Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4693046iob; Sun, 8 May 2022 22:13:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyFRDOkx8FpynwM7i3OMKlZkG4W9OEe0vhrerUkyhH+MO6rsAWKQ4tY16SlC2W8NYTc7KCv X-Received: by 2002:a17:903:41c9:b0:15e:ae15:294f with SMTP id u9-20020a17090341c900b0015eae15294fmr14550755ple.44.1652073221825; Sun, 08 May 2022 22:13:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652073221; cv=none; d=google.com; s=arc-20160816; b=cCT963IgCUdTSmfIjBhmzVzEH9gUGtkRs0O9pEOYpOd8Ztb4pgxfwha6+ZZLp14fmV FDCqSKVaXDqnc5nVLWkcpQJAp4RsX3SWK2okAgy41jBp4TrMQI9jMlPPzJCUk31tJ+Lc WOg44CBc93FHl6kfh8Lc4TZFQDOCkZtmKxAtssXKiVS2g23fpiG2nwXuoAxy2q6Uwi8g dOSo9yq+dfDlle8rR5hUSTSjO7gsKMkCFhI8LtuzVC4FfVQq5Y1ikv1PxMfEtGs+kHwz IY3N+WEaOCl07ftx/WsU+zbrSUcKlLfh4nLmnxtMIbfV2YkekhfNrTKfhnhHxj3OKQpb phAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=inhGipBUDTXnB2qKEYfxvYqIWIZ4u692zATmOyojLEY=; b=qgUHNufsFaW85HnBGFRt2NaqKtMLsD62TkRWZueYp9+A+6KCIYpLaU6toR5HI3thve /ATqr2mOJ5Ea8tk7WL3hvrXEv+I60Ck3dHh2F/xchTeWiN4xStqeeps7HLCdRvUuF17P mccB+V3iTFE+Qu2nM4DHaHlBpiQsqxGVcWRipSwMPwE5qA7nCLFrqiHoBNav4h7lVCs+ bpUfZxOGUksp70IHzknPgSnv0lb7dXOPnaldV6ddxWYxadFQX/GGXq1GmGtLSrPoAl3R 6cwhKnLmS2e/jHfHT7uECbhS9ZhPsZ2IYk3AZ/+RssqqNqrcWpwnY0AMzxD+D9rNQqRH 3T4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DGn71tS+; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id f14-20020a170902ce8e00b00153b2d164cdsi12167670plg.213.2022.05.08.22.13.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 May 2022 22:13:41 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=DGn71tS+; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9AA0F13D17A; Sun, 8 May 2022 22:10:12 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1443379AbiEGQoM (ORCPT + 99 others); Sat, 7 May 2022 12:44:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45514 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1446654AbiEGQoJ (ORCPT ); Sat, 7 May 2022 12:44:09 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 07E6C2650 for ; Sat, 7 May 2022 09:40:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651941620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=inhGipBUDTXnB2qKEYfxvYqIWIZ4u692zATmOyojLEY=; b=DGn71tS+FTNn/jiB0hJwTlqvs9YOZI8QMMY1QOVJNj4fotIs7SLOf5GdbYTrb3dW5eGedF BSojKAUMzEQBoplguA7fb1XOvrU2U+xqAdWYTkCPufXJV2VbzR1Gs89K6IKq5MnLANV5tV Dz1WyURenHTzXLFWgoybeG1ehnq4P8o= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-319-dA8vIxHVMaGFce8Rzal_1A-1; Sat, 07 May 2022 12:40:19 -0400 X-MC-Unique: dA8vIxHVMaGFce8Rzal_1A-1 Received: by mail-wm1-f71.google.com with SMTP id n26-20020a1c721a000000b003941ea1ced7so2978205wmc.7 for ; Sat, 07 May 2022 09:40:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=inhGipBUDTXnB2qKEYfxvYqIWIZ4u692zATmOyojLEY=; b=gkjDi1FXtCEr66SHlpBuvEHLfNTbrG66AQ0K/Ejc6WQnd7B+c93S117dypPbpGzjG+ xTyq5BzFsKku7+FhrQAxP1300/VyH3eHcKhYbp4xDBGjR8w5k4UBnyGX31SPTvXsU2fZ 6n81NEyUVO9kk7EgYs0GAO0QvcvcYY3LK2RconZGWUDcld0zbeI76DZKKpol//R/FBmo Hsexz7rM5YsD6tJHBLjRJtw5xxeL9REJFpVilNCP8C3ya7ENsPvPh9sjnfWEcpDsQzNV u7tPXU2IRsSR/+2Qm8XaSL/eLjPTp5ShZ/d/niO9Ne6h4dReOhofUPI2E4DMyJuWeI+v ouaA== X-Gm-Message-State: AOAM533yKwz/bQS5QciuCzo+DMRJqOsWSfkyMZMnS9aXkTpUmDFdB+70 r74pDkH4QNT3a2AWTOU1DJ9z7X5H28YOtQ/91d52OsKbivSBOT9RPMt1Ur6Lm/PKcAKlMNZXY2e rqPDzxc7V5ArXGuC+34b4LQGS X-Received: by 2002:a1c:f705:0:b0:37d:f2e5:d8ec with SMTP id v5-20020a1cf705000000b0037df2e5d8ecmr15431648wmh.21.1651941618492; Sat, 07 May 2022 09:40:18 -0700 (PDT) X-Received: by 2002:a1c:f705:0:b0:37d:f2e5:d8ec with SMTP id v5-20020a1cf705000000b0037df2e5d8ecmr15431630wmh.21.1651941618195; Sat, 07 May 2022 09:40:18 -0700 (PDT) Received: from [192.168.1.129] (205.pool92-176-231.dynamic.orange.es. [92.176.231.205]) by smtp.gmail.com with ESMTPSA id e2-20020a5d5942000000b0020c5253d8e1sm7951521wri.45.2022.05.07.09.40.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 07 May 2022 09:40:17 -0700 (PDT) Message-ID: <981d7ed4-8554-73ca-bfd1-2d89e4e91af3@redhat.com> Date: Sat, 7 May 2022 18:40:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Subject: Re: [PATCH] fbdev: efifb: Fix a use-after-free due early fb_info cleanup Content-Language: en-US To: Lucas De Marchi Cc: linux-fbdev@vger.kernel.org, Andrzej Hajda , Daniel Vetter , intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, Peter Jones , Thomas Zimmermann , Helge Deller References: <20220506132225.588379-1-javierm@redhat.com> <20220507162053.auo2idd5twvnxatj@ldmartin-desk2> From: Javier Martinez Canillas In-Reply-To: <20220507162053.auo2idd5twvnxatj@ldmartin-desk2> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Lucas, On 5/7/22 18:20, Lucas De Marchi wrote: > On Fri, May 06, 2022 at 03:22:25PM +0200, Javier Martinez Canillas wrote: >> Commit d258d00fb9c7 ("fbdev: efifb: Cleanup fb_info in .fb_destroy rather >> than .remove") attempted to fix a use-after-free error due driver freeing >> the fb_info in the .remove handler instead of doing it in .fb_destroy. >> >> But ironically that change introduced yet another use-after-free since the >> fb_info was still used after the free. >> >> This should fix for good by freeing the fb_info at the end of the handler. >> >> Fixes: d258d00fb9c7 ("fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove") > > are these patches going through any CI before being applied? Maybe would > be a good idea to cc intel-gfx mailing list on these fixes to have Intel > CI to pick them up for some tests? > I Cc'ed intel-gfx for this particular patch. I should had done it for the previous patches too, but I wasn't aware that Cc'ing that list would make it run on your CI. I tested locally the offending patch on an EFI platform before applying it and I don't know why it didn't fail there. Sorry all for the inconvenience. > pushed to drm-misc-fixes where the previous patch was applied. > Thanks. -- Best regards, Javier Martinez Canillas Linux Engineering Red Hat