[AUTO-CHERRYPICK] [HIGH] Patch pytorch for CVE-2025-55552 - branch main (#15229)

Co-authored-by: Archana Shettigar <v-shettigara@microsoft.com>
Co-authored-by: jslobodzian <joslobo@microsoft.com>

Author: 3 people

SPECS/pytorch/CVE-2025-55552.patch

@@ -0,0 +1,248 @@
+From c849ccbd342b6067d19d5805c6614a21a4f0b49f Mon Sep 17 00:00:00 2001
+From: Sam Larsen <slarsen@meta.com>
+Date: Fri, 25 Jul 2025 09:31:15 -0700
+Subject: [PATCH] Fix full_like decomposition to preserve strides (#158898)
+
+Summary:
+
+See original PR at: https://github.com/pytorch/pytorch/pull/144765, which landed internally but was reverted due to test failures. Addressing reviewer comments and trying again.
+
+Upstream Patch Reference: https://patch-diff.githubusercontent.com/raw/pytorch/pytorch/pull/159294.patch & https://patch-diff.githubusercontent.com/raw/pytorch/pytorch/pull/158898.patch
+
+---
+ test/inductor/test_torchinductor.py | 48 ++++++++++++++++++++++---
+ test/test_decomp.py                 | 11 +++++-
+ torch/_inductor/decomposition.py    | 55 +++++++++++++++++++++++++++++
+ torch/_inductor/lowering.py         |  1 -
+ 4 files changed, 109 insertions(+), 6 deletions(-)
+
+diff --git a/test/inductor/test_torchinductor.py b/test/inductor/test_torchinductor.py
+index f0c152ad..850aa033 100644
+--- a/test/inductor/test_torchinductor.py
++++ b/test/inductor/test_torchinductor.py
+@@ -326,6 +326,10 @@ def check_model(
+     reference_in_float=True,
+     assert_equal=True,
+     check_gradient=False,
++    check_has_compiled=True,
++    output_process_fn_grad=lambda x: x,
++    # TODO: enable this for all tests
++    exact_stride=False,
+ ):
+     kwargs = kwargs or {}
+     torch._dynamo.reset()
+@@ -343,7 +347,12 @@ def check_model(
+                 x.dtype == torch.float16 or x.dtype == torch.bfloat16
+             ):
+                 has_lowp_args = True
+-                return x.float()
++                # Preserve strides when casting
++                result = torch.empty_strided(
++                    x.size(), x.stride(), device=x.device, dtype=torch.float
++                )
++                result.copy_(x)
++                return result
+             else:
+                 return x
+ 
+@@ -410,6 +419,7 @@ def check_model(
+             rtol=rtol,
+             equal_nan=True,
+             exact_dtype=exact_dtype,
++            exact_stride=exact_stride,
+         )
+         # In case of input mutations, check that inputs are the same
+         self.assertEqual(
+@@ -420,6 +430,7 @@ def check_model(
+             equal_nan=True,
+             # our testing sometimes uses higher precision inputs for the reference
+             exact_dtype=False,
++            exact_stride=exact_stride,
+         )
+     else:
+         for correct_val, actual_val in zip(correct_flat, actual_flat):
+@@ -430,6 +441,8 @@ def check_model(
+                 assert correct_val.layout == actual_val.layout
+                 if exact_dtype:
+                     assert correct_val.dtype == actual_val.dtype
++                if exact_stride:
++                    assert correct_val.stride() == actual_val.stride()
+ 
+     if check_gradient:
+ 
+@@ -452,6 +465,7 @@ def check_model(
+             rtol=rtol,
+             equal_nan=True,
+             exact_dtype=exact_dtype,
++            exact_stride=exact_stride,
+         )
+ 
+     torch._dynamo.reset()
+@@ -501,6 +515,7 @@ def check_model_cuda(
+         reference_in_float=reference_in_float,
+         assert_equal=assert_equal,
+         check_gradient=check_gradient,
++        exact_stride=exact_stride,
+     )
+ 
+     if check_lowp:
+@@ -529,6 +544,7 @@ def check_model_cuda(
+             reference_in_float=reference_in_float,
+             assert_equal=assert_equal,
+             check_gradient=check_gradient,
++            exact_stride=exact_stride,
+         )
+ 
+ 
+@@ -3500,6 +3516,18 @@ class CommonTemplate:
+ 
+         self.common(fn, (torch.randn(8),))
+ 
++    def test_full_like_transposed(self):
++        def fn(a):
++            return torch.full_like(a, 3)
++
++        self.common(fn, (torch.randn(4, 5, 6).transpose(1, -1),), exact_stride=True)
++
++    def test_full_like_sliced(self):
++        def fn(a):
++            return torch.full_like(a, 3)
++
++        self.common(fn, (torch.rand(3, 4)[:, ::2],), exact_stride=True)
++
+     def test_full_truncation(self):
+         def fn(a):
+             return a + torch.full_like(a, 7.777)
+@@ -4767,14 +4795,26 @@ class CommonTemplate:
+         model = Model()
+         x = torch.rand(10, 3, 0)
+ 
+-        self.common(model, (x,))
++        self.common(model, (x,), exact_stride=True)
+ 
+     @config.patch(fallback_random=True)
+     def test_like_rands(self):
+         def fn(x):
+-            return torch.rand_like(x), torch.randn_like(x)
++            return torch.rand_like(x), torch.randn_like(x), torch.randint_like(x, 1, 11)
++
++        self.common(fn, [torch.zeros([20, 20])], exact_stride=True)
++
++    @config.patch(fallback_random=True)
++    @xfail_if_mps  # 100% are not close
++    def test_like_rands_sliced(self):
++        def fn(x):
++            return (
++                torch.randn_like(x),
++                torch.randn_like(x),
++                torch.randint_like(x, 1, 11),
++            )
+ 
+-        self.common(fn, [torch.zeros([20, 20])])
++        self.common(fn, (torch.zeros([3, 4])[:, ::2].permute(1, 0),), exact_stride=True)
+ 
+     def test_max_pool2d_with_indices_backward(self):
+         def fn(a, b, c):
+diff --git a/test/test_decomp.py b/test/test_decomp.py
+index c27ffadb..58cfa40c 100644
+--- a/test/test_decomp.py
++++ b/test/test_decomp.py
+@@ -524,7 +524,16 @@ class TestDecomp(TestCase):
+             assert len(real_out) == len(decomp_out)
+ 
+             if do_relative_check:
+-                upcast = partial(upcast_tensor, dtype=torch.float64)
++                device_arg = kwargs.get("device", None)
++
++                def upcast(x):
++                    if (isinstance(x, Tensor) and x.device.type == "mps") or (
++                        device_arg and torch.device(device_arg).type == "mps"
++                    ):
++                        return upcast_tensor(x, dtype=torch.float32)
++                    else:
++                        return upcast_tensor(x, dtype=torch.float64)
++
+                 real_out_double, _ = tree_flatten(
+                     func(*tree_map(upcast, args), **tree_map(upcast, kwargs))
+                 )
+diff --git a/torch/_inductor/decomposition.py b/torch/_inductor/decomposition.py
+index 3fa3640e..16efb345 100644
+--- a/torch/_inductor/decomposition.py
++++ b/torch/_inductor/decomposition.py
+@@ -218,6 +218,61 @@ def should_pad_bench(mat1, mat2, op, input=None):
+         # TODO: Build a learned model which would be better than this heuristic
+         return ori_time > pad_time * 1.1
+ 
++def _get_shape_permutation_like(
++    self: torch.Tensor,
++) -> tuple[utils.ShapeType, utils.StrideType]:
++    physical_layout = utils.compute_elementwise_output_logical_to_physical_perm(self)
++    shape = [self.shape[l] for l in physical_layout]
++
++    permutation = [0] * len(shape)
++    for p, l in enumerate(physical_layout):
++        permutation[l] = p
++
++    return (shape, permutation)
++    
++
++    if memory_format != torch.preserve_format:
++        result = torch.full(
++            self.shape,
++            fill_value,
++            dtype=dtype,
++            layout=layout,
++            device=device,
++            pin_memory=pin_memory,
++            requires_grad=requires_grad,
++        )
++        return result.to(memory_format=memory_format)
++
++    else:
++        assert layout == torch.strided
++        shape, permutation = _get_shape_permutation_like(self)
++        result = torch.full(
++            shape,
++            fill_value,
++            dtype=dtype,
++            layout=layout,
++            device=device,
++            pin_memory=pin_memory,
++            requires_grad=requires_grad,
++        )
++        if permutation == list(range(len(permutation))):
++            return result
++        return result.permute(permutation).clone()
++
++@register_decomposition(aten.rand_like)
++def rand_like(self: torch.Tensor, **kwargs: Any) -> torch.Tensor:
++    return _rand_like(torch.rand, self, **kwargs)
++
++
++@register_decomposition(aten.randn_like)
++def randn_like(self: torch.Tensor, **kwargs: Any) -> torch.Tensor:
++    return _rand_like(torch.randn, self, **kwargs)
++
++
++@register_decomposition(aten.randint_like.default)
++def randint_like(self: torch.Tensor, high: int, **kwargs: Any) -> torch.Tensor:
++    return _rand_like(functools.partial(aten.randint.low, 0, high), self, **kwargs)
++
+ 
+ @register_decomposition([aten.mm])
+ def mm_decomp(mat1, mat2):
+diff --git a/torch/_inductor/lowering.py b/torch/_inductor/lowering.py
+index 4c77ebdf..858c6866 100644
+--- a/torch/_inductor/lowering.py
++++ b/torch/_inductor/lowering.py
+@@ -1712,7 +1712,6 @@ def _full(fill_value, device, dtype, size):
+     )
+ 
+ 
+-@register_lowering(aten.full_like, type_promotion_kind=None)
+ def full_like(x, fill_value, **kwargs):
+     return create_tensor_like(tensor_constructor(fill_value))(x, **kwargs)
+ 
+-- 
+2.45.4
+

SPECS/pytorch/pytorch.spec

@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.0.0
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -20,7 +20,8 @@ Patch5:         CVE-2022-1941.patch
 Patch6:         CVE-2025-32434.patch
 Patch7:         CVE-2025-3730.patch
 Patch8:         CVE-2025-2953.patch
-Patch9:         CVE-2025-55560.patch
+Patch9:         CVE-2025-55552.patch
+Patch10:        CVE-2025-55560.patch
 
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -93,9 +94,12 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
-* Wed Oct 01 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.0.0-10
+* Fri Dec 05 2025 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.0.0-11
 - Patch for CVE-2025-55560
 
+* Fri Nov 28 2025 Archana Shettigar <v-shettigara@microsoft.com> - 2.0.0-10
+- Patch CVE-2025-55552
+ 
 * Tue Apr 29 2025 Archana Shettigar <v-shettigara@microsoft.com> - 2.0.0-9
 - Patch CVE-2025-2953