Linux Kernel AMD GPU KFD VRAM Allocation Stale Data Exposure Vulnerability

A vulnerability in the Linux kernel's handling of VRAM allocations for the Kernel Fusion Driver (KFD) can lead to the exposure of stale data. This issue arises because KFD VRAM allocations do not properly clear the memory before use, leaving remnants from previous allocations that can be observed by compute kernels. The problem has been addressed by modifying the allocation process to include a flag that ensures VRAM is cleared before being allocated to user buffers. This vulnerability was causing crashes in the RCCL P2P transport by corrupting protocol handshakes with residual data from prior VRAM usage.

Impact

The vulnerability could lead to data corruption and crashes in applications using the RCCL P2P transport, by allowing stale data to interfere with protocol handshakes.

Reproduction

The vulnerability can be reproduced by allocating VRAM through the KFD path without the AMDGPU_GEM_CREATE_VRAM_CLEARED flag, which is responsible for clearing the memory before use. This can be done by creating a compute kernel that allocates VRAM via KFD, and then checking for non-zero data in the ptrExchange, head, and tail fields, which would indicate the presence of stale data from previous allocations.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.