From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gustavo Padovan Subject: Re: [PATCH] drm/fence: fix memory overwrite when setting out_fence fd Date: Mon, 16 Jan 2017 20:24:19 -0200 Message-ID: <20170116222419.GM16017@joana> References: <1484317329-9293-1-git-send-email-gustavo@padovan.org> <20170113212751.GA27683@chadversary.pdx.corp.google.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail-ua0-f193.google.com (mail-ua0-f193.google.com [209.85.217.193]) by gabe.freedesktop.org (Postfix) with ESMTPS id D49E16E55C for ; Mon, 16 Jan 2017 22:24:24 +0000 (UTC) Received: by mail-ua0-f193.google.com with SMTP id f2so10898972uaf.3 for ; Mon, 16 Jan 2017 14:24:24 -0800 (PST) Content-Disposition: inline In-Reply-To: <20170113212751.GA27683@chadversary.pdx.corp.google.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Chad Versace , dri-devel@lists.freedesktop.org, Gustavo Padovan , stable@vger.kernel.org, Laurent Pinchart List-Id: dri-devel@lists.freedesktop.org MjAxNy0wMS0xMyBDaGFkIFZlcnNhY2UgPGNoYWR2ZXJzYXJ5QGNocm9taXVtLm9yZz46Cgo+IE9u IEZyaSAxMyBKYW4gMjAxNywgR3VzdGF2byBQYWRvdmFuIHdyb3RlOgo+ID4gRnJvbTogR3VzdGF2 byBQYWRvdmFuIDxndXN0YXZvLnBhZG92YW5AY29sbGFib3JhLmNvbT4KPiA+IAo+ID4gQ3VycmVu dGx5IGlmIHRoZSB1c2Vyc3BhY2UgZGVjbGFyZXMgYSBpbnQgdmFyaWFibGUgdG8gc3RvcmUgdGhl IG91dF9mZW5jZQo+ID4gZmQgYW5kIHBhc3MgaXQgdG8gT1VUX0ZFTkNFX1BUUiB0aGUga2VybmVs IHdpbGwgb3ZlcndyaXRlIHRoZSAzMiBiaXRzCj4gPiBhYm92ZSB0aGUgaW50IHZhcmlhYmxlIG9u IDY0IGJpdHMgc3lzdGVtcy4KPiA+IAo+ID4gRml4IHRoaXMgYnkgbWFraW5nIHRoZSBpbnRlcm5h bCBzdG9yYWdlIG9mIG91dF9mZW5jZSBpbiB0aGUga2VybmVsIGEgczMyCj4gPiBwb2ludGVyLgo+ ID4gCj4gPiBSZXBvcnRlZC1ieTogQ2hhZCBWZXJzYWNlIDxjaGFkdmVyc2FyeUBjaHJvbWl1bS5v cmc+Cj4gPiBTaWduZWQtb2ZmLWJ5OiBHdXN0YXZvIFBhZG92YW4gPGd1c3Rhdm8ucGFkb3ZhbkBj b2xsYWJvcmEuY29tPgo+ID4gQ2M6IERhbmllbCBWZXR0ZXIgPGRhbmllbEBmZndsbC5jaD4KPiA+ IENjOiBSYWZhZWwgQW50b2dub2xsaSA8cmFmYWVsLmFudG9nbm9sbGlAaW50ZWwuY29tPgo+ID4g Q2M6IExhdXJlbnQgUGluY2hhcnQgPGxhdXJlbnQucGluY2hhcnRAaWRlYXNvbmJvYXJkLmNvbT4K PiA+IENjOiBzdGFibGVAdmdlci5rZXJuZWwub3JnCj4gCj4gUmV2aWV3ZWQtYW5kLVRlc3RlZC1i eTogQ2hhZCBWZXJzYWNlIDxjaGFkdmVyc2FyeUBjaHJvbWl1bS5vcmc+Cj4gCj4gSSBhcHBsaWVk IHRoaXMgdG8gbXkga2VybmVsIGJyYW5jaCwgdXBkYXRlZCBrbXNjdWJlLCBhbmQgdGhlIHNwaW5u aW5nIGN1YmUgc3RpbGwgbG9va3MgZ29vZC4KPiBGb3IgcmVmZXJlbmNlLCBoZXJlIGFyZSB0aGUg dGFncyBJIHRlc3RlZCB3aXRoOgo+IAo+ICAgICBtZXNhOiBodHRwOi8vZ2l0Lmtpd2l0cmVlLm5l dC9jZ2l0L35jaGFkdi9tZXNhL3RhZy8/aD1jaGFkdi9yZXZpZXcvaTk2NS1leGVjLWZlbmNlLXYw Mwo+ICAgICBsaWJkcm06IGh0dHA6Ly9naXQua2l3aXRyZWUubmV0L2NnaXQvfmNoYWR2L2xpYmRy bS90YWcvP2g9Y2hhZHYvcmV2aWV3L2ludGVsLWV4ZWMtZmVuY2UtdjAxCj4gICAgIGxpbnV4OiBo dHRwOi8vZ2l0Lmtpd2l0cmVlLm5ldC9jZ2l0L35jaGFkdi9saW51eC90YWcvP2g9Y2hhZHYvdGVz dC9pOTE1LWV4ZWMtZmVuY2UtdjA0Cj4gICAgIGttc2N1YmU6IGh0dHA6Ly9naXQua2l3aXRyZWUu bmV0L2NnaXQvfmNoYWR2L2ttc2N1YmUvdGFnLz9oPWNoYWR2L3Rlc3QvZmVuY2VzLXYwMwoKSSBw dXNoZWQgdGhpcyBwYXRjaCB0byBkcm0tbWlzYy1maXhlcy4gVGhhbmsgeW91IGFsbC4KCkd1c3Rh dm8KCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmRyaS1k ZXZlbCBtYWlsaW5nIGxpc3QKZHJpLWRldmVsQGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwczov L2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2RyaS1kZXZlbAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ua0-f195.google.com ([209.85.217.195]:34268 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750865AbdAPWYY (ORCPT ); Mon, 16 Jan 2017 17:24:24 -0500 Received: by mail-ua0-f195.google.com with SMTP id i68so10864546uad.1 for ; Mon, 16 Jan 2017 14:24:24 -0800 (PST) Date: Mon, 16 Jan 2017 20:24:19 -0200 From: Gustavo Padovan To: Chad Versace , dri-devel@lists.freedesktop.org, Gustavo Padovan , stable@vger.kernel.org, Laurent Pinchart Subject: Re: [PATCH] drm/fence: fix memory overwrite when setting out_fence fd Message-ID: <20170116222419.GM16017@joana> References: <1484317329-9293-1-git-send-email-gustavo@padovan.org> <20170113212751.GA27683@chadversary.pdx.corp.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170113212751.GA27683@chadversary.pdx.corp.google.com> Sender: stable-owner@vger.kernel.org List-ID: 2017-01-13 Chad Versace : > On Fri 13 Jan 2017, Gustavo Padovan wrote: > > From: Gustavo Padovan > > > > Currently if the userspace declares a int variable to store the out_fence > > fd and pass it to OUT_FENCE_PTR the kernel will overwrite the 32 bits > > above the int variable on 64 bits systems. > > > > Fix this by making the internal storage of out_fence in the kernel a s32 > > pointer. > > > > Reported-by: Chad Versace > > Signed-off-by: Gustavo Padovan > > Cc: Daniel Vetter > > Cc: Rafael Antognolli > > Cc: Laurent Pinchart > > Cc: stable@vger.kernel.org > > Reviewed-and-Tested-by: Chad Versace > > I applied this to my kernel branch, updated kmscube, and the spinning cube still looks good. > For reference, here are the tags I tested with: > > mesa: http://git.kiwitree.net/cgit/~chadv/mesa/tag/?h=chadv/review/i965-exec-fence-v03 > libdrm: http://git.kiwitree.net/cgit/~chadv/libdrm/tag/?h=chadv/review/intel-exec-fence-v01 > linux: http://git.kiwitree.net/cgit/~chadv/linux/tag/?h=chadv/test/i915-exec-fence-v04 > kmscube: http://git.kiwitree.net/cgit/~chadv/kmscube/tag/?h=chadv/test/fences-v03 I pushed this patch to drm-misc-fixes. Thank you all. Gustavo