| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jun 2022 15:51:11 +0300
From: Dmitry Osipenko <dmitry.osipenko@...labora.com>
To: Robin Murphy <robin.murphy@....com>,
David Airlie <airlied@...ux.ie>,
Gerd Hoffmann <kraxel@...hat.com>,
Gurchetan Singh <gurchetansingh@...omium.org>,
Chia-I Wu <olvaffe@...il.com>, Daniel Vetter <daniel@...ll.ch>,
Daniel Almeida <daniel.almeida@...labora.com>,
Gert Wollny <gert.wollny@...labora.com>,
Gustavo Padovan <gustavo.padovan@...labora.com>,
Daniel Stone <daniel@...ishbar.org>,
Tomeu Vizoso <tomeu.vizoso@...labora.com>,
Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
Maxime Ripard <mripard@...nel.org>,
Thomas Zimmermann <tzimmermann@...e.de>,
Rob Herring <robh@...nel.org>,
Steven Price <steven.price@....com>,
Alyssa Rosenzweig <alyssa.rosenzweig@...labora.com>,
Rob Clark <robdclark@...il.com>,
Emil Velikov <emil.l.velikov@...il.com>,
Qiang Yu <yuq825@...il.com>,
Sumit Semwal <sumit.semwal@...aro.org>,
Christian König <christian.koenig@....com>,
"Pan, Xinhui" <Xinhui.Pan@....com>,
Thierry Reding <thierry.reding@...il.com>,
Tomasz Figa <tfiga@...omium.org>,
Marek Szyprowski <m.szyprowski@...sung.com>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Alex Deucher <alexander.deucher@....com>,
Jani Nikula <jani.nikula@...ux.intel.com>,
Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
Rodrigo Vivi <rodrigo.vivi@...el.com>,
Tvrtko Ursulin <tvrtko.ursulin@...ux.intel.com>
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
virtualization@...ts.linux-foundation.org,
Dmitry Osipenko <digetx@...il.com>,
linux-tegra@...r.kernel.org, linux-media@...r.kernel.org,
linaro-mm-sig@...ts.linaro.org, amd-gfx@...ts.freedesktop.org,
intel-gfx@...ts.freedesktop.org, kernel@...labora.com
Subject: Re: [PATCH v6 00/22] Add generic memory shrinker to VirtIO-GPU and
Panfrost DRM drivers
On 6/28/22 15:31, Robin Murphy wrote:
> [ 100.511411]
> ==================================================================
> [ 100.511419] BUG: KASAN: use-after-free in irq_work_single+0xa4/0x110
> [ 100.511445] Write of size 4 at addr ffff0000107f5830 by task
> glmark2-es2-drm/280
> [ 100.511458]
> [ 100.511464] CPU: 1 PID: 280 Comm: glmark2-es2-drm Not tainted
> 5.19.0-rc3+ #400
> [ 100.511479] Hardware name: ARM LTD ARM Juno Development Platform/ARM
> Juno Development Platform, BIOS EDK II Sep 3 2019
> [ 100.511489] Call trace:
> [ 100.511494] dump_backtrace+0x1e4/0x1f0
> [ 100.511512] show_stack+0x20/0x70
> [ 100.511523] dump_stack_lvl+0x8c/0xb8
> [ 100.511543] print_report+0x16c/0x668
> [ 100.511559] kasan_report+0x80/0x208
> [ 100.511574] kasan_check_range+0x100/0x1b8
> [ 100.511590] __kasan_check_write+0x34/0x60
> [ 100.511607] irq_work_single+0xa4/0x110
> [ 100.511619] irq_work_run_list+0x6c/0x88
> [ 100.511632] irq_work_run+0x28/0x48
> [ 100.511644] ipi_handler+0x254/0x468
> [ 100.511664] handle_percpu_devid_irq+0x11c/0x518
> [ 100.511681] generic_handle_domain_irq+0x50/0x70
> [ 100.511699] gic_handle_irq+0xd4/0x118
> [ 100.511711] call_on_irq_stack+0x2c/0x58
> [ 100.511725] do_interrupt_handler+0xc0/0xc8
> [ 100.511741] el1_interrupt+0x40/0x68
> [ 100.511754] el1h_64_irq_handler+0x18/0x28
> [ 100.511767] el1h_64_irq+0x64/0x68
> [ 100.511778] irq_work_queue+0xc0/0xd8
> [ 100.511790] drm_sched_entity_fini+0x2c4/0x3b0
> [ 100.511805] drm_sched_entity_destroy+0x2c/0x40
> [ 100.511818] panfrost_job_close+0x44/0x1c0
> [ 100.511833] panfrost_postclose+0x38/0x60
> [ 100.511845] drm_file_free.part.0+0x33c/0x4b8
> [ 100.511862] drm_close_helper.isra.0+0xc0/0xd8
> [ 100.511877] drm_release+0xe4/0x1e0
> [ 100.511891] __fput+0xf8/0x390
> [ 100.511904] ____fput+0x18/0x28
> [ 100.511917] task_work_run+0xc4/0x1e0
> [ 100.511929] do_exit+0x554/0x1168
> [ 100.511945] do_group_exit+0x60/0x108
> [ 100.511960] __arm64_sys_exit_group+0x34/0x38
> [ 100.511977] invoke_syscall+0x64/0x180
> [ 100.511993] el0_svc_common.constprop.0+0x13c/0x170
> [ 100.512012] do_el0_svc+0x48/0xe8
> [ 100.512028] el0_svc+0x5c/0xe0
> [ 100.512038] el0t_64_sync_handler+0xb8/0xc0
> [ 100.512051] el0t_64_sync+0x18c/0x190
> [ 100.512064]
This one shall be fixed by [1] that is not in the RC kernel yet, please
use linux-next.
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?h=next-20220628&id=7d64c40a7d96190d9d06e240305389e025295916
--
Best regards,
Dmitry
Powered by blists - more mailing lists