| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Oct 2022 15:12:31 +1000
From: Dave Airlie <airlied@...il.com>
To: Zheng Hacker <hackerzheng666@...il.com>
Cc: Zheng Wang <zyytlz.wz@....com>, gregkh@...uxfoundation.org,
alex000young@...il.com, security@...nel.org, airlied@...ux.ie,
intel-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, 1002992920@...com,
intel-gvt-dev@...ts.freedesktop.org, zhi.a.wang@...el.com,
Zhenyu Wang <zhenyuw@...ux.intel.com>,
Jani Nikula <jani.nikula@...ux.intel.com>
Subject: Re: [PATCH v3] drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
On Thu, 27 Oct 2022 at 13:26, Zheng Hacker <hackerzheng666@...il.com> wrote:
>
> Dave Airlie <airlied@...il.com> 于2022年10月27日周四 08:01写道:
> >
> > On Fri, 7 Oct 2022 at 11:38, Zheng Wang <zyytlz.wz@....com> wrote:
> > >
> > > If intel_gvt_dma_map_guest_page failed, it will call
> > > ppgtt_invalidate_spt, which will finally free the spt.
> > > But the caller does not notice that, it will free spt again in error path.
> > >
> > > Fix this by spliting invalidate and free in ppgtt_invalidate_spt.
> > > Only free spt when in good case.
> > >
> > > Reported-by: Zheng Wang <hackerzheng666@...il.com>
> > > Signed-off-by: Zheng Wang <zyytlz.wz@....com>
> >
> > Has this landed in a tree yet, since it's a possible CVE, might be
> > good to merge it somewhere.
> >
> > Dave.
> >
>
> Hi Dave,
>
> This patched hasn't been merged yet. Could you please help with this?
I'll add some more people who can probably look at it.
Dave.
Powered by blists - more mailing lists