Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7547836ybi; Tue, 9 Jul 2019 00:06:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqzPx6K9Se8i0Z2bB0H5nWHS7NNnzGIeWF/aipYEOHik0PJJ5qM8SJB3oa2mZKBym6MUmEwW X-Received: by 2002:a63:df46:: with SMTP id h6mr28397245pgj.181.1562656019737; Tue, 09 Jul 2019 00:06:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562656019; cv=none; d=google.com; s=arc-20160816; b=0NO9KwLpNKLm45Ukf9Nas1ASQWB1FIG0ElMKNHu+PxzimeWWL6GIrjA5zouv3xKIld 72PbhB3ta8QNYXwqKlF8GeVY2tklMuvpFnFowJA1pAR4Cw7nFNM92W/ZKXX1bzDbf+YJ tG5zZMB1Qgj6M/+moyyr/oHPw9ssq4+Vyz/ykOviZ/Ml7qFn9mpw/LJCGeTEIoIy+P+S EgesR6j0WzBPoYKNOwmWtfEv39DB0u72f3nG0p3zCE091/wWUrMC2SM4ORt8gFtELlgx /OenWdtTUXQNTdai6MlxURs6xbS72ySqsGZbSjiOikTSGH8N5ZSRNvsFEt/CLt942pC4 v8ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:date:subject:user-agent:message-id :references:cc:in-reply-to:from:to:content-transfer-encoding :mime-version; bh=jYXn7ueu9BLM0y9aLRvrDZ9yqqZB9H/5R2q0K8ZHxbY=; b=l+cHm/HHv7rGAsLkVgk0KCUyjG13ZAyq7UdGCHDoL6fldbKcqtvY13s71DCx4+7736 98EHgnxHmByh2ocK0qe0WYl9f6T7v0sFX8ed8ZnB8pE9LyJExNj47KPyqNV9d3taBTdr nqlov1M4EgUoJgbyfnd3dDSmbpQzZLmTwdCD+2DF/DLfi45gZI8BbAwUVAHF2kaIdjLc NzN0/3Mkzt7nOWH638ViHBgkTPASc9s91G0jNLgh+zr4CJhyKgAvBZnJCXJpPprmgnhZ vQB98l0nr3YY81Uc/IBqkRndGpFkA0CThrAHetrm5kSSsjx32r3HcOqr85fXXXj+StQM lQZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g98si1929942pje.92.2019.07.09.00.06.44; Tue, 09 Jul 2019 00:06:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726375AbfGIHE0 convert rfc822-to-8bit (ORCPT + 99 others); Tue, 9 Jul 2019 03:04:26 -0400 Received: from mail.fireflyinternet.com ([109.228.58.192]:55405 "EHLO fireflyinternet.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725818AbfGIHE0 (ORCPT ); Tue, 9 Jul 2019 03:04:26 -0400 X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=78.156.65.138; Received: from localhost (unverified [78.156.65.138]) by fireflyinternet.com (Firefly Internet (M1)) with ESMTP (TLS) id 17179194-1500050 for multiple; Tue, 09 Jul 2019 08:04:07 +0100 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8BIT To: =?utf-8?q?Micha=C5=82_Winiarski?= , Janusz Krzysztofik From: Chris Wilson In-Reply-To: <20190709065800.2354-1-janusz.krzysztofik@linux.intel.com> Cc: Jani Nikula , Joonas Lahtinen , Rodrigo Vivi , David Airlie , Daniel Vetter , =?utf-8?q?Micha=C5=82_Wajdeczko?= , intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Janusz Krzysztofik References: <20190709065800.2354-1-janusz.krzysztofik@linux.intel.com> Message-ID: <156265584538.9375.16081841013219935184@skylake-alporthouse-com> User-Agent: alot/0.6 Subject: Re: [PATCH] drm/i915: Fix reporting of size of created GEM object Date: Tue, 09 Jul 2019 08:04:05 +0100 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Quoting Janusz Krzysztofik (2019-07-09 07:58:00) > Commit e163484afa8d ("drm/i915: Update size upon return from > GEM_CREATE") (re)introduced reporting of actual size of created GEM > objects, possibly rounded up on object alignment. Unfortunately, its > implementation resulted in a possible use-after-free bug. The bug has > been fixed by commit 929eec99f5fd ("drm/i915: Avoid use-after-free in > reporting create.size") at the cost of possibly incorrect value being > reported as actual object size. > > Safely restore correct reporting by capturing actual size of created > GEM object before a reference to the object is put. > > Fixes: 929eec99f5fd ("drm/i915: Avoid use-after-free in reporting create.size") This doesn't do anything. -Chris