CVE-2024-56594

In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: set the right AMDGPU sg segment limitation

The driver needs to set the correct maxsegmentsize; otherwise debugdmamap_sg() will complain about the over-mapping of the AMDGPU sg length as following:

WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debugdmamapsg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drmexec gpusched drmbuddy drmttmhelper ttm(OE) drmsuballochelper drmdisplayhelper drmkmshelper i2calgobit rpcsecgsskrb5 authrpcgss nfsv4 nfs lockd grace netfs xtconntrack xtMASQUERADE nfconntracknetlink xfrmuser xfrmalgo iptablenat xtaddrtype iptablefilter brnetfilter nvmefabrics overlay nfnetlinkcttimeout nfnetlink openvswitch nsh nfconncount nfnat nfconntrack nfdefragipv6 nfdefragipv4 libcrc32c bridge stp llc amdatl intelraplmsr intelraplcommon sunrpc schfqcodel sndhdacodecrealtek sndhdacodecgeneric sndhdascodeccomponent sndhdacodechdmi sndhdaintel sndinteldspcfg edacmceamd binfmtmisc sndhdacodec sndpciacp6x sndhdacore sndacpconfig sndhwdep sndsocacpi kvmamd sndpcm kvm sndseqmidi sndseqmidievent crct10difpclmul ghashclmulniintel sha512ssse3 sndrawmidi sha256ssse3 sha1ssse3 aesniintel sndseq nlsiso88591 cryptosimd sndseqdevice cryptd sndtimer rapl inputleds snd [ 364.049532] ipmidevintf wmibmof ccp serioraw k10temp sp5100tco soundcore ipmimsghandler cm32181 industrialio machid msr parportpc ppdev lp parport drm efipstore iptables xtables pcistub crc32pclmul nvme ahci libahci i2cpiix4 r8169 nvmecore i2cdesignwarepci realtek i2cccgxucsi video wmi hidgeneric cdcether usbnet usbhid hid r8152 mii [ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492 [ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 364.049582] RIP: 0010:debugdmamapsg+0x2dc/0x370 [ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05 [ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286 [ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027 [ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680 [ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930 [ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000 [ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800 [ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000 [ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0 [ 364.049605] Call Trace: [ 364.049607] <TASK> [ 364.049609] ? showregs+0x6d/0x80 [ 364.049614] ? _warn+0x8c/0x140 [ 364.049618] ? debugdmamapsg+0x2dc/0x370 [ 364.049621] ? reportbug+0x193/0x1a0 [ 364.049627] ? handlebug+0x46/0x80 [ 364.049631] ? excinvalidop+0x1d/0x80 [ 364.049635] ? asmexcinvalidop+0x1f/0x30 [ 364.049642] ? debugdmamapsg+0x2dc/0x370 [ 364.049647] _dmamapsgattrs+0x90/0xe0 [ 364.049651] dmamapsgtable+0x25/0x40 [ 364.049654] amdgpubomove+0x59a/0x850 [amdgpu] [ 364.049935] ? srsoreturnthunk+0x5/0x5f [ 364.049939] ? amdgputtmttpopulate+0x5d/0xc0 [amdgpu] [ 364.050095] ttmbohandlemovemem+0xc3/0x180 [ttm] [ 364.050103] ttmbovalidate+0xc1/0x160 [ttm] [ 364.050108] ? amdgputtmttgetuserpages+0xe5/0x1b0 [amdgpu] [ 364.050263] amdgpuamdkfdgpuvmallocmemoryofgpu+0xa12/0xc90 [amdgpu] [ 364.050473] kfdioctlallocmemoryofgpu+0x16b/0x3b0 [amdgpu] [ 364.050680] kfdioctl+0x3c2/0x530 [amdgpu] [ 364.050866] ? _pfxkfdioctlallocmemoryof_gpu+0x10/0x10 [amdgpu] [ 364.05105 ---truncated---