From 5ffc4d0c6c6a6d4f0e42cc6dcaebbca817e86fdd Mon Sep 17 00:00:00 2001 From: starlet_dx <15929766099@163.com> Date: Tue, 24 Aug 2021 14:35:30 +0800 Subject: [PATCH] fix CVE-2020-26266 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271 --- CVE-2020-26266.patch | 62 ++++++++++++++++++++++++++++++++++++++++++++ CVE-2020-26268.patch | 32 +++++++++++++++++++++++ CVE-2020-26270.patch | 40 ++++++++++++++++++++++++++++ CVE-2020-26271.patch | 44 +++++++++++++++++++++++++++++++ tensorflow.spec | 9 ++++++- 5 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 CVE-2020-26266.patch create mode 100644 CVE-2020-26268.patch create mode 100644 CVE-2020-26270.patch create mode 100644 CVE-2020-26271.patch diff --git a/CVE-2020-26266.patch b/CVE-2020-26266.patch new file mode 100644 index 0000000..1cd5aab --- /dev/null +++ b/CVE-2020-26266.patch @@ -0,0 +1,62 @@ +From ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 Mon Sep 17 00:00:00 2001 +From: Mihai Maruseac +Date: Tue, 24 Nov 2020 11:40:42 -0800 +Subject: [PATCH] Default initialize fixed point Eigen types. + +In certain cases, tensors are filled with default values of the type. But, for these fixed point types, these values were uninitialized. Thus, we would have uninitialized memory access bugs, some of which were caught by MSAN. + +PiperOrigin-RevId: 344101137 +Change-Id: I14555fda74dca3b5f1582da9008901937e3f14e2 +--- + .../Eigen/CXX11/src/FixedPoint/FixedPointTypes.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h b/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h +index ff359cedced96..fd35360da2820 100644 +--- a/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h ++++ b/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h +@@ -49,7 +49,7 @@ struct scalar_product_traits { + // the compiler from silently type cast the mantissa into a bigger or a smaller + // representation. + struct QInt8 { +- QInt8() {} ++ QInt8() : value(0) {} + QInt8(const int8_t v) : value(v) {} + QInt8(const QInt32 v); + +@@ -59,7 +59,7 @@ struct QInt8 { + }; + + struct QUInt8 { +- QUInt8() {} ++ QUInt8() : value(0) {} + QUInt8(const uint8_t v) : value(v) {} + QUInt8(const QInt32 v); + +@@ -69,7 +69,7 @@ struct QUInt8 { + }; + + struct QInt16 { +- QInt16() {} ++ QInt16() : value(0) {} + QInt16(const int16_t v) : value(v) {} + QInt16(const QInt32 v); + operator int() const { return static_cast(value); } +@@ -78,7 +78,7 @@ struct QInt16 { + }; + + struct QUInt16 { +- QUInt16() {} ++ QUInt16() : value(0) {} + QUInt16(const uint16_t v) : value(v) {} + QUInt16(const QInt32 v); + operator int() const { return static_cast(value); } +@@ -87,7 +87,7 @@ struct QUInt16 { + }; + + struct QInt32 { +- QInt32() {} ++ QInt32() : value(0) {} + QInt32(const int8_t v) : value(v) {} + QInt32(const int32_t v) : value(v) {} + QInt32(const uint32_t v) : value(static_cast(v)) {} diff --git a/CVE-2020-26268.patch b/CVE-2020-26268.patch new file mode 100644 index 0000000..d6f5706 --- /dev/null +++ b/CVE-2020-26268.patch @@ -0,0 +1,32 @@ +From c1e1fc899ad5f8c725dcbb6470069890b5060bc7 Mon Sep 17 00:00:00 2001 +From: Mihai Maruseac +Date: Fri, 4 Dec 2020 17:06:23 -0800 +Subject: [PATCH] Mark `MemmappedTensorAllocator` as returning opaque handle. + +This allocator is used for `ImmutableConstantOp` and it returns a handle to the contents of a memory mapped file which is supposed to represent a tensor. + +For tensors of complex types (resources, variables and strings), allocators which are not marked as returning opaque handles will call placement new to initialize each element. This means writing to the buffer. However, in our case, the buffer is immutable and already contains the tensor data. Hence, writing to it is both destructive and causes a crash. + +PiperOrigin-RevId: 345786451 +Change-Id: I46369c50fa60b3431709ffe068a728d3061f49c4 +--- + tensorflow/core/kernels/immutable_constant_op.cc | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tensorflow/core/kernels/immutable_constant_op.cc b/tensorflow/core/kernels/immutable_constant_op.cc +index 0dd08c694eb6c..1cfbdb8277891 100644 +--- a/tensorflow/core/kernels/immutable_constant_op.cc ++++ b/tensorflow/core/kernels/immutable_constant_op.cc +@@ -62,6 +62,12 @@ class MemmappedTensorAllocator : public Allocator { + + void set_delete_on_deallocate() { delete_on_deallocate_ = true; } + ++ // Make sure tensors or complex types (strings, variants, resources) don't get ++ // their constructor called via a placement new since that would require ++ // writing to immutable data. ++ // See also: tensorflow/core/framework/typed_allocator.h ++ bool AllocatesOpaqueHandle() const override { return true; } ++ + private: + std::unique_ptr memory_region_; + // If there is an error during allocation we keep it in this status. diff --git a/CVE-2020-26270.patch b/CVE-2020-26270.patch new file mode 100644 index 0000000..7427e7d --- /dev/null +++ b/CVE-2020-26270.patch @@ -0,0 +1,40 @@ +From 14755416e364f17fb1870882fa778c7fec7f16e3 Mon Sep 17 00:00:00 2001 +From: Mihai Maruseac +Date: Mon, 7 Dec 2020 20:31:31 -0800 +Subject: [PATCH] Prevent CHECK-fail in LSTM/GRU with zero-length input. + +PiperOrigin-RevId: 346239181 +Change-Id: I5f233dbc076aab7bb4e31ba24f5abd4eaf99ea4f +--- + tensorflow/stream_executor/cuda/cuda_dnn.cc | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tensorflow/stream_executor/cuda/cuda_dnn.cc b/tensorflow/stream_executor/cuda/cuda_dnn.cc +index a97850bd..5ae19f27 100644 +--- a/tensorflow/stream_executor/cuda/cuda_dnn.cc ++++ b/tensorflow/stream_executor/cuda/cuda_dnn.cc +@@ -1474,7 +1474,9 @@ class CudnnRnnSequenceTensorDescriptor + static port::StatusOr Create( + GpuExecutor* parent, int max_seq_length, int batch_size, int data_size, + cudnnDataType_t data_type) { +- CHECK_GT(max_seq_length, 0); ++ if (max_seq_length <= 0) { ++ return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0"); ++ } + int dims[] = {batch_size, data_size, 1}; + int strides[] = {dims[1] * dims[2], dims[2], 1}; + TensorDescriptor tensor_desc = CreateTensorDescriptor(); +@@ -1495,7 +1497,9 @@ class CudnnRnnSequenceTensorDescriptor + const absl::Span& seq_lengths, bool time_major, + cudnnDataType_t data_type) { + #if CUDNN_VERSION >= 7201 +- CHECK_GT(max_seq_length, 0); ++ if (max_seq_length <= 0) { ++ return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0"); ++ } + int dims[] = {batch_size, data_size, 1}; + int strides[] = {dims[1] * dims[2], dims[2], 1}; + TensorDescriptor tensor_desc = CreateTensorDescriptor(); +-- +2.27.0 + diff --git a/CVE-2020-26271.patch b/CVE-2020-26271.patch new file mode 100644 index 0000000..ec7474a --- /dev/null +++ b/CVE-2020-26271.patch @@ -0,0 +1,44 @@ +From 0cc38aaa4064fd9e79101994ce9872c6d91f816b Mon Sep 17 00:00:00 2001 +From: Mihai Maruseac +Date: Tue, 8 Dec 2020 09:31:57 -0800 +Subject: [PATCH] Prevent unitialized memory access in + `GraphConstructor::MakeEdge` + +The `MakeEdge` implementation assumes that there exists an output at `output_index` of `src` node and an input at `input_index` of `dst` node. However, if this is not the case this results in accessing data out of bounds. Because we are accessing an array that is a private member of a class and only in read only mode, this usually results only in unitialized memory access. However, it is reasonable to think that malicious users could manipulate these indexes to actually read data outside the class, thus resulting in information leakage and further exploits. + +PiperOrigin-RevId: 346343288 +Change-Id: I2127da27c2023d27f26efd39afa6c853385cab6f +--- + tensorflow/core/common_runtime/graph_constructor.cc | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/tensorflow/core/common_runtime/graph_constructor.cc b/tensorflow/core/common_runtime/graph_constructor.cc +index 92b07682d76cd..639739e9cac8c 100644 +--- a/tensorflow/core/common_runtime/graph_constructor.cc ++++ b/tensorflow/core/common_runtime/graph_constructor.cc +@@ -44,6 +44,7 @@ limitations under the License. + #include "tensorflow/core/lib/gtl/inlined_vector.h" + #include "tensorflow/core/lib/strings/scanner.h" + #include "tensorflow/core/lib/strings/str_util.h" ++#include "tensorflow/core/platform/errors.h" + #include "tensorflow/core/platform/logging.h" + #include "tensorflow/core/platform/macros.h" + #include "tensorflow/core/public/version.h" +@@ -1425,6 +1426,17 @@ void GraphConstructor::Undo() { + + Status GraphConstructor::MakeEdge(Node* src, int output_index, Node* dst, + int input_index) { ++ if (output_index >= src->num_outputs()) { ++ return errors::InvalidArgument( ++ "Output ", output_index, " of node ", src->name(), ++ " does not exist. Node only has ", src->num_outputs(), " outputs."); ++ } ++ if (input_index >= dst->num_inputs()) { ++ return errors::InvalidArgument( ++ "Input ", input_index, " of node ", dst->name(), ++ " does not exist. Node only has ", dst->num_inputs(), " inputs."); ++ } ++ + DataType src_out = src->output_type(output_index); + DataType dst_in = dst->input_type(input_index); + if (!TypesCompatible(dst_in, src_out)) { diff --git a/tensorflow.spec b/tensorflow.spec index 4f4b9d0..8c6f4fc 100644 --- a/tensorflow.spec +++ b/tensorflow.spec @@ -1,7 +1,7 @@ %global _empty_manifest_terminate_build 0 Name: tensorflow Version: 2.3.1 -Release: 6 +Release: 7 Summary: An Open Source Machine Learning Framework for Everyone License: Apache License 2.0 URL: https://www.tensorflow.org/ @@ -16,6 +16,10 @@ Patch0004: CVE-2021-29566.patch Patch0005: CVE-2021-29534.patch Patch0006: fix_compile.patch Patch0007: CVE-2021-29513.patch +Patch0008: CVE-2020-26266.patch +Patch0009: CVE-2020-26268.patch +Patch0010: CVE-2020-26270.patch +Patch0011: CVE-2020-26271.patch Requires: python3-future Requires: python3-numpy @@ -62,6 +66,9 @@ bazel --output_user_root=`pwd`/../output_user_root build --host_copt=-Wno-string %{_bindir}/* %changelog +* Tue Aug 24 2021 yaoxin - 2.3.1-7 +- Fix CVE-2020-26266 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271 + * Fri Aug 06 2021 Ding Taixin <1315774958@qq.com> - 2.3.1-6 - Add patch CVE-2021-29513 -- Gitee