From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3E0CAC433E1 for ; Fri, 24 Jul 2020 17:45:15 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0FD54206F6 for ; Fri, 24 Jul 2020 17:45:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Q1QRkHyc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0FD54206F6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=amd-gfx-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id A955D6E9DE; Fri, 24 Jul 2020 17:45:14 +0000 (UTC) Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by gabe.freedesktop.org (Postfix) with ESMTPS id 179406E158 for ; Fri, 24 Jul 2020 17:33:52 +0000 (UTC) Received: by mail-pj1-x1043.google.com with SMTP id mn17so5668979pjb.4 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=Q1QRkHycMk52/bKVqxlla4kawMVY7rJ9Glz8gLDV/8MbzJ1hbsWxA2Nvw14uWnHUyR 7i0ZEaE+GxwOv5WddwQKgaFbyK/Zqqm89mDtGLrSm4Eo9MCONhkoAcHQdJYOautUQtIl BrY8mEeiP/cjryNq+KgqmCIVo1Ikw2cnJeoJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=M2wxmkoqnLDn5Wz7T4L+UXxLi3g6ANXxvEiE8nZlzRfEYhVPsYPLmttgYQ254JIjWI ayppitNJX3qKH2B5H02bu/zwi1n2KpJjmfHFglcyFp3VB/v8IDIKxpWK4d9U9mU7qvNq Uis1jJweX4cXnIhaCllqV7yYU7L3oyv5YnsyJcmdxwkwo10/z7u73MfzQinA+xqcXBIh 54pS8QdAlmwIX09/41bYeJmwb7/hkOeo05W4qA2gHDrcATAay7gnofHIadNYVNc4OyvY YUjVeqMVYOFHDbmbcllYgxwk410vN8lbpgQW7cfviaMvmz1L3IYdXbrMpJLFiOKnavHk 5gmg== X-Gm-Message-State: AOAM530QclUngfj7lkT/ZLExBzYlBjneJU8hTLwfuwFSLP04CaCPed21 Us4KsJKb54To6bs9PkisJJZ07w== X-Google-Smtp-Source: ABdhPJw0sCIj9SGPQi9/3pSeTdjP3tUKlGQY9tYxdh47l36JCwKd/wL2+T5d4l7kWEKYH9l49xhmsg== X-Received: by 2002:a17:90b:238a:: with SMTP id mr10mr6130742pjb.187.1595612031653; Fri, 24 Jul 2020 10:33:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a9sm6938080pfr.103.2020.07.24.10.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 10:33:50 -0700 (PDT) Date: Fri, 24 Jul 2020 10:33:49 -0700 From: Kees Cook To: Paul Menzel Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free Message-ID: <202007241016.922B094AAA@keescook> References: <202007231524.A24720C@keescook> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Mailman-Approved-At: Fri, 24 Jul 2020 17:45:13 +0000 X-BeenThere: amd-gfx@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion list for AMD gfx List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: anthony.ruhier@gmail.com, 1i5t5.duncan@cox.net, sunpeng.li@amd.com, Mazin Rezk , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, Nicholas Kazlauskas , regressions@leemhuis.info, amd-gfx@lists.freedesktop.org, Alexander Deucher , Andrew Morton , mphantomx@yahoo.com.br, Harry Wentland , Christian =?iso-8859-1?Q?K=F6nig?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: amd-gfx-bounces@lists.freedesktop.org Sender: "amd-gfx" T24gRnJpLCBKdWwgMjQsIDIwMjAgYXQgMDk6NDU6MThBTSArMDIwMCwgUGF1bCBNZW56ZWwgd3Jv dGU6Cj4gQW0gMjQuMDcuMjAgdW0gMDA6MzIgc2NocmllYiBLZWVzIENvb2s6Cj4gPiBPbiBUaHUs IEp1bCAyMywgMjAyMCBhdCAwOToxMDoxNVBNICswMDAwLCBNYXppbiBSZXprIHdyb3RlOgo+IEFz IExpbnV4IDUuOC1yYzcgaXMgZ29pbmcgdG8gYmUgcmVsZWFzZWQgdGhpcyBTdW5kYXksIEkgd29u ZGVyLCBpZiBjb21taXQKPiAzMjAyZmE2MmYgKCJzbHViOiByZWxvY2F0ZSBmcmVlbGlzdCBwb2lu dGVyIHRvIG1pZGRsZSBvZiBvYmplY3QiKSBzaG91bGQgYmUKPiByZXZlcnRlZCBmb3Igbm93IHRv IGZpeCB0aGUgcmVncmVzc2lvbiBmb3IgdGhlIHVzZXJzIGFjY29yZGluZyB0byBMaW51eOKAmSBu bwo+IHJlZ3Jlc3Npb24gcG9saWN5LiBPbmNlIHRoZSBBTURHUFUvRFJNIGRyaXZlciBpc3N1ZSBp cyBmaXhlZCwgaXQgY2FuIGJlCj4gcmVhcHBsaWVkLiBJIGtub3cgaXTigJlzIG5vdCBvcHRpbWFs LCBidXQgYXMgc29tZSB0ZXN0aW5nIGlzIGdvaW5nIHRvIGJlCj4gaW52b2x2ZWQgZm9yIHRoZSBm aXgsIEnigJlkIGFyZ3VlIGl04oCZcyB0aGUgYmVzdCBvcHRpb24gZm9yIHRoZSB1c2Vycy4KCldl bGwsIHRoZSBTTFVCIGRlZmVuc2Ugd2FzIGFscmVhZHkgcmVsZWFzZWQgaW4gdjUuNywgc28gSSdt IG5vdCBzdXJlIGl0CnJlYWxseSBoZWxwcyBmb3IgYW1kZ3B1X2RtIHVzZXJzIHNlZWluZyBpdCB0 aGVyZSB0b28uIFRoZXJlIHdhcyBhIGZpeCB0bwpkaXNhYmxlIHRoZSBhc3luYyBwYXRoIGZvciB0 aGlzIGRyaXZlciB0aGF0IHdvcmtlZCBhcm91bmQgdGhlIGJ1ZyB0b28sCnllcz8gVGhhdCBzZWVt cyBsaWtlIGEgc2FmZXIgYW5kIG1vcmUgZm9jdXNlZCBjaGFuZ2UgdGhhdCBkb2Vzbid0IHJldmVy dAp0aGUgU0xVQiBkZWZlbnNlIGZvciBhbGwgdXNlcnMsIGFuZCB3b3VsZCBhY3R1YWxseSBwcm92 aWRlIGEgY29tcGxldGUsCkkgdGhpbmssIHdvcmthcm91bmQgd2hlcmVhcyByZXZlcnRpbmcgdGhl IFNMVUIgY2hhbmdlIG1lYW5zIHRoZSByYWNlCnN0aWxsIGV4aXN0cy4gRm9yIGV4YW1wbGUsIGl0 IHdvdWxkIGJlIGhpdCB3aXRoIHNsYWIgcG9pc29uaW5nLCBldGMuCgotLSAKS2VlcyBDb29rCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmFtZC1nZnggbWFp bGluZyBsaXN0CmFtZC1nZnhAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlzdHMuZnJl ZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vYW1kLWdmeAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F75AC433E5 for ; Fri, 24 Jul 2020 17:33:54 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DAE17207DA for ; Fri, 24 Jul 2020 17:33:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Q1QRkHyc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DAE17207DA Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 400196E0C6; Fri, 24 Jul 2020 17:33:53 +0000 (UTC) Received: from mail-pj1-x1041.google.com (mail-pj1-x1041.google.com [IPv6:2607:f8b0:4864:20::1041]) by gabe.freedesktop.org (Postfix) with ESMTPS id 0BEB66E0C6 for ; Fri, 24 Jul 2020 17:33:52 +0000 (UTC) Received: by mail-pj1-x1041.google.com with SMTP id t15so5691593pjq.5 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=Q1QRkHycMk52/bKVqxlla4kawMVY7rJ9Glz8gLDV/8MbzJ1hbsWxA2Nvw14uWnHUyR 7i0ZEaE+GxwOv5WddwQKgaFbyK/Zqqm89mDtGLrSm4Eo9MCONhkoAcHQdJYOautUQtIl BrY8mEeiP/cjryNq+KgqmCIVo1Ikw2cnJeoJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=poHUGrXe1BD+9c3TrJDStGj4Bd5DH0M3y+DuVXJ2LNSkpI8dQlT4qZILNefpxTGEAT H96TREQEpT0XzN+lSxTiytJ2r+RQx3oJIpmhSbIj/OmENXtYQMuh28QCjPcWZuEKX9WR Ex2gi07bJY8bALsnFbIkMwFr6waGYBQHvd4Kt8tyWUI34VO7J0VQIg0tr/2sdspI4Q/m bhbqIl6u3UZk8yLVWnX1M+CBygt4gHCTvkQUzeyFv/avZ3+iVCR5SmTNqc/tCqgTS/z9 TiyGPvfzbrOTIXIz9Uqp3k27WAXmX2jauLSikq6CPaPwTy8JA5Y5/j2EuC4x4BOh2d+k ejaQ== X-Gm-Message-State: AOAM530WF4rAy5N3L9bpdBP+V2lPLF1zIvuYiVmVxsvP03Az4wCBGVT2 T36Iv6MeV3I8ldtxZgvN9QMzmg== X-Google-Smtp-Source: ABdhPJw0sCIj9SGPQi9/3pSeTdjP3tUKlGQY9tYxdh47l36JCwKd/wL2+T5d4l7kWEKYH9l49xhmsg== X-Received: by 2002:a17:90b:238a:: with SMTP id mr10mr6130742pjb.187.1595612031653; Fri, 24 Jul 2020 10:33:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a9sm6938080pfr.103.2020.07.24.10.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 10:33:50 -0700 (PDT) Date: Fri, 24 Jul 2020 10:33:49 -0700 From: Kees Cook To: Paul Menzel Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free Message-ID: <202007241016.922B094AAA@keescook> References: <202007231524.A24720C@keescook> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: anthony.ruhier@gmail.com, 1i5t5.duncan@cox.net, sunpeng.li@amd.com, Mazin Rezk , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, Nicholas Kazlauskas , regressions@leemhuis.info, amd-gfx@lists.freedesktop.org, Alexander Deucher , Andrew Morton , mphantomx@yahoo.com.br, Christian =?iso-8859-1?Q?K=F6nig?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" T24gRnJpLCBKdWwgMjQsIDIwMjAgYXQgMDk6NDU6MThBTSArMDIwMCwgUGF1bCBNZW56ZWwgd3Jv dGU6Cj4gQW0gMjQuMDcuMjAgdW0gMDA6MzIgc2NocmllYiBLZWVzIENvb2s6Cj4gPiBPbiBUaHUs IEp1bCAyMywgMjAyMCBhdCAwOToxMDoxNVBNICswMDAwLCBNYXppbiBSZXprIHdyb3RlOgo+IEFz IExpbnV4IDUuOC1yYzcgaXMgZ29pbmcgdG8gYmUgcmVsZWFzZWQgdGhpcyBTdW5kYXksIEkgd29u ZGVyLCBpZiBjb21taXQKPiAzMjAyZmE2MmYgKCJzbHViOiByZWxvY2F0ZSBmcmVlbGlzdCBwb2lu dGVyIHRvIG1pZGRsZSBvZiBvYmplY3QiKSBzaG91bGQgYmUKPiByZXZlcnRlZCBmb3Igbm93IHRv IGZpeCB0aGUgcmVncmVzc2lvbiBmb3IgdGhlIHVzZXJzIGFjY29yZGluZyB0byBMaW51eOKAmSBu bwo+IHJlZ3Jlc3Npb24gcG9saWN5LiBPbmNlIHRoZSBBTURHUFUvRFJNIGRyaXZlciBpc3N1ZSBp cyBmaXhlZCwgaXQgY2FuIGJlCj4gcmVhcHBsaWVkLiBJIGtub3cgaXTigJlzIG5vdCBvcHRpbWFs LCBidXQgYXMgc29tZSB0ZXN0aW5nIGlzIGdvaW5nIHRvIGJlCj4gaW52b2x2ZWQgZm9yIHRoZSBm aXgsIEnigJlkIGFyZ3VlIGl04oCZcyB0aGUgYmVzdCBvcHRpb24gZm9yIHRoZSB1c2Vycy4KCldl bGwsIHRoZSBTTFVCIGRlZmVuc2Ugd2FzIGFscmVhZHkgcmVsZWFzZWQgaW4gdjUuNywgc28gSSdt IG5vdCBzdXJlIGl0CnJlYWxseSBoZWxwcyBmb3IgYW1kZ3B1X2RtIHVzZXJzIHNlZWluZyBpdCB0 aGVyZSB0b28uIFRoZXJlIHdhcyBhIGZpeCB0bwpkaXNhYmxlIHRoZSBhc3luYyBwYXRoIGZvciB0 aGlzIGRyaXZlciB0aGF0IHdvcmtlZCBhcm91bmQgdGhlIGJ1ZyB0b28sCnllcz8gVGhhdCBzZWVt cyBsaWtlIGEgc2FmZXIgYW5kIG1vcmUgZm9jdXNlZCBjaGFuZ2UgdGhhdCBkb2Vzbid0IHJldmVy dAp0aGUgU0xVQiBkZWZlbnNlIGZvciBhbGwgdXNlcnMsIGFuZCB3b3VsZCBhY3R1YWxseSBwcm92 aWRlIGEgY29tcGxldGUsCkkgdGhpbmssIHdvcmthcm91bmQgd2hlcmVhcyByZXZlcnRpbmcgdGhl IFNMVUIgY2hhbmdlIG1lYW5zIHRoZSByYWNlCnN0aWxsIGV4aXN0cy4gRm9yIGV4YW1wbGUsIGl0 IHdvdWxkIGJlIGhpdCB3aXRoIHNsYWIgcG9pc29uaW5nLCBldGMuCgotLSAKS2VlcyBDb29rCl9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCmRyaS1kZXZlbCBt YWlsaW5nIGxpc3QKZHJpLWRldmVsQGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3Rz LmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2RyaS1kZXZlbAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 069CBC433DF for ; Fri, 24 Jul 2020 17:33:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D743B207BB for ; Fri, 24 Jul 2020 17:33:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="Q1QRkHyc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726877AbgGXRdw (ORCPT ); Fri, 24 Jul 2020 13:33:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47776 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726366AbgGXRdw (ORCPT ); Fri, 24 Jul 2020 13:33:52 -0400 Received: from mail-pj1-x1042.google.com (mail-pj1-x1042.google.com [IPv6:2607:f8b0:4864:20::1042]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1FBF2C0619D3 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) Received: by mail-pj1-x1042.google.com with SMTP id a9so5665005pjd.3 for ; Fri, 24 Jul 2020 10:33:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=Q1QRkHycMk52/bKVqxlla4kawMVY7rJ9Glz8gLDV/8MbzJ1hbsWxA2Nvw14uWnHUyR 7i0ZEaE+GxwOv5WddwQKgaFbyK/Zqqm89mDtGLrSm4Eo9MCONhkoAcHQdJYOautUQtIl BrY8mEeiP/cjryNq+KgqmCIVo1Ikw2cnJeoJQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=6fXu93/1jlX07Hr4lqHKy5c8vfIRiF2jqmKmeTYOgAM=; b=oR33XYgOAaSrqnvOoyYzWpYs+zVfFpbDZNWNv4oB3/PDUb2lJFPmiEpIzTvL/ZzgOs wPhxAHNBc2Dh0FRd2AlezUlys0IBOIdNubflRm2zvqBFTXjTmhBIpX8GZagktcLcke65 Pmvg27YmOEv7LNJKVK1gdlEhqAS6iVbxinb0g0pU0+G06/gfvi3BIokZOgmMIvL/JaDu DNl3IbBOaY8l1OYEfcE3nxIzHY0gYxPf52lgnpd3lvmiQGurpVZz4w34y7fly+qlLIaL XyfmZudnNg5hImXMKcg70YFCCIZITeQi18JeQ0+xuTCZiE6eXYRa4iKYIlPovymRo278 EHQA== X-Gm-Message-State: AOAM5315DJ47e6ZXPJI+CsOLCIG8TR5CEEIWmwt5nIh5dcR57roP24fT xcITPzTKoqDOPL3uLYk5Qvh+4Q== X-Google-Smtp-Source: ABdhPJw0sCIj9SGPQi9/3pSeTdjP3tUKlGQY9tYxdh47l36JCwKd/wL2+T5d4l7kWEKYH9l49xhmsg== X-Received: by 2002:a17:90b:238a:: with SMTP id mr10mr6130742pjb.187.1595612031653; Fri, 24 Jul 2020 10:33:51 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id a9sm6938080pfr.103.2020.07.24.10.33.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 Jul 2020 10:33:50 -0700 (PDT) Date: Fri, 24 Jul 2020 10:33:49 -0700 From: Kees Cook To: Paul Menzel Cc: Mazin Rezk , linux-kernel@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, Andrew Morton , Christian =?iso-8859-1?Q?K=F6nig?= , Harry Wentland , Nicholas Kazlauskas , sunpeng.li@amd.com, Alexander Deucher , 1i5t5.duncan@cox.net, mphantomx@yahoo.com.br, regressions@leemhuis.info, anthony.ruhier@gmail.com Subject: Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free Message-ID: <202007241016.922B094AAA@keescook> References: <202007231524.A24720C@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote: > Am 24.07.20 um 00:32 schrieb Kees Cook: > > On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote: > As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit > 3202fa62f ("slub: relocate freelist pointer to middle of object") should be > reverted for now to fix the regression for the users according to Linux’ no > regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be > reapplied. I know it’s not optimal, but as some testing is going to be > involved for the fix, I’d argue it’s the best option for the users. Well, the SLUB defense was already released in v5.7, so I'm not sure it really helps for amdgpu_dm users seeing it there too. There was a fix to disable the async path for this driver that worked around the bug too, yes? That seems like a safer and more focused change that doesn't revert the SLUB defense for all users, and would actually provide a complete, I think, workaround whereas reverting the SLUB change means the race still exists. For example, it would be hit with slab poisoning, etc. -- Kees Cook