Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp88032pxb; Thu, 30 Sep 2021 01:35:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxlGauj2D4pIsDR7KbWifEDTPd1tmLHDPNnAYKkKdzaG909lvrIiMfB0pc8s6ADMsWnA7a+ X-Received: by 2002:a05:6402:b5a:: with SMTP id bx26mr5390195edb.252.1632990943617; Thu, 30 Sep 2021 01:35:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632990943; cv=none; d=google.com; s=arc-20160816; b=IJUyqF3HXALTqH5REyrOatorzBdoNAx6itsAkr+UmW23SoyDicFD7JwUAkGX3UyTmv ZU+WJRo8UWyjfHy4DZ4BY3AUvLB7OU31iiEhJLAJwMslhrdkcZij56bc2NGayRjR1fF/ pl2ZTKCasTeTx3OnXmvq6/0ZmWIosPpByTymDNiAENFUtsjLu32ZvU9sgPN2EwCy4Ilq 5htNu8E/x8ZcYhq567sx0flXIoddM4ZpCkmTrLFJOWIcOsHVJJPghjwoRTO8W0m++64z F5DK1Q4ltwDKo9Z2/rowN50vnylyfEjDMvzrZL8S/QPlTnVkqtoGCmZQSfIefsemFROI iGBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :dkim-signature:dkim-signature; bh=ohtw71D/SZFC/rCiPJIhBg3kcraaLwFE1Ziv/+j83O0=; b=OMsRKzdgusMYz820AzKYCxggI0g8iDgL47jIrN9DKpXB7xiy54YJz0nCG1rOE3pd1W Qi9H529swLpMSzBjp25//mTd1DBURd7EWkzucR5fBCIqbTW7NlQZzfVIDE4RZLLA3yOU 2tbtmjUHjIQE1XRDo+F1lht03b9edAN9JNJ55yhiIn8IxewW0meuJZo7rvSXXjs0f+7a KE8z0wHJ2aLWtjS3anYu9eQ/HrPYQp97fqUxiXOpW4mdnPWPdhao7a4pU15xAYT0/MZi Su7K6wrYKNV0M+kL7CKyxNH6mh+9vg/PMr+wXh0ecVTxww8XGNmeEYP3ES5gv4RRdECx r4JA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="t/7YpZRK"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s17si2916720ejm.417.2021.09.30.01.35.19; Thu, 30 Sep 2021 01:35:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="t/7YpZRK"; dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1348663AbhI3HWq (ORCPT + 99 others); Thu, 30 Sep 2021 03:22:46 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:59172 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348577AbhI3HWq (ORCPT ); Thu, 30 Sep 2021 03:22:46 -0400 Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 38D042254D; Thu, 30 Sep 2021 07:21:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1632986463; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ohtw71D/SZFC/rCiPJIhBg3kcraaLwFE1Ziv/+j83O0=; b=t/7YpZRKNI4UEF4yalDPK5UC1ijQH9j9U5eZmWO96OIZGhx9TJabmrkyt0psZbTlw3O4rP a7AF9Y1qT6dt14FNf/tFDsh6SliQp9pyKv3BO+wAE1A/Z05XFQg1VE1oIzim78sqide9Xh r3k0f2U697Gsy2/mlRFeYhyd33Iv3Uw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1632986463; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ohtw71D/SZFC/rCiPJIhBg3kcraaLwFE1Ziv/+j83O0=; b=KkhFuzjpX84RHAddboBqYwJOGZ5a+F4HZovh1cWCGKSsMiqf2FC7USvyWnEcu8OrydjBRZ h4nkToBg0PNP94Cg== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0CCB213B05; Thu, 30 Sep 2021 07:21:03 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id fljwAV9lVWFICgAAMHmgww (envelope-from ); Thu, 30 Sep 2021 07:21:03 +0000 Message-ID: <17d63b06-d1bd-85ab-92d3-71fa236b9493@suse.de> Date: Thu, 30 Sep 2021 09:21:02 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0 Subject: Re: [PATCH] drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap Content-Language: en-US To: Anand K Mistry , dri-devel@lists.freedesktop.org Cc: nartemiev@google.com, Daniel Vetter , David Airlie , Maarten Lankhorst , Maxime Ripard , linux-kernel@vger.kernel.org References: <20210930085932.1.I8043d61cc238e0168e2f4ca5f4783223434aa587@changeid> From: Thomas Zimmermann In-Reply-To: <20210930085932.1.I8043d61cc238e0168e2f4ca5f4783223434aa587@changeid> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------0utDXCvW7w9ymaxy0zW0SDtJ" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------0utDXCvW7w9ymaxy0zW0SDtJ Content-Type: multipart/mixed; boundary="------------Krt3fYeAV1ojHjyEd0FV0P3B"; protected-headers="v1" From: Thomas Zimmermann To: Anand K Mistry , dri-devel@lists.freedesktop.org Cc: nartemiev@google.com, Daniel Vetter , David Airlie , Maarten Lankhorst , Maxime Ripard , linux-kernel@vger.kernel.org Message-ID: <17d63b06-d1bd-85ab-92d3-71fa236b9493@suse.de> Subject: Re: [PATCH] drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap References: <20210930085932.1.I8043d61cc238e0168e2f4ca5f4783223434aa587@changeid> In-Reply-To: <20210930085932.1.I8043d61cc238e0168e2f4ca5f4783223434aa587@changeid> --------------Krt3fYeAV1ojHjyEd0FV0P3B Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 SGkNCg0KQW0gMzAuMDkuMjEgdW0gMDE6MDAgc2NocmllYiBBbmFuZCBLIE1pc3RyeToNCj4g ZHJtX2dlbV90dG1fbW1hcCgpIGRyb3BzIGEgcmVmZXJlbmNlIHRvIHRoZSBnZW0gb2JqZWN0 IG9uIHN1Y2Nlc3MuIElmDQo+IHRoZSBnZW0gb2JqZWN0J3MgcmVmY291bnQgPT0gMSBvbiBl bnRyeSB0byBkcm1fZ2VtX3ByaW1lX21tYXAoKSwgdGhhdA0KPiBkcm9wIHdpbGwgZnJlZSB0 aGUgZ2VtIG9iamVjdCwgYW5kIHRoZSBzdWJzZXF1ZW50IGRybV9nZW1fb2JqZWN0X2dldCgp DQo+IHdpbGwgYmUgYSBVQUYuIEZpeCBieSBncmFiYmluZyBhIHJlZmVyZW5jZSBiZWZvcmUg Y2FsbGluZyB0aGUgbW1hcA0KPiBoZWxwZXIuDQo+IA0KPiBUaGlzIGlzc3VlIHdhcyBmb3Jz ZWVuIHdoZW4gdGhlIHJlZmVyZW5jZSBkcm9wcGluZyB3YXMgYWRkaW5nIGluDQo+IGNvbW1p dCA5Nzg2YjY1YmM2MWFjICgiZHJtL3R0bTogZml4IG1tYXAgcmVmY291bnRpbmciKToNCj4g ICAgIkZvciB0aGF0IHRvIHdvcmsgcHJvcGVybHkgdGhlIGRybV9nZW1fb2JqZWN0X2dldCgp IGNhbGwgaW4NCj4gICAgZHJtX2dlbV90dG1fbW1hcCgpIG11c3QgYmUgbW92ZWQgc28gaXQg aGFwcGVucyBiZWZvcmUgY2FsbGluZw0KPiAgICBvYmotPmZ1bmNzLT5tbWFwKCksIG90aGVy d2lzZSB0aGUgZ2VtIHJlZmNvdW50IHdvdWxkIGdvIGRvd24NCj4gICAgdG8gemVyby4iDQo+ IA0KPiBTaWduZWQtb2ZmLWJ5OiBBbmFuZCBLIE1pc3RyeSA8YW1pc3RyeUBnb29nbGUuY29t Pg0KDQpBY2tlZC1ieTogVGhvbWFzIFppbW1lcm1hbm4gPHR6aW1tZXJtYW5uQHN1c2UuZGU+ DQoNClRoaXMgbG9va3MgZmluZSB0byBtZSwgYnV0IGl0IGFmZmVjdHMgbWFueSBkcml2ZXJz LiBMZXQncyBtYXliZSB3YWl0IGEgDQpiaXQgaWYgbW9yZSByZXZpZXdzIGNvbWUgaXQuDQoN CkJlc3QgcmVnYXJkcw0KVGhvbWFzDQoNCj4gLS0tDQo+IA0KPiAgIGRyaXZlcnMvZ3B1L2Ry bS9kcm1fcHJpbWUuYyB8IDYgKysrKy0tDQo+ICAgMSBmaWxlIGNoYW5nZWQsIDQgaW5zZXJ0 aW9ucygrKSwgMiBkZWxldGlvbnMoLSkNCj4gDQo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dw dS9kcm0vZHJtX3ByaW1lLmMgYi9kcml2ZXJzL2dwdS9kcm0vZHJtX3ByaW1lLmMNCj4gaW5k ZXggMmE1NGY4Njg1NmFmLi5lMTg1NGZkMjRiYjAgMTAwNjQ0DQo+IC0tLSBhL2RyaXZlcnMv Z3B1L2RybS9kcm1fcHJpbWUuYw0KPiArKysgYi9kcml2ZXJzL2dwdS9kcm0vZHJtX3ByaW1l LmMNCj4gQEAgLTcxOSwxMSArNzE5LDEzIEBAIGludCBkcm1fZ2VtX3ByaW1lX21tYXAoc3Ry dWN0IGRybV9nZW1fb2JqZWN0ICpvYmosIHN0cnVjdCB2bV9hcmVhX3N0cnVjdCAqdm1hKQ0K PiAgIAlpZiAob2JqLT5mdW5jcyAmJiBvYmotPmZ1bmNzLT5tbWFwKSB7DQo+ICAgCQl2bWEt PnZtX29wcyA9IG9iai0+ZnVuY3MtPnZtX29wczsNCj4gICANCj4gKwkJZHJtX2dlbV9vYmpl Y3RfZ2V0KG9iaik7DQo+ICAgCQlyZXQgPSBvYmotPmZ1bmNzLT5tbWFwKG9iaiwgdm1hKTsN Cj4gLQkJaWYgKHJldCkNCj4gKwkJaWYgKHJldCkgew0KPiArCQkJZHJtX2dlbV9vYmplY3Rf cHV0KG9iaik7DQo+ICAgCQkJcmV0dXJuIHJldDsNCj4gKwkJfQ0KPiAgIAkJdm1hLT52bV9w cml2YXRlX2RhdGEgPSBvYmo7DQo+IC0JCWRybV9nZW1fb2JqZWN0X2dldChvYmopOw0KPiAg IAkJcmV0dXJuIDA7DQo+ICAgCX0NCj4gICANCj4gDQoNCi0tIA0KVGhvbWFzIFppbW1lcm1h bm4NCkdyYXBoaWNzIERyaXZlciBEZXZlbG9wZXINClNVU0UgU29mdHdhcmUgU29sdXRpb25z IEdlcm1hbnkgR21iSA0KTWF4ZmVsZHN0ci4gNSwgOTA0MDkgTsO8cm5iZXJnLCBHZXJtYW55 DQooSFJCIDM2ODA5LCBBRyBOw7xybmJlcmcpDQpHZXNjaMOkZnRzZsO8aHJlcjogRmVsaXgg SW1lbmTDtnJmZmVyDQo= --------------Krt3fYeAV1ojHjyEd0FV0P3B-- --------------0utDXCvW7w9ymaxy0zW0SDtJ Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEExndm/fpuMUdwYFFolh/E3EQov+AFAmFVZV4FAwAAAAAACgkQlh/E3EQov+B5 sA/9EcKCov8QvBVWpbDdG9FI2VbIBTcj8UGmHJB73mJ/uJqHdZ4QsXuMDdXleGNS0oiP+vfjUHuX oVNQBy4h4mYRjc0bmmVVg7Yo6OnzNOZhdb8ep3gUa6SvAncNB/WSnW0wO35VGEtGBop56X/M+4ba VE0nMSoAukqdAVA2KNrNNny5QNYmsaDMMYCVUju6i+OgPxvUUQoiPx5hH92v+exsqzzOmLioQFRY LKQLB4qAnw6NWAcg2DHYqFZOvNdOvfWrkUUH1FrbBXdzZMPA147j/lGaQ7A0ShMN4l7AI4RrMseQ 3YTnoeJF2bGbEhahMwTFFhxkty8CnreEqbGY77Hx1Z8RYmXi0QWzzRdb8YD4H36yusT7Yz8mo11J ERpXktFIM8YBcbJyOBm/eo5KSsuXG5x+XqKqLUKjWnSNNjUCnZhcM3m6jU/6xsfpFMpR08FjDknT 6oCF3ys9gPF6OTr7/BwcY1+oABqXxU2+OBTysd6VPfACMN6rDTWEY2NFNtt+2l4e0MNenzwJOG/2 k6OK3Ttj0yRKA/ZcsMz68RWFi12iOj7Nz/rVRNrRJuQguPfB6ZY/87A0qHiRVk82hvGWQSSs0V07 9GDdU8tG7WjM+tbYAgRwz9SFNaA8kNEhmiW1lA2nSx/JbXW1BUF2XpeNTikPgzhEzd3kdviDFinx M9E= =bCeJ -----END PGP SIGNATURE----- --------------0utDXCvW7w9ymaxy0zW0SDtJ--