Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7547836ybi;
        Tue, 9 Jul 2019 00:06:59 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzPx6K9Se8i0Z2bB0H5nWHS7NNnzGIeWF/aipYEOHik0PJJ5qM8SJB3oa2mZKBym6MUmEwW
X-Received: by 2002:a63:df46:: with SMTP id h6mr28397245pgj.181.1562656019737;
        Tue, 09 Jul 2019 00:06:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1562656019; cv=none;
        d=google.com; s=arc-20160816;
        b=0NO9KwLpNKLm45Ukf9Nas1ASQWB1FIG0ElMKNHu+PxzimeWWL6GIrjA5zouv3xKIld
         72PbhB3ta8QNYXwqKlF8GeVY2tklMuvpFnFowJA1pAR4Cw7nFNM92W/ZKXX1bzDbf+YJ
         tG5zZMB1Qgj6M/+moyyr/oHPw9ssq4+Vyz/ykOviZ/Ml7qFn9mpw/LJCGeTEIoIy+P+S
         EgesR6j0WzBPoYKNOwmWtfEv39DB0u72f3nG0p3zCE091/wWUrMC2SM4ORt8gFtELlgx
         /OenWdtTUXQNTdai6MlxURs6xbS72ySqsGZbSjiOikTSGH8N5ZSRNvsFEt/CLt942pC4
         v8ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:subject:user-agent:message-id
         :references:cc:in-reply-to:from:to:content-transfer-encoding
         :mime-version;
        bh=jYXn7ueu9BLM0y9aLRvrDZ9yqqZB9H/5R2q0K8ZHxbY=;
        b=l+cHm/HHv7rGAsLkVgk0KCUyjG13ZAyq7UdGCHDoL6fldbKcqtvY13s71DCx4+7736
         98EHgnxHmByh2ocK0qe0WYl9f6T7v0sFX8ed8ZnB8pE9LyJExNj47KPyqNV9d3taBTdr
         nqlov1M4EgUoJgbyfnd3dDSmbpQzZLmTwdCD+2DF/DLfi45gZI8BbAwUVAHF2kaIdjLc
         NzN0/3Mkzt7nOWH638ViHBgkTPASc9s91G0jNLgh+zr4CJhyKgAvBZnJCXJpPprmgnhZ
         vQB98l0nr3YY81Uc/IBqkRndGpFkA0CThrAHetrm5kSSsjx32r3HcOqr85fXXXj+StQM
         lQZg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g98si1929942pje.92.2019.07.09.00.06.44;
        Tue, 09 Jul 2019 00:06:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726375AbfGIHE0 convert rfc822-to-8bit (ORCPT
        <rfc822;patchstalker@gmail.com> + 99 others);
        Tue, 9 Jul 2019 03:04:26 -0400
Received: from mail.fireflyinternet.com ([109.228.58.192]:55405 "EHLO
        fireflyinternet.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1725818AbfGIHE0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 9 Jul 2019 03:04:26 -0400
X-Default-Received-SPF: pass (skip=forwardok (res=PASS)) x-ip-name=78.156.65.138;
Received: from localhost (unverified [78.156.65.138]) 
        by fireflyinternet.com (Firefly Internet (M1)) with ESMTP (TLS) id 17179194-1500050 
        for multiple; Tue, 09 Jul 2019 08:04:07 +0100
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8BIT
To:     =?utf-8?q?Micha=C5=82_Winiarski?= <michal.winiarski@intel.com>,
        Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
From:   Chris Wilson <chris@chris-wilson.co.uk>
In-Reply-To: <20190709065800.2354-1-janusz.krzysztofik@linux.intel.com>
Cc:     Jani Nikula <jani.nikula@linux.intel.com>,
        Joonas Lahtinen <joonas.lahtinen@linux.intel.com>,
        Rodrigo Vivi <rodrigo.vivi@intel.com>,
        David Airlie <airlied@linux.ie>,
        Daniel Vetter <daniel@ffwll.ch>,
        =?utf-8?q?Micha=C5=82_Wajdeczko?= <michal.wajdeczko@intel.com>,
        intel-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org,
        linux-kernel@vger.kernel.org,
        Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
References: <20190709065800.2354-1-janusz.krzysztofik@linux.intel.com>
Message-ID: <156265584538.9375.16081841013219935184@skylake-alporthouse-com>
User-Agent: alot/0.6
Subject: Re: [PATCH] drm/i915: Fix reporting of size of created GEM object
Date:   Tue, 09 Jul 2019 08:04:05 +0100
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting Janusz Krzysztofik (2019-07-09 07:58:00)
> Commit e163484afa8d ("drm/i915: Update size upon return from
> GEM_CREATE") (re)introduced reporting of actual size of created GEM
> objects, possibly rounded up on object alignment.  Unfortunately, its
> implementation resulted in a possible use-after-free bug.  The bug has
> been fixed by commit 929eec99f5fd ("drm/i915: Avoid use-after-free in
> reporting create.size") at the cost of possibly incorrect value being
> reported as actual object size.
> 
> Safely restore correct reporting by capturing actual size of created
> GEM object before a reference to the object is put.
> 
> Fixes: 929eec99f5fd ("drm/i915: Avoid use-after-free in reporting create.size")

This doesn't do anything.
-Chris