From 3dce47a41c228026a6caca6143cc10187aee2700 Mon Sep 17 00:00:00 2001 From: wk333 <13474090681@163.com> Date: Wed, 30 Aug 2023 09:43:01 +0800 Subject: [PATCH] Fix CVE-2022-47022 (cherry picked from commit d7129364431af3e5a4b24dfc2849652ce2faaedd) --- CVE-2022-47022.patch | 72 ++++++++++++++++++++++++++++++++++++++++++++ hwloc.spec | 6 +++- 2 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-47022.patch diff --git a/CVE-2022-47022.patch b/CVE-2022-47022.patch new file mode 100644 index 0000000..b75ce54 --- /dev/null +++ b/CVE-2022-47022.patch @@ -0,0 +1,72 @@ +From eec84f84d4c4a7af6ed2c57ba95a9256e56e73b4 Mon Sep 17 00:00:00 2001 +From: Brice Goglin +Date: Wed, 23 Aug 2023 19:52:47 +0200 +Subject: [PATCH] linux: handle glibc cpuset allocation failures + +Origin: https://github.com/open-mpi/hwloc/commit/eec84f84d4c4a7af6ed2c57ba95a9256e56e73b4 + +Closes #544 +CVE-2022-47022 + +Signed-off-by: Brice Goglin +(cherry picked from commit ac1f8db9a0790d2bf153711ff4cbf6101f89aace) +--- + hwloc/topology-linux.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/hwloc/topology-linux.c b/hwloc/topology-linux.c +index bfc5dc23f..cae4f84d1 100644 +--- a/hwloc/topology-linux.c ++++ b/hwloc/topology-linux.c +@@ -877,6 +877,8 @@ hwloc_linux_set_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -957,7 +959,10 @@ hwloc_linux_find_kernel_nr_cpus(hwloc_topology_t topology) + while (1) { + cpu_set_t *set = CPU_ALLOC(nr_cpus); + size_t setsize = CPU_ALLOC_SIZE(nr_cpus); +- int err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ ++ int err; ++ if (!set) ++ return -1; /* caller will return an error, and we'll try again later */ ++ err = sched_getaffinity(0, setsize, set); /* always works, unless setsize is too small */ + CPU_FREE(set); + nr_cpus = setsize * 8; /* that's the value that was actually tested */ + if (!err) +@@ -985,8 +990,12 @@ hwloc_linux_get_tid_cpubind(hwloc_topology_t topology __hwloc_attribute_unused, + + /* find the kernel nr_cpus so as to use a large enough cpu_set size */ + kernel_nr_cpus = hwloc_linux_find_kernel_nr_cpus(topology); ++ if (kernel_nr_cpus < 0) ++ return -1; + setsize = CPU_ALLOC_SIZE(kernel_nr_cpus); + plinux_set = CPU_ALLOC(kernel_nr_cpus); ++ if (!plinux_set) ++ return -1; + + err = sched_getaffinity(tid, setsize, plinux_set); + +@@ -1340,6 +1349,8 @@ hwloc_linux_set_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_c + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + CPU_ZERO_S(setsize, plinux_set); + hwloc_bitmap_foreach_begin(cpu, hwloc_set) +@@ -1431,6 +1442,8 @@ hwloc_linux_get_thread_cpubind(hwloc_topology_t topology, pthread_t tid, hwloc_b + + setsize = CPU_ALLOC_SIZE(last+1); + plinux_set = CPU_ALLOC(last+1); ++ if (!plinux_set) ++ return -1; + + err = pthread_getaffinity_np(tid, setsize, plinux_set); + if (err) { diff --git a/hwloc.spec b/hwloc.spec index aaaad04..5278216 100644 --- a/hwloc.spec +++ b/hwloc.spec @@ -1,10 +1,11 @@ Name: hwloc Version: 2.7.1 -Release: 1 +Release: 2 Summary: Hardware locality utilities and libraries License: BSD-3-Clause URL: https://www.open-mpi.org/projects/hwloc/ Source0: https://download.open-mpi.org/release/%{name}/v2.7/%{name}-%{version}.tar.bz2 +Patch0: CVE-2022-47022.patch BuildRequires: gcc-c++ cairo-devel libpciaccess-devel libtool-ltdl-devel libX11-devel libxml2-devel texlive-latex BuildRequires: desktop-file-utils systemd texlive-makeindex ncurses-devel transfig doxygen @@ -111,6 +112,9 @@ LD_LIBRARY_PATH=$PWD/hwloc/.libs make check %{_pkgdocdir}/*[^c] %changelog +* Wed Aug 30 2023 wangkai <13474090681@163.com> - 2.7.1-2 +- Fix CVE-2022-47022 + * Tue Oct 18 2022 yaoxin - 2.7.1-1 - Update to 2.7.1 -- Gitee