lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Oct 2022 11:26:41 +0800
From:   Zheng Hacker <hackerzheng666@...il.com>
To:     Dave Airlie <airlied@...il.com>
Cc:     Zheng Wang <zyytlz.wz@....com>, gregkh@...uxfoundation.org,
        alex000young@...il.com, security@...nel.org, airlied@...ux.ie,
        intel-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        linux-kernel@...r.kernel.org, 1002992920@...com
Subject: Re: [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

Dave Airlie <airlied@...il.com> 于2022年10月27日周四 08:01写道:
>
> On Fri, 7 Oct 2022 at 11:38, Zheng Wang <zyytlz.wz@....com> wrote:
> >
> > If intel_gvt_dma_map_guest_page failed, it will call
> > ppgtt_invalidate_spt, which will finally free the spt.
> > But the caller does not notice that, it will free spt again in error path.
> >
> > Fix this by spliting invalidate and free in ppgtt_invalidate_spt.
> > Only free spt when in good case.
> >
> > Reported-by: Zheng Wang <hackerzheng666@...il.com>
> > Signed-off-by: Zheng Wang <zyytlz.wz@....com>
>
> Has this landed in a tree yet, since it's a possible CVE, might be
> good to merge it somewhere.
>
> Dave.
>

Hi Dave,

This patched hasn't been merged yet. Could you please help with this?

Best Regards,
Zheng Wang

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ