fix CVE-2020-26266 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271

2021-08-24 14:35:30 +08:00 · 2021-08-24 14:35:30 +08:00 · 5ffc4d0c6c
commit 5ffc4d0c6c
parent 66883d457b
5 changed files with 186 additions and 1 deletions
--- a/CVE-2020-26266.patch
+++ b/CVE-2020-26266.patch
@ -0,0 +1,62 @@
 From ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2 Mon Sep 17 00:00:00 2001
 From: Mihai Maruseac <mihaimaruseac@google.com>
 Date: Tue, 24 Nov 2020 11:40:42 -0800
 Subject: [PATCH] Default initialize fixed point Eigen types.
 In certain cases, tensors are filled with default values of the type. But, for these fixed point types, these values were uninitialized. Thus, we would have uninitialized memory access bugs, some of which were caught by MSAN.
 PiperOrigin-RevId: 344101137
 Change-Id: I14555fda74dca3b5f1582da9008901937e3f14e2
 ---
 .../Eigen/CXX11/src/FixedPoint/FixedPointTypes.h       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h b/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h
 index ff359cedced96..fd35360da2820 100644
 --- a/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h
 +++ b/third_party/eigen3/unsupported/Eigen/CXX11/src/FixedPoint/FixedPointTypes.h
@@ -49,7 +49,7 @@ struct scalar_product_traits<QInt32, double> {
 // the compiler from silently type cast the mantissa into a bigger or a smaller
 // representation.
 struct QInt8 {
 -  QInt8() {}
 +  QInt8() : value(0) {}
   QInt8(const int8_t v) : value(v) {}
   QInt8(const QInt32 v);
@@ -59,7 +59,7 @@ struct QInt8 {
 };
 struct QUInt8 {
 -  QUInt8() {}
 +  QUInt8() : value(0) {}
   QUInt8(const uint8_t v) : value(v) {}
   QUInt8(const QInt32 v);
@@ -69,7 +69,7 @@ struct QUInt8 {
 };
 struct QInt16 {
 -  QInt16() {}
 +  QInt16() : value(0) {}
   QInt16(const int16_t v) : value(v) {}
   QInt16(const QInt32 v);
   operator int() const { return static_cast<int>(value); }
@@ -78,7 +78,7 @@ struct QInt16 {
 };
 struct QUInt16 {
 -  QUInt16() {}
 +  QUInt16() : value(0) {}
   QUInt16(const uint16_t v) : value(v) {}
   QUInt16(const QInt32 v);
   operator int() const { return static_cast<int>(value); }
@@ -87,7 +87,7 @@ struct QUInt16 {
 };
 struct QInt32 {
 -  QInt32() {}
 +  QInt32() : value(0) {}
   QInt32(const int8_t v) : value(v) {}
   QInt32(const int32_t v) : value(v) {}
   QInt32(const uint32_t v) : value(static_cast<int32_t>(v)) {}
--- a/CVE-2020-26268.patch
+++ b/CVE-2020-26268.patch
@ -0,0 +1,32 @@
 From c1e1fc899ad5f8c725dcbb6470069890b5060bc7 Mon Sep 17 00:00:00 2001
 From: Mihai Maruseac <mihaimaruseac@google.com>
 Date: Fri, 4 Dec 2020 17:06:23 -0800
 Subject: [PATCH] Mark `MemmappedTensorAllocator` as returning opaque handle.
 This allocator is used for `ImmutableConstantOp` and it returns a handle to the contents of a memory mapped file which is supposed to represent a tensor.
 For tensors of complex types (resources, variables and strings), allocators which are not marked as returning opaque handles will call placement new to initialize each element. This means writing to the buffer. However, in our case, the buffer is immutable and already contains the tensor data. Hence, writing to it is both destructive and causes a crash.
 PiperOrigin-RevId: 345786451
 Change-Id: I46369c50fa60b3431709ffe068a728d3061f49c4
 ---
 tensorflow/core/kernels/immutable_constant_op.cc | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/tensorflow/core/kernels/immutable_constant_op.cc b/tensorflow/core/kernels/immutable_constant_op.cc
 index 0dd08c694eb6c..1cfbdb8277891 100644
 --- a/tensorflow/core/kernels/immutable_constant_op.cc
 +++ b/tensorflow/core/kernels/immutable_constant_op.cc
@@ -62,6 +62,12 @@ class MemmappedTensorAllocator : public Allocator {
   void set_delete_on_deallocate() { delete_on_deallocate_ = true; }
 +  // Make sure tensors or complex types (strings, variants, resources) don't get
 +  // their constructor called via a placement new since that would require
 +  // writing to immutable data.
 +  // See also: tensorflow/core/framework/typed_allocator.h
 +  bool AllocatesOpaqueHandle() const override { return true; }
 +
  private:
   std::unique_ptr<ReadOnlyMemoryRegion> memory_region_;
   // If there is an error during allocation we keep it in this status.
--- a/CVE-2020-26270.patch
+++ b/CVE-2020-26270.patch
@ -0,0 +1,40 @@
 From 14755416e364f17fb1870882fa778c7fec7f16e3 Mon Sep 17 00:00:00 2001
 From: Mihai Maruseac <mihaimaruseac@google.com>
 Date: Mon, 7 Dec 2020 20:31:31 -0800
 Subject: [PATCH] Prevent CHECK-fail in LSTM/GRU with zero-length input.
 PiperOrigin-RevId: 346239181
 Change-Id: I5f233dbc076aab7bb4e31ba24f5abd4eaf99ea4f
 ---
 tensorflow/stream_executor/cuda/cuda_dnn.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
 diff --git a/tensorflow/stream_executor/cuda/cuda_dnn.cc b/tensorflow/stream_executor/cuda/cuda_dnn.cc
 index a97850bd..5ae19f27 100644
 --- a/tensorflow/stream_executor/cuda/cuda_dnn.cc
 +++ b/tensorflow/stream_executor/cuda/cuda_dnn.cc
@@ -1474,7 +1474,9 @@ class CudnnRnnSequenceTensorDescriptor
   static port::StatusOr<CudnnRnnSequenceTensorDescriptor> Create(
       GpuExecutor* parent, int max_seq_length, int batch_size, int data_size,
       cudnnDataType_t data_type) {
 -    CHECK_GT(max_seq_length, 0);
 +    if (max_seq_length <= 0) {
 +      return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0");
 +    }
     int dims[] = {batch_size, data_size, 1};
     int strides[] = {dims[1] * dims[2], dims[2], 1};
     TensorDescriptor tensor_desc = CreateTensorDescriptor();
@@ -1495,7 +1497,9 @@ class CudnnRnnSequenceTensorDescriptor
       const absl::Span<const int>& seq_lengths, bool time_major,
       cudnnDataType_t data_type) {
 #if CUDNN_VERSION >= 7201
 -    CHECK_GT(max_seq_length, 0);
 +    if (max_seq_length <= 0) {
 +      return port::Status(port::error::INVALID_ARGUMENT, "max_seq_length <= 0");
 +    }
     int dims[] = {batch_size, data_size, 1};
     int strides[] = {dims[1] * dims[2], dims[2], 1};
     TensorDescriptor tensor_desc = CreateTensorDescriptor();
 -- 
 2.27.0
--- a/CVE-2020-26271.patch
+++ b/CVE-2020-26271.patch
@ -0,0 +1,44 @@
 From 0cc38aaa4064fd9e79101994ce9872c6d91f816b Mon Sep 17 00:00:00 2001
 From: Mihai Maruseac <mihaimaruseac@google.com>
 Date: Tue, 8 Dec 2020 09:31:57 -0800
 Subject: [PATCH] Prevent unitialized memory access in
 `GraphConstructor::MakeEdge`
 The `MakeEdge` implementation assumes that there exists an output at `output_index` of `src` node and an input at `input_index` of `dst` node. However, if this is not the case this results in accessing data out of bounds. Because we are accessing an array that is a private member of a class and only in read only mode, this usually results only in unitialized memory access. However, it is reasonable to think that malicious users could manipulate these indexes to actually read data outside the class, thus resulting in information leakage and further exploits.
 PiperOrigin-RevId: 346343288
 Change-Id: I2127da27c2023d27f26efd39afa6c853385cab6f
 ---
 tensorflow/core/common_runtime/graph_constructor.cc | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 diff --git a/tensorflow/core/common_runtime/graph_constructor.cc b/tensorflow/core/common_runtime/graph_constructor.cc
 index 92b07682d76cd..639739e9cac8c 100644
 --- a/tensorflow/core/common_runtime/graph_constructor.cc
 +++ b/tensorflow/core/common_runtime/graph_constructor.cc
@@ -44,6 +44,7 @@ limitations under the License.
 #include "tensorflow/core/lib/gtl/inlined_vector.h"
 #include "tensorflow/core/lib/strings/scanner.h"
 #include "tensorflow/core/lib/strings/str_util.h"
 +#include "tensorflow/core/platform/errors.h"
 #include "tensorflow/core/platform/logging.h"
 #include "tensorflow/core/platform/macros.h"
 #include "tensorflow/core/public/version.h"
@@ -1425,6 +1426,17 @@ void GraphConstructor::Undo() {
 Status GraphConstructor::MakeEdge(Node* src, int output_index, Node* dst,
                                   int input_index) {
 +  if (output_index >= src->num_outputs()) {
 +    return errors::InvalidArgument(
 +        "Output ", output_index, " of node ", src->name(),
 +        " does not exist. Node only has ", src->num_outputs(), " outputs.");
 +  }
 +  if (input_index >= dst->num_inputs()) {
 +    return errors::InvalidArgument(
 +        "Input ", input_index, " of node ", dst->name(),
 +        " does not exist. Node only has ", dst->num_inputs(), " inputs.");
 +  }
 +
   DataType src_out = src->output_type(output_index);
   DataType dst_in = dst->input_type(input_index);
   if (!TypesCompatible(dst_in, src_out)) {
--- a/tensorflow.spec
+++ b/tensorflow.spec
@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		tensorflow
 Version:	2.3.1
-Release:	6
+Release:	7
 Summary:	An Open Source Machine Learning Framework for Everyone
 License:	Apache License 2.0
 URL:		https://www.tensorflow.org/
@ -16,6 +16,10 @@ Patch0004:      CVE-2021-29566.patch
 Patch0005:	CVE-2021-29534.patch
 Patch0006:	fix_compile.patch
 Patch0007:	CVE-2021-29513.patch
 Patch0008:      CVE-2020-26266.patch
 Patch0009:      CVE-2020-26268.patch
 Patch0010:      CVE-2020-26270.patch
 Patch0011:      CVE-2020-26271.patch
 Requires:	python3-future
 Requires:	python3-numpy
@ -62,6 +66,9 @@ bazel --output_user_root=`pwd`/../output_user_root build --host_copt=-Wno-string
 %{_bindir}/*
 %changelog
 * Tue Aug 24 2021 yaoxin <yaoxin30@huawei.com> - 2.3.1-7
 - Fix CVE-2020-26266 CVE-2020-26268 CVE-2020-26270 CVE-2020-26271
 * Fri Aug 06 2021 Ding Taixin <1315774958@qq.com> - 2.3.1-6
 - Add patch CVE-2021-29513