Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp252590rdd; Tue, 9 Jan 2024 03:09:19 -0800 (PST) X-Google-Smtp-Source: AGHT+IFLiBRf27x9AmmSLFZurzTzhvAVSN9VQXTsatjm40DT9FpHYzhjlejnrzlv68MfvdIM5Ppw X-Received: by 2002:a17:902:f54d:b0:1d5:ccf:3597 with SMTP id h13-20020a170902f54d00b001d50ccf3597mr5907273plf.42.1704798559303; Tue, 09 Jan 2024 03:09:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704798559; cv=none; d=google.com; s=arc-20160816; b=QR6LHiBfHWyz5cTSNR3HGACrYGKHm4EceREDUnNfb53g91aISjKc8wIcdeZ01WRmjB yGnalzB+znnGosj5XFa8PWWqidmITbHL9j6dDpfF6nphb+OE4oBK4hibyXBnNW8SSU69 Sh6OUqZfNEB/zFfT3OX6+jMMrYfcB+XRAy0foDIzoktohJYNIDKnfkIllMbSUByDWOzt PPGNZTkkVdjZXsuU6dkIBZFu0iS2zs5nfNk7dg8PIWAuMq/FVP6qNAlAV0JyiweXwfk3 LTLjt+sGllcH2jswlSQmJDv4LAnSjYGtZyNdXqoNHhKQkhh8LxZVtU9cUlKBt9KXNlPJ ufFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter; bh=dZSYFuprTqfspA6v9+rP8mVuX6czoir5pAkVaXwFN5M=; fh=PBqHCkr2qw8/+CmR+0vPNgqykVzU45pFkorUsIT5P2Q=; b=sqH1lIB0EHznYc5vigMMfTfMiE4zAnkMeuPNn6o5eoJ1eh4RdN3kwTw3WLUPMnfLOo QHCk/K90yn0hCz3fmKF8NMzvBcASNleBAdV4arjKr9hC7iz18haaNLRGTz7bUmJRSwVj vjEaw7R1CEWz22CkgQgRdh5h9o2ol2X2MKiytFvH4GsQzRhyuGYtVRwy6LQ9W0nDk28c cE1SJ99Jm1NDXcntyGnLWj7Aji/mdD3E8Jcz1VBqGMJmW+PM6D3lGefmpLF4MqIdBL9e 8C0zzz1cET8AEd4CXwOmPs0DeCALsk3ZyC/S79JCfxD653u4FVw4kwiNX6XYODaM6IQ7 AX8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=OU6LGNvO; spf=pass (google.com: domain of linux-kernel+bounces-20742-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20742-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id b5-20020a170902d88500b001d4a25267b8si1324940plz.237.2024.01.09.03.09.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 03:09:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-20742-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@ispras.ru header.s=default header.b=OU6LGNvO; spf=pass (google.com: domain of linux-kernel+bounces-20742-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20742-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id F3202286D0B for ; Tue, 9 Jan 2024 11:09:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4FA2536AFE; Tue, 9 Jan 2024 11:09:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=ispras.ru header.i=@ispras.ru header.b="OU6LGNvO" Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7621D37143; Tue, 9 Jan 2024 11:09:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=ispras.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ispras.ru Received: from localhost.ispras.ru (unknown [10.10.165.2]) by mail.ispras.ru (Postfix) with ESMTPSA id EE39540737C4; Tue, 9 Jan 2024 11:09:03 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 mail.ispras.ru EE39540737C4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ispras.ru; s=default; t=1704798544; bh=dZSYFuprTqfspA6v9+rP8mVuX6czoir5pAkVaXwFN5M=; h=From:To:Cc:Subject:Date:From; b=OU6LGNvOv/bPvRC0J1P8GLE/fLpU47BIoftyNVi4GmcnI9K1URhtFoff4lVqj0Hhh SKbo0piEcmU7EXCN22qQSqrj8cJQdaUcN/UgXpq5UUfTQw2ZAibhGibFNDnlBLBSiy zji+42Z33Eeo8UppEXj+OETCbcZCJBX2CqUId60k= From: Fedor Pchelkin To: Greg Kroah-Hartman , stable@vger.kernel.org Cc: Fedor Pchelkin , Wander Lairson Costa , Dave Airlie , Gerd Hoffmann , Daniel Vetter , virtualization@lists.linux-foundation.org, spice-devel@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, Alexey Khoroshilov , lvc-project@linuxtesting.org Subject: [PATCH 5.10 0/1] drm/qxl: fix UAF on handle creation Date: Tue, 9 Jan 2024 14:08:24 +0300 Message-ID: <20240109110827.9458-1-pchelkin@ispras.ru> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit The bug `KASAN: slab-use-after-free in qxl_mode_dumb_create` is reproduced on 5.10 stable branch. The problem has been fixed by the following patch which can be cleanly applied to 5.10. The fix is already included in all stable branches starting from 5.15. Link to the "failed to apply to 5.10" report [1]. [1]: https://lore.kernel.org/stable/2023082121-mumps-residency-9108@gregkh/