Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5901961pxv; Thu, 29 Jul 2021 01:01:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJywBeMDV0TpmsqAeUMZnXJy/65bJ7HOpjgSvp6Ts1SkZZYCv8qzBy4r/+OxlPrNfRu2zDzB X-Received: by 2002:a17:906:a24c:: with SMTP id bi12mr3456002ejb.530.1627545662610; Thu, 29 Jul 2021 01:01:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627545662; cv=none; d=google.com; s=arc-20160816; b=zhyqpUIXhNZwYDKPzcyAEb569ipuwOxsvLUAsssH7W+S8Scf0eCz8zfDqa0YRC2yS5 BfQ/ZPP6yMYyT/d4jww09jFCTRgUUW+nqKM89RdbrDnIK99pFYmqteQaBvnr7ZcPJQgs UePbKEs5R03/1Krm/oZfA/NcX62dini/eJZYDs/BCRMoPrenU2ikvk+TVShqSPO/WXCa 2ANVOQiUiyKaA+tRaetQRceJt0h0IoCdDqiP7TRX1KTqsU7Nr/TfTSCrjIuXXvgKJgl0 wLHXPmlA2pfmihdWrN9tXEJX8yrLrSCiMbm4HUmJFyd7kuLWwzhUu9qZzmJZPtJXB/Vp 0twQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=naWvlAA1W0O9G6Wgaoh3aYhfBWkizo8+sgrhMTrDt0Q=; b=pb+cyjUWrd9ujYdBt2jFktnfBu4/0PNVlgTkYYsWsgmOQrw0tpc2XFMl/nm7KxWKcz Q8E/b22KTsjvtvmWtjTeNtqiPhiC7OgHVKVcNFUEyE8mR0GZavz8kZwOd9y2GxCwnpS7 3BJqgGp/qST12ZWN4yDTsBvTj3qEHfncdTmiGJkS993r+HReAgL1pl9S2OJWa76/RrFl f4PljuplNfUAXTgNlHdIkcq83tlksI6XZc8h3WlBNjil6GTGZ2q4YHv4L681yj1aYr3V vbkoA8Fxn4Q/D2ypjAEAUm0yM3AzpR5MDdRi29c1jlTM1/e606dKFwIacaibWCpKUDLf fB9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h44270+m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b22si2261094ejc.675.2021.07.29.01.00.39; Thu, 29 Jul 2021 01:01:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=h44270+m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234769AbhG2H6y (ORCPT + 99 others); Thu, 29 Jul 2021 03:58:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:53866 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234564AbhG2H6x (ORCPT ); Thu, 29 Jul 2021 03:58:53 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id BF1D361076; Thu, 29 Jul 2021 07:58:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1627545530; bh=16w8tjNGUuA8ZhSM8S/EHlfbPlfcx70VQXMUVV2Qy44=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=h44270+mej1tnOX3bTJAWKajY9Eg2bFZD9vqpvAZH9O00H6USFEQi2ZFUgDO5E31d FgvZTsGyJnZ/fQ5TABjE6cfvncsfRFcXq49YrYi2mariEmXV4lI5kRYQYqpgYj7kL4 Gw6L9EruUBTlZrC5C6Yr6/VOflLd8O/5gtQGi3HRGrJmzu9104FeF217JheV3Sk+G5 SRFecnsrn+FG07oEdN7sIrYWqBQ8/sPv7IqQut60YL6YL6cVjHsFK+RDVyQNFcmQmV 57fNyAz4euOwJ4AZiYFtDgsMnnsFb7Flx6G9Udc1MckuFEz+ReLHebbhtYa5mL4S6m 1HIQVFyJRP+ZA== Received: by mail-pj1-f46.google.com with SMTP id m2-20020a17090a71c2b0290175cf22899cso8130586pjs.2; Thu, 29 Jul 2021 00:58:50 -0700 (PDT) X-Gm-Message-State: AOAM531DcOrF4G2UbmVeerSgNnlvrd6mGBe1/qlJTBCUADUbE+Z/uVzE eQovmoA4d4WIewKB8NLLhAKDkhiBu3A6S4CEKYM= X-Received: by 2002:a17:902:8ec9:b029:12b:a69d:4146 with SMTP id x9-20020a1709028ec9b029012ba69d4146mr3626136plo.32.1627545530457; Thu, 29 Jul 2021 00:58:50 -0700 (PDT) MIME-Version: 1.0 References: <20210531130657.971257589@linuxfoundation.org> <20210531130704.193621612@linuxfoundation.org> In-Reply-To: <20210531130704.193621612@linuxfoundation.org> From: Krzysztof Kozlowski Date: Thu, 29 Jul 2021 09:58:38 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 5.10 182/252] drm/amd/amdgpu: fix refcount leak To: Greg Kroah-Hartman , Jingwen Chen , Alex Deucher Cc: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" , =?UTF-8?Q?Christian_K=C3=B6nig?= , Sasha Levin Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 31 May 2021 at 16:06, Greg Kroah-Hartman wrote: > > From: Jingwen Chen > > [ Upstream commit fa7e6abc75f3d491bc561734312d065dc9dc2a77 ] > > [Why] > the gem object rfb->base.obj[0] is get according to num_planes > in amdgpufb_create, but is not put according to num_planes > > [How] > put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes > > Signed-off-by: Jingwen Chen > Acked-by: Christian K=C3=B6nig > Reviewed-by: Alex Deucher > Signed-off-by: Alex Deucher > Signed-off-by: Sasha Levin > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c | 3 +++ > 1 file changed, 3 insertions(+) The original commit looks like a partial fix for 37ac3dc00da0 ("drm/amdgpu: Use device specific BO size & stride check.") which came in v5.14. Or putting it differently: this does not look entirely good without 37ac3dc00da0 which is a fix for f258907fdd83 ("drm/amdgpu: Verify bo size can fit framebuffer size on init.") merged in v5.13. Backporting it earlier might cause use-after-free errors (due to GEM refcnt dropping too early). Can the AMD guys: 1. Confirm where this should be backported (for example not for v4.19, v5.4, v5.10, v5.12)? 2. Mark fixes with the "Fixes" tag so we know where the fix should go? Please include such checks in your Acking and Reviewing (unless Acks and Reviews are just formality, not a check). Best regards, Krzysztof