliinit+0x164/0x640 [nouveau] nouveaudrmdeviceinit+0x97/0x9e0 [nouveau] ? srsoreturnthunk+0x5/0x5f ? pciupdatecurrentstate+0x72/0xb0 ? srsoreturnthunk+0x5/0x5f nouveaudrmprobe+0x12c/0x280 [nouveau] ? srsoreturnthunk+0x5/0x5f localpciprobe+0x45/0xa0 pcideviceprobe+0xc7/0x270 reallyprobe+0xe6/0x3a0 _driverprobedevice+0x87/0x160 driverprobedevice+0x1f/0xc0 _driverattach+0xec/0x1f0 ? _pfxdriverattach+0x10/0x10 busforeachdev+0x88/0xd0 busadddriver+0x116/0x220 driverregister+0x59/0x100 ? _pfxnouveaudrminit+0x10/0x10 [nouveau] dooneinitcall+0x5b/0x320 doinitmodule+0x60/0x250 initmodulefromfile+0x86/0xc0 idempotentinitmodule+0x120/0x2b0 _x64sysfinitmodule+0x5e/0xb0 dosyscall64+0x83/0x160 ? srsoreturnthunk+0x5/0x5f entrySYSCALL64afterhwframe+0x71/0x79 RIP: 0033:0x7feeb5cc20cd Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48 RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035 RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310 R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055 ---truncated---