CVE-2024-53116

In the Linux kernel, the following vulnerability has been resolved:

drm/panthor: Fix handling of partial GPU mapping of BOs

This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings.

Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist.

Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 _armlpaeunmap+0x254/0x5a0 <snip> pc : _armlpaeunmap+0x254/0x5a0 lr : _armlpaeunmap+0x2cc/0x5a0 <snip> Call trace: _armlpaeunmap+0x254/0x5a0 _armlpaeunmap+0x108/0x5a0 _armlpaeunmap+0x108/0x5a0 _armlpaeunmap+0x108/0x5a0 armlpaeunmappages+0x80/0xa0 panthorvmunmappages+0xac/0x1c8 [panthor] panthorgpuvasmstepunmap+0x4c/0xc8 [panthor] opunmapcb.isra.23.constprop.30+0x54/0x80 _drmgpuvmsmunmap+0x184/0x1c8 drmgpuvmsmunmap+0x40/0x60 panthorvmexecop+0xa8/0x120 [panthor] panthorvmbindexecsyncop+0xc4/0xe8 [panthor] panthorioctlvmbind+0x10c/0x170 [panthor] drmioctlkernel+0xbc/0x138 drmioctl+0x210/0x4b0 _arm64sysioctl+0xb0/0xf8 invokesyscall+0x4c/0x110 el0svccommon.constprop.1+0x98/0xf8 doel0svc+0x24/0x38 el0svc+0x34/0xc8 el0t64synchandler+0xa0/0xc8 el0t64sync+0x174/0x178 <snip> panthor : [drm] drmWARNON(unmappedsz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthormmu.c:922 panthorvmunmappages+0x124/0x1c8 [panthor] <snip> pc : panthorvmunmappages+0x124/0x1c8 [panthor] lr : panthorvmunmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] ERROR failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000)