From 34b9b5297db0177cabbd236d1f7fdf897d07739e Mon Sep 17 00:00:00 2001 From: jykanase Date: Thu, 30 Jan 2025 04:23:12 +0000 Subject: [PATCH] patch hwloc to fix CVE-2022-47022 --- SPECS/hwloc/CVE-2022-47022.patch | 68 ++++++++++++++++++++++++++++++++ SPECS/hwloc/hwloc.spec | 6 ++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 SPECS/hwloc/CVE-2022-47022.patch diff --git a/SPECS/hwloc/CVE-2022-47022.patch b/SPECS/hwloc/CVE-2022-47022.patch new file mode 100644 index 00000000000..ecef4b67c2d --- /dev/null +++ b/SPECS/hwloc/CVE-2022-47022.patch @@ -0,0 +1,68 @@ +From b85436757996b58b805dc4d471ec1cb3c6f56781 Mon Sep 17 00:00:00 2001 +From: jykanase +Date: Tue, 28 Jan 2025 12:11:44 +0000 +Subject: [PATCH] CVE-2022-47022 + +--- + hwloc/topology-linux.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c +index c7b63d2..fd6745e 100644 +--- a/hwloc/topology-linux.c ++++ b/hwloc/topology-linux.c +@@ -870,6 +870,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -950,7 +952,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology) + while (1) { + cpu_set_t *set = CPU_ALLOC(nr_cpus); + size_t setsize = CPU_ALLOC_SIZE(nr_cpus); +- int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ ++ int err; ++ if (!set) ++ return -1; /* caller will return an error, and we'll try again later */ ++ err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ + CPU_FREE(set); + nr_cpus = setsize * 8; /* that's the value that was actually tested */ + if (!err) +@@ -978,8 +983,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + /* find the kernel nr_cpus so as to use a large enough cpu_set size */ + kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology); ++ if (kernel_nr_cpus < 0) ++ return -1; + setsize = CPU_ALLOC_SIZE(kernel_nr_cpus); + plinux_set = CPU_ALLOC(kernel_nr_cpus); ++ if (!plinux_set) ++ return -1; + + err = sched_getaffinity(tid, setsize, plinux_set); + +@@ -1333,6 +1342,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -1424,6 +1435,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + err = pthread_getaffinity_np(tid, setsize, plinux_set); + if (err) { +-- +2.45.2 + diff --git a/SPECS/hwloc/hwloc.spec b/SPECS/hwloc/hwloc.spec index 4567f169d06..e119a60616d 100644 --- a/SPECS/hwloc/hwloc.spec +++ b/SPECS/hwloc/hwloc.spec @@ -1,12 +1,13 @@ Summary: Portable Hardware Locality - portable abstraction of hierarchical architectures Name: hwloc Version: 2.9.2 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD-2-Clause Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://www.open-mpi.org/projects/hwloc/ Source0: http://www.open-mpi.org/software/hwloc/v2.9/downloads/%{name}-%{version}.tar.bz2 +Patch0: CVE-2022-47022.patch BuildRequires: gcc # C++ only for hwloc-hello-cpp test: BuildRequires: gcc-c++ @@ -167,6 +168,9 @@ LD_LIBRARY_PATH=$PWD/hwloc/.libs make check %{_libdir}/%{name}/hwloc* %changelog +* Wed Jan 29 2025 Jyoti Kanase - 2.9.2-2 +- Fix CVE-2022-47022 + * Fri Oct 27 2023 CBL-Mariner Servicing Account - 2.9.2-1 - Auto-upgrade to 2.9.2 - Azure Linux 3.0 - package upgrades