Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3009613pxj; Mon, 14 Jun 2021 12:11:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxq8A+GknTcLpwJ7RenXHuv7flCBg2uVVOsRm/spLNl8pAF7Va+mBpVHAuHsEtXfVp5RoRb X-Received: by 2002:a17:906:16cb:: with SMTP id t11mr16397698ejd.112.1623697904942; Mon, 14 Jun 2021 12:11:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623697904; cv=none; d=google.com; s=arc-20160816; b=kcKqiUtMY306++nEpIztANj+kMYVrV/Wlr5wq31Peno1JuvIHTMRKiTLXJMrHd/9++ /ZOUwZ85ikVItrRvOtir1/fN9JmqmZpRMcZlS1Z9aSKkXFqtd1RZaBfKxZ0VGqhp7vaK Qmz5KKXBskf9JBjkwdNs0vqems/cXi0qmzepXSgudyiAeKBQWbC4izilloJD3r9PhcdQ WIsxCd3UC6h7syK8t6PPshAUYouPtXPzLrDLNvs4AZ50PDVZXlnqZ8JClq/2PvBGDEnC dsQlmS/T7ns1Biga77XwrZwZAKWInZGfJtDFGKeYO4DELeJE3Tyb4O6B6fIe6mGy3WbV du9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=uMc4URnnV+tfXvNhamKWfB2liJJVFr5aYUr1EsM52gA=; b=sVjW4YgunAWF6NzsF08xug3rF/tKv2gn1MAvSWxnnWH4HifslcSLn/xDFIRqAA+5Oe hsQxVa7PneU0F27rRRcKmkwaASWjV1k1TCRaZw7yMUb0TgIHHlDy5omU5siQEKow/BLY DnsoDxxMlh3BVeF/ja9OGLlzrR6z8cOelVIEdMgKAQHlAm9Cilk2oqC+btopb3pzrE0I wLNsuD2MoyINfb6r2ExKlBXXSNCLEiRUucv0jEDSLE0okmUw8RL1k/uiVRSA9TO2H2Lq cLJfVrTRi21gGb8fug5CtkZWvuX1J8oihPuVJI7/B1F5/Zz3J9FsmRi2q+zKljNFO4AT RlAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tiKwMdAa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 29si5732639ejf.125.2021.06.14.12.11.20; Mon, 14 Jun 2021 12:11:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=tiKwMdAa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233312AbhFNTLl (ORCPT + 99 others); Mon, 14 Jun 2021 15:11:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233201AbhFNTLk (ORCPT ); Mon, 14 Jun 2021 15:11:40 -0400 Received: from mail-vk1-xa36.google.com (mail-vk1-xa36.google.com [IPv6:2607:f8b0:4864:20::a36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 96410C061574 for ; Mon, 14 Jun 2021 12:09:34 -0700 (PDT) Received: by mail-vk1-xa36.google.com with SMTP id az3so4396679vkb.12 for ; Mon, 14 Jun 2021 12:09:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uMc4URnnV+tfXvNhamKWfB2liJJVFr5aYUr1EsM52gA=; b=tiKwMdAaMX3CQD5jTxTChA0MD3dY/jEv8DUJFllkv59ExYYvlbiw3kXxGb7/PN0gkH kt0rlzo0k+xB/ol8V+Gwx/CIW1KIEr40B5NxaGGDPQh4QmB8O2zvUCs9sMAOervWV5QU jmXeCa7C8zFqEzkESA32yxjXRePmNFbStsAe7yulacEN85HJWKd5/GGfgtdejSHiWgXN 5Ji4Ia+M2zaVyvO3w7WP9ofssgfOfQ9rDTg+fWZO1BrOLdWwZ1XCScm5dpjTyEIZseI5 b9yoiIoo7P93rKELTQPxXqQOdeFyVFuCuObfAhnpWHer2MKf5+/gTpJY33q+gpgkkusw 3nxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uMc4URnnV+tfXvNhamKWfB2liJJVFr5aYUr1EsM52gA=; b=sJQ/VfQFYrQ8327Vpfg2dT8PsBeGVnKZPdwUFb11oHkI2HSNI4Iw+Uqn6FjB3+6kG1 T1IQ9kT0eVhOpBfaiOyPU9eMidTuJtBVNbrnlZwMWfuL8PWa7G24BJEz7gbGiSMSUCkC 3jR+i/8LRZNPlTu1hG6p+XEvyN4jCRupmoFFsfmUK6/2rzu1k2QM0thd6txPpyx2nHdc 3XQpRfl7Ipk/BsP+PWjD4qHvzzsZZn0eMCH6H3m1R73BqqqDxkwefbg8oMyZaBCLSeX7 qVRpVBUUSLbRj2Uz2uPqBduXA45IEZFwjoC1awlr0NjQBxpgzCi5EMgJ0sigX9KAZSVK zsIQ== X-Gm-Message-State: AOAM531E2SCaD2hFk1TWbGu+TFC4kvQU9puzxVumVwislkeJ2s0GSoc1 yqQAk6/BmyARJzHyPe0l8WcF1jF7mwIT5RRTONY= X-Received: by 2002:a1f:4594:: with SMTP id s142mr542586vka.16.1623697773669; Mon, 14 Jun 2021 12:09:33 -0700 (PDT) MIME-Version: 1.0 References: <20210612125426.6451-1-desmondcheongzx@gmail.com> <20210612125426.6451-2-desmondcheongzx@gmail.com> In-Reply-To: <20210612125426.6451-2-desmondcheongzx@gmail.com> From: Emil Velikov Date: Mon, 14 Jun 2021 20:09:22 +0100 Message-ID: Subject: Re: [PATCH 1/2] drm: Add a locked version of drm_is_current_master To: Desmond Cheong Zhi Xi Cc: Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , Dave Airlie , Daniel Vetter , Greg Kroah-Hartman , "Linux-Kernel@Vger. Kernel. Org" , ML dri-devel , Daniel Vetter , skhan@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 12 Jun 2021 at 13:55, Desmond Cheong Zhi Xi wrote: > > While checking the master status of the DRM file in > drm_is_current_master(), the device's master mutex should be > held. Without the mutex, the pointer fpriv->master may be freed > concurrently by another process calling drm_setmaster_ioctl(). This > could lead to use-after-free errors when the pointer is subsequently > dereferenced in drm_lease_owner(). > > The callers of drm_is_current_master() from drm_auth.c hold the > device's master mutex, but external callers do not. Hence, we implement > drm_is_current_master_locked() to be used within drm_auth.c, and > modify drm_is_current_master() to grab the device's master mutex > before checking the master status. > > Reported-by: Daniel Vetter > Signed-off-by: Desmond Cheong Zhi Xi Reviewed-by: Emil Velikov -Emil