CVE-2021-4453: Fixing a potential GPU metrics table memory leak in drm/amd/pm of the Linux kernel

A significant vulnerability in the Linux kernel's DRM (Direct Rendering Manager) subsystem, specifically in the DRM/AMD Power Management (PM) code, was recently identified and has been patched. The vulnerability, dubbed "CVE-2021-4453," impacts the Renior GPU architecture and could inadvertently lead to a memory leak in the GPU metrics table. This post dives into the details of the vulnerability and explores the code changes implemented to resolve the issue.

Introduction

Memory leaks are a notorious issue in the world of software development. These leaks, while sometimes subtle in their symptoms, can cause significant performance degradation and resource consumption in affected systems. In the case of the Linux kernel, the recently discovered CVE-2021-4453 vulnerability exposes a memory leak in the DRM/AMD PM code for the Renior GPU architecture. In this post, we will provide a detailed look at the vulnerability and examine how developers can apply the necessary patches to correct it.

The Vulnerability

The CVE-2021-4453 vulnerability arises from a memory allocation issue for the gpu_metrics_table in the "renoir_init_smc_tables()" function. When the table is created, memory is allocated, but it is never freed in the "int smu_v12__fini_smc_tables()" function. This dangling memory allocation creates a memory leak and can lead to serious consequences, such as memory exhaustion and system instability.

Here's a code snippet showcasing the problematic allocations

static int renoir_init_smc_tables(struct smu_context *smu)
{
    int ret = ;

    // ... [snip] ...

    // Memory is allocated here, but there's no corresponding deallocation!
    smu->smu_table.gpu_metrics_table = kzalloc(gpu_metrics_size, GFP_KERNEL);
    if (!smu->smu_table.gpu_metrics_table)
        return -ENOMEM;

   smu->smu_table.metrics_time = ktime_get_boottime_ns();

    // ... [snip] ...
}

The Fix

The solution to this vulnerability is quite simple - developers must add the required code for freeing the allocated memory for the gpu_metrics_table in the "int smu_v12__fini_smc_tables()" function. This ensures that there are no dangling memory allocations, effectively eliminating the memory leak.

The corrected code snippet adds a kfree() function call to free the allocated memory for gpu_metrics_table:

static int smu_v12__fini_smc_tables(struct smu_context *smu)
{
    // ... [snip] ...

    // Now the memory is properly freed!
    kfree(smu->smu_table.gpu_metrics_table);
    smu->smu_table.gpu_metrics_table = NULL;

    // ... [snip] ...
}

Applying the Patch

To fix this vulnerability in your kernel, apply the patch mentioned above. The detailed patch is available at the following link:

- Patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cbed9339de882fc32f8c444e130a6d04e58f833

Once the patch is applied and the kernel is recompiled, the potential memory leak will be resolved, leading to a more stable and secure system.

Conclusion

This post has delved into the CVE-2021-4453 vulnerability in the Linux kernel's drm/amd/pm module and highlighted the problematic memory leak in the GPU metrics table. With the provided code changes and patches, developers can now take steps to ensure system stability and maintain memory efficiency. Remember, keeping systems patched and up to date is vital for ensuring ongoing security and stability in any computing environment.

Timeline

Published on: 02/26/2025 06:37:29 UTC
Last modified on: 03/18/2025 18:52:26 UTC