lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 29 Jul 2021 09:58:38 +0200
From:   Krzysztof Kozlowski <krzk@...nel.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Jingwen Chen <Jingwen.Chen2@....com>,
        Alex Deucher <alexander.deucher@....com>
Cc:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Christian König <christian.koenig@....com>,
        Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 5.10 182/252] drm/amd/amdgpu: fix refcount leak

On Mon, 31 May 2021 at 16:06, Greg Kroah-Hartman
<gregkh@...uxfoundation.org> wrote:
>
> From: Jingwen Chen <Jingwen.Chen2@....com>
>
> [ Upstream commit fa7e6abc75f3d491bc561734312d065dc9dc2a77 ]
>
> [Why]
> the gem object rfb->base.obj[0] is get according to num_planes
> in amdgpufb_create, but is not put according to num_planes
>
> [How]
> put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes
>
> Signed-off-by: Jingwen Chen <Jingwen.Chen2@....com>
> Acked-by: Christian König <christian.koenig@....com>
> Reviewed-by: Alex Deucher <alexander.deucher@....com>
> Signed-off-by: Alex Deucher <alexander.deucher@....com>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c | 3 +++
>  1 file changed, 3 insertions(+)

The original commit looks like a partial fix for 37ac3dc00da0
("drm/amdgpu: Use device specific BO size & stride check.") which came
in v5.14. Or putting it differently: this does not look entirely good
without 37ac3dc00da0 which is a fix for f258907fdd83 ("drm/amdgpu:
Verify bo size can fit framebuffer size on init.") merged in v5.13.

Backporting it earlier might cause use-after-free errors (due to GEM
refcnt dropping too early).

Can the AMD guys:
1. Confirm where this should be backported (for example not for v4.19,
v5.4, v5.10, v5.12)?
2. Mark fixes with the "Fixes" tag so we know where the fix should go?
Please include such checks in your Acking and Reviewing (unless Acks
and Reviews are just formality, not a check).

Best regards,
Krzysztof

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ