Executive Summary

This vulnerability in the Linux kernel relates to the drm/tests subsystem, specifically the shmem (shared memory) component. The issue was that the GEM object's reservation lock was not properly held around the purge operation, which could lead to errors during execution. The fix involved acquiring and releasing the GEM object's reservation lock around calls to the purge operation to prevent such errors.

Additionally, a new helper function drm_gem_shmem_purge() was introduced exclusively for Kunit tests and is not intended as an interface for regular drivers.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability could cause errors in the GPU DRM subsystem related to shared memory purging operations, potentially leading to instability or unexpected behavior in the graphics driver tests. However, since the issue is related to test code and internal locking mechanisms, it is unlikely to directly impact regular driver operation or end users.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability manifests as errors related to the drm_gem_shmem_purge_locked() function in the Linux kernel's DRM subsystem.

You can detect it by checking your system logs for warnings similar to the following message:

• [ 58.709128] WARNING: CPU: 1 PID: 1354 at drivers/gpu/drm/drm_gem_shmem_helper.c:515 drm_gem_shmem_purge_locked+0x51c/0x740

To search for this in your logs, you can use commands like:

• dmesg | grep drm_gem_shmem_purge_locked
• journalctl -k | grep drm_gem_shmem_purge_locked

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability has been resolved by acquiring and releasing the GEM object's reservation lock around calls to the object's purge operation.

Immediate mitigation steps include updating your Linux kernel to a version that includes this fix.

Avoid using the drm_gem_shmem_purge_locked() function directly in drivers, as the new helper drm_gem_shmem_purge() is intended only for Kunit tests and not for regular drivers.

Useful 0 Not Useful 0