Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp821606rwb;
        Thu, 15 Dec 2022 02:59:08 -0800 (PST)
X-Google-Smtp-Source: AA0mqf6I3fW046ePUaeqtTBvNftc0iLLEN3LZiscFp+045QqYjgnumCZGE/GovjBSq8e5Aft8o2H
X-Received: by 2002:a17:906:2284:b0:7c0:4030:ae20 with SMTP id p4-20020a170906228400b007c04030ae20mr24757092eja.24.1671101948558;
        Thu, 15 Dec 2022 02:59:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1671101948; cv=none;
        d=google.com; s=arc-20160816;
        b=Gxv9PpoTJsgmT/xHWeeY4tnIkDsCljOfVDAqjYik01UvgrjshQS3PiR2VD04jzrRlN
         bgC5g6XcGQpSce8ecVN1Fne3/r5Tlqcims2YRrPDbibHD/tgwBucK9i5rrdsRizrB7jJ
         m+cVqoCq25VhQpVAs0ooiMOelMUSNyBKvjyq0Y1Eh249elBvjN1OXiz0PT6eIvckvpRx
         filcAOJ0pswu8bcNPvgAWgkC7Hi6s5PmbxCnRfof8MMi+F+O5SUmB2PL5q8PYJ6F1dr6
         SApF24EODvU7iRQeF/DdQgvFNiZ5SSMZbZlWvue8acoyGfCVjXdAcJH9DM1QCFI0iOuC
         hJIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:date:user-agent:message-id:organization:subject
         :from:to:cc:references:in-reply-to:content-transfer-encoding
         :mime-version:dkim-signature;
        bh=zXYj1X5CN56Thb0qJ7a7VOyNGgqdnnoyOz96f3OSkIQ=;
        b=1E9KY0HbwSvCo6LFLL/ACkQH0tUi3ChRatyvHWgunK185IKHm1NvR9PyPBYmzIs87n
         wtmFOz6MuOffUQFj1Mu7savU6vvyldQqUxwqQPzxwmwlFer8qzBymSC9F7X3ThYuA4Ol
         DBU2gYG88PdyBsGCOUaCmDDpEx3xeYzdc/Oz77vFcnkabQg4VljOY7uh+luJHJllliXC
         kGmNiiECO8ybOEE253kLGiaWLCmpy458mdQgDQaVnLo6R++lD1D1n3QcbWcpVRruKYti
         PqY/L4OcA3u7A6UmzORVfNLbrD8/iZYarHv/aEKnEz7TEZ61WUTUk6IQ1IwRJCsFmM22
         Ld5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="jZ6A/j4y";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id e22-20020a056402089600b0046bdcbd0057si13689229edy.186.2022.12.15.02.58.51;
        Thu, 15 Dec 2022 02:59:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b="jZ6A/j4y";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230036AbiLOKsF (ORCPT <rfc822;2014014876lha@gmail.com>
        + 69 others); Thu, 15 Dec 2022 05:48:05 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51332 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230183AbiLOKr4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 15 Dec 2022 05:47:56 -0500
Received: from mga14.intel.com (mga14.intel.com [192.55.52.115])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CA96A2C644
        for <linux-kernel@vger.kernel.org>; Thu, 15 Dec 2022 02:47:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1671101270; x=1702637270;
  h=mime-version:content-transfer-encoding:in-reply-to:
   references:cc:to:from:subject:message-id:date;
  bh=zXYj1X5CN56Thb0qJ7a7VOyNGgqdnnoyOz96f3OSkIQ=;
  b=jZ6A/j4yFy7whgeFxYQz0GlO650IZDGeymAqnSaojPizKSKuDOKu93Tx
   UBhDi36WeLRxurJgJxmMfDinkI9OKFAci4Wh4cp2B5eM2UxULg5UgMolV
   da3HmzIqpihS9oz5rdweZ7tHv6kG/yBvinNEHe6/y9eFK+txK6XFNBN/J
   0bIM24XNLU0ADjo5BXDHEic1R2gth3OwG43P7/8Z0mBjsFTiaVO8HszE5
   dQxGMbw5Eay6UKpCCzCYgBRi9TRfgDta2/KW0Nu+h1R8JScxckfw6yhOp
   MbB4gpPSOeXVUxs8jt6ahNloa5cZWqfUvP3beJ5zzw1u2b07aBUu+YVoy
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="318688887"
X-IronPort-AV: E=Sophos;i="5.96,247,1665471600"; 
   d="scan'208";a="318688887"
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
  by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2022 02:47:50 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10561"; a="712856394"
X-IronPort-AV: E=Sophos;i="5.96,247,1665471600"; 
   d="scan'208";a="712856394"
Received: from wokeeffe-mobl1.ger.corp.intel.com (HELO localhost) ([10.252.6.24])
  by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Dec 2022 02:47:43 -0800
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
In-Reply-To: <CAPM=9twhAL+c8mOLmidY_tEhEKwCh-CTjfs5yryOk8oGjMxuug@mail.gmail.com>
References: <Yz8rIxV7bVCcfZb0@kroah.com> <20221007013708.1946061-1-zyytlz.wz@163.com> <CAPM=9ty0+ouf+rQWhM=9XSKFOA2zxKfa00MsNBvwrQGPQm2uPQ@mail.gmail.com> <CAJedcCwxioxr+4TBTdrEjAZh97J3oroSHSgax+bxSNRXCBvkRg@mail.gmail.com> <CAPM=9twhAL+c8mOLmidY_tEhEKwCh-CTjfs5yryOk8oGjMxuug@mail.gmail.com>
Cc:     alex000young@gmail.com, security@kernel.org, airlied@linux.ie,
        gregkh@linuxfoundation.org, intel-gfx@lists.freedesktop.org,
        linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org,
        1002992920@qq.com, Zheng Wang <zyytlz.wz@163.com>,
        intel-gvt-dev@lists.freedesktop.org, zhi.a.wang@intel.com
To:     Dave Airlie <airlied@gmail.com>,
        Zheng Hacker <hackerzheng666@gmail.com>,
        Zhenyu Wang <zhenyuw@linux.intel.com>,
        Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
From:   Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Subject: Re: [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
Message-ID: <167110126066.5360.11413014428644610672@jlahtine-mobl.ger.corp.intel.com>
User-Agent: alot/0.8.1
Date:   Thu, 15 Dec 2022 12:47:40 +0200
X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

(+ Tvrtko as FYI)

Zhenyu, can you take a look at the patch ASAP.

Regards, Joonas

Quoting Dave Airlie (2022-10-27 08:12:31)
> On Thu, 27 Oct 2022 at 13:26, Zheng Hacker <hackerzheng666@gmail.com> wro=
te:
> >
> > Dave Airlie <airlied@gmail.com> =E4=BA=8E2022=E5=B9=B410=E6=9C=8827=E6=
=97=A5=E5=91=A8=E5=9B=9B 08:01=E5=86=99=E9=81=93=EF=BC=9A
> > >
> > > On Fri, 7 Oct 2022 at 11:38, Zheng Wang <zyytlz.wz@163.com> wrote:
> > > >
> > > > If intel_gvt_dma_map_guest_page failed, it will call
> > > > ppgtt_invalidate_spt, which will finally free the spt.
> > > > But the caller does not notice that, it will free spt again in erro=
r path.
> > > >
> > > > Fix this by spliting invalidate and free in ppgtt_invalidate_spt.
> > > > Only free spt when in good case.
> > > >
> > > > Reported-by: Zheng Wang <hackerzheng666@gmail.com>
> > > > Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
> > >
> > > Has this landed in a tree yet, since it's a possible CVE, might be
> > > good to merge it somewhere.
> > >
> > > Dave.
> > >
> >
> > Hi Dave,
> >
> > This patched hasn't been merged yet. Could you please help with this?
>=20
> I'll add some more people who can probably look at it.
>=20
> Dave.