| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c148afe9-f10a-8751-d761-2480c05a137a@redhat.com>
Date: Tue, 10 May 2022 11:44:49 +0200
From: Javier Martinez Canillas <javierm@...hat.com>
To: Thomas Zimmermann <tzimmermann@...e.de>,
Andrzej Hajda <andrzej.hajda@...el.com>,
linux-kernel@...r.kernel.org
Cc: Daniel Vetter <daniel.vetter@...ll.ch>,
linux-fbdev@...r.kernel.org, Helge Deller <deller@....de>,
dri-devel@...ts.freedesktop.org,
Daniel Vetter <daniel.vetter@...el.com>
Subject: Re: [PATCH v3 1/4] fbdev: Prevent possible use-after-free in
fb_release()
On 5/10/22 11:39, Thomas Zimmermann wrote:
[snip]
>>
>> 3) Set .fb_destroy to drm_fbdev_fb_destroy() if isn't set by drivers when
>> they call drm_fb_helper_initial_config() or drm_fb_helper_fill_info().
>>
>> I'm leaning towards option (3). Then the fb_info release will be automatic
>> whether drivers are using the generic setup or a custom one.
>
> IMHO this would just be another glitch to paper over all the broken
> code. And if you follow through drm_fbdev_fb_helper(), [1] it'll call
> _fini at some point and probably blow up in some other way. Instances of
> struct fb_ops are also usually const.
>
> The only reliable way AFAICT is to do what generic fbdev does: use
> unregister_framebuffer and do the software cleanup somewhere within
> fb_destroy. And then fix all drivers to use that pattern.
>
Right. We can't really abstract this away from drivers that are not
using the generic fbdev helpers. So then they will have to provide
their own .fb_destroy() callback and do the cleanup.
--
Best regards,
Javier Martinez Canillas
Linux Engineering
Red Hat
Powered by blists - more mailing lists