lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 9 Mar 2016 18:42:28 -0500
From:	Nicolai Hähnle <nicolai.haehnle@....com>
To:	Kamal Mostafa <kamal@...onical.com>,
	<linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>,
	<kernel-team@...ts.ubuntu.com>
Subject: Re: [PATCH 3.13.y-ckt 078/138] drm/radeon: hold reference to fences
 in radeon_sa_bo_new

On 09.03.2016 18:13, Kamal Mostafa wrote:
> 3.13.11-ckt36 -stable review patch.  If anyone has any objections, please let me know.

Please drop the patch for now, it causes a NULL pointer dereference on 
kernels <= 3.17. We will follow up with a correctly backported patch.

Thanks,
Nicolai

>
> ---8<------------------------------------------------------------
>
> From: =?UTF-8?q?Nicolai=20H=C3=A4hnle?= <nicolai.haehnle@....com>
>
> commit f6ff4f67cdf8455d0a4226eeeaf5af17c37d05eb upstream.
>
> An arbitrary amount of time can pass between spin_unlock and
> radeon_fence_wait_any, so we need to ensure that nobody frees the
> fences from under us.
>
> Based on the analogous fix for amdgpu.
>
> Signed-off-by: Nicolai Hähnle <nicolai.haehnle@....com>
> Reviewed-by: Christian König <christian.koenig@....com>
> Signed-off-by: Kamal Mostafa <kamal@...onical.com>
> ---
>   drivers/gpu/drm/radeon/radeon_sa.c | 5 +++++
>   1 file changed, 5 insertions(+)
>
> diff --git a/drivers/gpu/drm/radeon/radeon_sa.c b/drivers/gpu/drm/radeon/radeon_sa.c
> index f0bac68..bb16684 100644
> --- a/drivers/gpu/drm/radeon/radeon_sa.c
> +++ b/drivers/gpu/drm/radeon/radeon_sa.c
> @@ -349,8 +349,13 @@ int radeon_sa_bo_new(struct radeon_device *rdev,
>   			/* see if we can skip over some allocations */
>   		} while (radeon_sa_bo_next_hole(sa_manager, fences, tries));
>
> +		for (i = 0; i < RADEON_NUM_RINGS; ++i)
> +			radeon_fence_ref(fences[i]);
> +
>   		spin_unlock(&sa_manager->wq.lock);
>   		r = radeon_fence_wait_any(rdev, fences, false);
> +		for (i = 0; i < RADEON_NUM_RINGS; ++i)
> +			radeon_fence_unref(&fences[i]);
>   		spin_lock(&sa_manager->wq.lock);
>   		/* if we have nothing to wait for block */
>   		if (r == -ENOENT && block) {
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ