Mustafa Kemal Gilor has proposed merging ~mustafakemalgilor/ubuntu/+source/xorg-server:bugfix/lp2007746-ubuntu-focal into ubuntu/+source/xorg-server:ubuntu/focal-devel.
Requested reviews: Ubuntu-X (ubuntu-x-swat) Related bugs: Bug #2007746 in xorg-server (Ubuntu): "[SRU] xserver crashes when hyperv_drm kernel module is loaded on azure NV series instances w/ nvidia grid driver" https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/2007746 For more details, see: https://code.launchpad.net/~mustafakemalgilor/ubuntu/+source/xorg-server/+git/xorg-server/+merge/437541 Backported a fix from upstream to focal for the LP issue #2007746: * d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev NULL deref (LP: #2007746) Please tag & sponsor. Steps to reproduce/test: See [ Test Plan ] section of the LP issue #2007746. -- Your team Ubuntu-X is requested to review the proposed merge of ~mustafakemalgilor/ubuntu/+source/xorg-server:bugfix/lp2007746-ubuntu-focal into ubuntu/+source/xorg-server:ubuntu/focal-devel.
diff --git a/debian/changelog b/debian/changelog index a568b1c..ae0bfd1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +xorg-server (2:1.20.13-1ubuntu1~20.04.6ubuntu1) focal; urgency=medium + + * d/p/lp2007746-fix-pdev-null-deref.patch: fix potential pdev null + deref in xf86platformBus.c (LP: #2007746) + + -- Mustafa Kemal GILOR <mustafa.gi...@canonical.com> Sat, 18 Feb 2023 15:17:01 +0300 + xorg-server (2:1.20.13-1ubuntu1~20.04.6) focal-security; urgency=medium * SECURITY UPDATE: DeepCopyPointerClasses use-after-free diff --git a/debian/patches/lp2007746-fix-pdev-null-deref.patch b/debian/patches/lp2007746-fix-pdev-null-deref.patch new file mode 100644 index 0000000..e51588c --- /dev/null +++ b/debian/patches/lp2007746-fix-pdev-null-deref.patch @@ -0,0 +1,55 @@ +From 0d93bbfa2cfacbb73741f8bed0e32fa1a656b928 Mon Sep 17 00:00:00 2001 +From: Povilas Kanapickas <povi...@radix.lt> +Date: Fri, 26 Mar 2021 00:51:02 +0200 +Subject: [PATCH] xfree86: Fix potentially NULL reference to platform device's + PCI device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +xf86_platform_devices[i].pdev may be NULL in cases we fail to parse the +busid in config_udev_odev_setup_attribs() (see also [1], [2]) such as +when udev does not give use ID_PATH. This in turn leads to +platform_find_pci_info() being not called and pdev being NULL. + +[1]: https://gitlab.freedesktop.org/xorg/xserver/-/issues/993 +[2]: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1076 + +Reviewed-by: Zoltán Böszörményi <zbos...@gmail.com> +Signed-off-by: Povilas Kanapickas <povi...@radix.lt> +--- + hw/xfree86/common/xf86platformBus.c | 10 ++++++---- + hw/xfree86/os-support/linux/lnx_platform.c | 3 +++ + 2 files changed, 9 insertions(+), 4 deletions(-) + +--- a/hw/xfree86/common/xf86platformBus.c ++++ b/hw/xfree86/common/xf86platformBus.c +@@ -365,10 +365,12 @@ + break; + case BUS_PCI: + for (i = 0; i < xf86_num_platform_devices; i++) { +- if (MATCH_PCI_DEVICES(xf86_platform_devices[i].pdev, +- entity->bus.id.pci)) { +- dev = &xf86_platform_devices[i]; +- break; ++ if (xf86_platform_devices[i].pdev) { ++ if (MATCH_PCI_DEVICES(xf86_platform_devices[i].pdev, ++ entity->bus.id.pci)) { ++ dev = &xf86_platform_devices[i]; ++ break; ++ } + } + } + break; +--- a/hw/xfree86/os-support/linux/lnx_platform.c ++++ b/hw/xfree86/os-support/linux/lnx_platform.c +@@ -101,6 +101,9 @@ + bustype = StringToBusType(busid, &id); + if (bustype == BUS_PCI) { + struct pci_device *pPci = device->pdev; ++ if (!pPci) ++ return FALSE; ++ + if (xf86ComparePciBusString(busid, + ((pPci->domain << 8) + | pPci->bus), diff --git a/debian/patches/series b/debian/patches/series index 8713b8a..145813b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -47,3 +47,4 @@ CVE-2022-46344-1.patch CVE-2022-46344-2.patch CVE-2022-4283.patch CVE-2023-0494.patch +lp2007746-fix-pdev-null-deref.patch
_______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
