Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp2352183ybh; Fri, 24 Jul 2020 10:35:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwIsjz4GM2EQnEIvkR4RetTzETkGwt4H0SUNDOOiJtiu9tbiHeF8aiD/KlMhOYjYU7a9Imm X-Received: by 2002:a17:906:7155:: with SMTP id z21mr4699534ejj.282.1595612144049; Fri, 24 Jul 2020 10:35:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595612144; cv=none; d=google.com; s=arc-20160816; b=FwHpuVW50isPtdZgm/Di+pIUKZzUcyr8Ud3u259eQzUtktuD+XBbV27nx4Uxmwn0QU MN6y9qiWKRuWKla8UORCi01ll/RS2dRi9Qp2F48PM4SdwvYJuuTu6QQbe8C20riF0+F5 Z04HH5g/yGg8MGDL0Idx7h+izGX8NADjIMkMQtDW7S+6l5WfF39la6ehaIsTf95n45sB kivnBF/gQxeRqqQ6RiYeP1WqyCFiK6C20XHPjm0SuC9sV1ede6TZmP1emjDvBmCN0izw 8pIl9c4wfAr+VJLDSEm7Fw+FY2Gd0TmLorWuVczGxirO9WdoJgmataYQQ9Pmi8+uJySp olRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=arJ2o2Hw3pn/LLaZtJlhYqd+Z7AGUw54tXPrMZw6mkpyoL9RaNn3SLBh7QLVmUA0hG HBCQreTf5EELKHwGi2GIfDNRYk9W4RWlEJ+9N0mbJzqZWZmeQtcI3E4ztzw39w9xZ5Jr WKNvgT/QIT5Rn8IpU3YWgcrNaJ3TgLyPbkfo78ychDvbngIZxgMdL28v2ZzFqIVqByPy 6Cr8wYthLQyGW2v9i7/gMN83TAN/5E36et8ZPNu6raQGk1vD+V0dzFidj3dfYdG/N5u0 NsTAnO2X87LsKEMpP7zgRqvk2nSMzDOQckym7zviGoVH//2c7DTF0cZ4sUoWFf4+nu8Y moUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Q1QRkHyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p8si952686ejf.352.2020.07.24.10.35.21; Fri, 24 Jul 2020 10:35:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Q1QRkHyc; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726841AbgGXRdw (ORCPT + 99 others); Fri, 24 Jul 2020 13:33:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726366AbgGXRdw (ORCPT ); Fri, 24 Jul 2020 13:33:52 -0400 Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FBF2C0619D3 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) Received: by mail-pj1-x1042.google.com with SMTP id a9so5665005pjd.3 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=Q1QRkHycMk52/bKVqxlla4kawMVY7rJ9Glz8gLDV/8MbzJ1hbsWxA2Nvw14uWnHUyR 7i0ZEaE+GxwOv5WddwQKgaFbyK/Zqqm89mDtGLrSm4Eo9MCONhkoAcHQdJYOautUQtIl BrY8mEeiP/cjryNq+KgqmCIVo1Ikw2cnJeoJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=oR33XYgOAaSrqnvOoyYzWpYs+zVfFpbDZNWNv4oB3/PDUb2lJFPmiEpIzTvL/ZzgOs wPhxAHNBc2Dh0FRd2AlezUlys0IBOIdNubflRm2zvqBFTXjTmhBIpX8GZagktcLcke65 Pmvg27YmOEv7LNJKVK1gdlEhqAS6iVbxinb0g0pU0+G06/gfvi3BIokZOgmMIvL/JaDu DNl3IbBOaY8l1OYEfcE3nxIzHY0gYxPf52lgnpd3lvmiQGurpVZz4w34y7fly+qlLIaL XyfmZudnNg5hImXMKcg70YFCCIZITeQi18JeQ0+xuTCZiE6eXYRa4iKYIlPovymRo278 EHQA== X-Gm-Message-State: AOAM5315DJ47e6ZXPJI+CsOLCIG8TR5CEEIWmwt5nIh5dcR57roP24fT xcITPzTKoqDOPL3uLYk5Qvh+4Q== X-Received: by 2002:a17:90b:238a:: with SMTP id mr10mr6130742pjb.187.1595612031653; Fri, 24 Jul 2020 10:33:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a9sm6938080pfr.103.2020.07.24.10.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 10:33:50 -0700 (PDT) Date: Fri, 24 Jul 2020 10:33:49 -0700 From: Kees Cook To: Paul Menzel Cc: Mazin Rezk , linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Andrew Morton , Christian =?iso-8859-1?Q?K=F6nig?= , Harry Wentland , Nicholas Kazlauskas , sunpeng.li@amd.com, Alexander Deucher , 1i5t5.duncan@cox.net, mphantomx@yahoo.com.br, regressions@leemhuis.info, anthony.ruhier@gmail.com Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free Message-ID: <202007241016.922B094AAA@keescook> References: <202007231524.A24720C@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote: > Am 24.07.20 um 00:32 schrieb Kees Cook: > > On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote: > As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit > 3202fa62f ("slub: relocate freelist pointer to middle of object") should be > reverted for now to fix the regression for the users according to Linux’ no > regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be > reapplied. I know it’s not optimal, but as some testing is going to be > involved for the fix, I’d argue it’s the best option for the users. Well, the SLUB defense was already released in v5.7, so I'm not sure it really helps for amdgpu_dm users seeing it there too. There was a fix to disable the async path for this driver that worked around the bug too, yes? That seems like a safer and more focused change that doesn't revert the SLUB defense for all users, and would actually provide a complete, I think, workaround whereas reverting the SLUB change means the race still exists. For example, it would be hit with slab poisoning, etc. -- Kees Cook