lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Oct 2022 08:39:41 +0800 From: Zheng Hacker <hackerzheng666@...il.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: Zheng Wang <zyytlz.wz@....com>, 1002992920@...com, airlied@...ux.ie, alex000young@...il.com, dri-devel@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org, jani.nikula@...ux.intel.com, linux-kernel@...r.kernel.org, security@...nel.org, tvrtko.ursulin@...ux.intel.com Subject: Re: [PATCH v2] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry Greg KH <gregkh@...uxfoundation.org> 于2022年10月7日周五 03:22写道: > > On Fri, Oct 07, 2022 at 12:58:45AM +0800, Zheng Wang wrote: > > If intel_gvt_dma_map_guest_page failed, it will call > > ppgtt_invalidate_spt, which will finally free the spt. > > But the caller does not notice that, it will free spt again in error path. > > > > Fix this by spliting invalidate and free in ppgtt_invalidate_spt. > > Only free spt when in good case. > > > > Reported-by: Zheng Wang <hackerzheng666@...il.com> > > Signed-off-by: Zheng Wang <zyytlz.wz@....com> > > --- > > v2: > > - split initial function into two api function suggested by Greg > > > > v1: https://lore.kernel.org/all/20220928033340.1063949-1-zyytlz.wz@163.com/ > > --- > > drivers/gpu/drm/i915/gvt/gtt.c | 31 +++++++++++++++++++++---------- > > 1 file changed, 21 insertions(+), 10 deletions(-) > > > > diff --git a/drivers/gpu/drm/i915/gvt/gtt.c b/drivers/gpu/drm/i915/gvt/gtt.c > > index ce0eb03709c3..55d8e1419302 100644 > > --- a/drivers/gpu/drm/i915/gvt/gtt.c > > +++ b/drivers/gpu/drm/i915/gvt/gtt.c > > @@ -959,6 +959,7 @@ static inline int ppgtt_put_spt(struct intel_vgpu_ppgtt_spt *spt) > > return atomic_dec_return(&spt->refcount); > > } > > > > +static int ppgtt_invalidate_and_free_spt(struct intel_vgpu_ppgtt_spt *spt); > > Odd extra space after the 'int', why? > Hi Greg, Sorry it's a spelling mistake. I'll correct it right away :) Thanks, Zheng Wang
Powered by blists - more mailing lists