Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp2490136ybh; Fri, 24 Jul 2020 14:21:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxa2zbgvIsykLiiTOIGjBQT9lhSVZGFsYYLq44AfWIqcZ3C90oXA2R4NtqGeMhqVHYmVsYB X-Received: by 2002:a17:906:578c:: with SMTP id k12mr10611008ejq.339.1595625685082; Fri, 24 Jul 2020 14:21:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595625685; cv=none; d=google.com; s=arc-20160816; b=O5a4o+DjPX1Efe5CZ1pZOy2B+FpWRm55I11yYr/aal/i1cQCSC0X9s9JbMTpiB9ny8 0rQ2r49lD6L4PW88NnsnG8Rl/2Tt5Iui4b21PGdyiQv3Wrm1ETjfFOLAXp3HrC6JUs5+ MH8HOEHPPa4gCSHvAEhXsjE9PpLFcIToankmjFUs2a0cQ5KX5wxtNi65Skt5+Kj9/OVR Eyt7eKZh2zVl7as70VUtjHXuWnmM4Lq+jeIriY7xiLu0pxeE5GJsIy+P8CGaSYz1TXO1 lJuSEbE62Ef9PC3F8kHoMMVnRKo9dRz7jLVCyIH/JLro3gMyJJHsDHl2D308ojYjSzYp xoaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=ST06n14RGFd2M/pmIr69NB0pTzYOer4ZDXocxTqXMGA=; b=ggTMUZ6OAqvbBnziGNTfBprkc1qKpO2pWCTmq3yjCHhvdaW+G4hmANngpuix2wXuHr k+XgbWkWhC/kJU6yGusoY3jzuEOMIT6cK3levw0ZYHC8S93IgU60FAjqCWGRsMwj5wLp 127j4+X3bAhV4jxba3G8orGFUrPRjhjV/cYzM/qO9NdBZdsJdw7P3pk7VhBpxfHcbGwB IqyP1g+1pQ5zzIDfk3m5Okj8kIDEi2Bc2mYrNqsCvh3lVuNbTL568aeZJ03gSdlXvCts i49raLxeemdB1IBYwsxbUDVSx2icGNix3n71WT2Y4rK+5aagutZWCj3ec+sekChzGfG7 oADw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bd18si1140957edb.31.2020.07.24.14.21.00; Fri, 24 Jul 2020 14:21:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726658AbgGXVUE (ORCPT + 99 others); Fri, 24 Jul 2020 17:20:04 -0400 Received: from mx3.molgen.mpg.de ([141.14.17.11]:52807 "EHLO mx1.molgen.mpg.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726573AbgGXVUD (ORCPT ); Fri, 24 Jul 2020 17:20:03 -0400 Received: from [192.168.0.7] (ip5f5af26d.dynamic.kabel-deutschland.de [95.90.242.109]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: pmenzel) by mx.molgen.mpg.de (Postfix) with ESMTPSA id 4C4162002EE2A; Fri, 24 Jul 2020 23:20:00 +0200 (CEST) Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free To: Kees Cook Cc: Mazin Rezk , linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Andrew Morton , =?UTF-8?Q?Christian_K=c3=b6nig?= , Harry Wentland , Nicholas Kazlauskas , sunpeng.li@amd.com, Alexander Deucher , 1i5t5.duncan@cox.net, mphantomx@yahoo.com.br, regressions@leemhuis.info, anthony.ruhier@gmail.com References: <202007231524.A24720C@keescook> <202007241016.922B094AAA@keescook> From: Paul Menzel Message-ID: <3c92db94-3b62-a70b-8ace-f5e34e8f268f@molgen.mpg.de> Date: Fri, 24 Jul 2020 23:19:59 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <202007241016.922B094AAA@keescook> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Dear Kees, Am 24.07.20 um 19:33 schrieb Kees Cook: > On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote: >> Am 24.07.20 um 00:32 schrieb Kees Cook: >>> On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote: >> As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit >> 3202fa62f ("slub: relocate freelist pointer to middle of object") should be >> reverted for now to fix the regression for the users according to Linux’ no >> regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be >> reapplied. I know it’s not optimal, but as some testing is going to be >> involved for the fix, I’d argue it’s the best option for the users. > > Well, the SLUB defense was already released in v5.7, so I'm not sure it > really helps for amdgpu_dm users seeing it there too. In my opinion, it would help, as the stable release could pick up the revert, ones it’s in Linus’ master branch. > There was a fix to disable the async path for this driver that worked > around the bug too, yes? That seems like a safer and more focused > change that doesn't revert the SLUB defense for all users, and would > actually provide a complete, I think, workaround whereas reverting > the SLUB change means the race still exists. For example, it would be > hit with slab poisoning, etc. I do not know. If there is such a fix, that would be great. But if you do not know, how should a normal user? ;-) Kind regards, Paul Kind regards, Paul