From: Simona Vetter <simona.vetter@ffwll.ch>
To: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: "Dave Airlie" <airlied@gmail.com>,
"Linus Torvalds" <torvalds@linuxfoundation.org>,
"Ville Syrjälä" <ville.syrjala@linux.intel.com>,
"Yassine Mounir" <sosohero200@gmail.com>,
g@web.codeaurora.org, gregkh@linuxfoundation.org,
intel-gfx@lists.freedesktop.org, rodrigo.vivi@intel.com,
security@kernel.org
Subject: Re: [PATCH v2] [PATCH v2] drm/i915/gem: Fix UAF race in eb_relocate_vma
Date: Tue, 7 Apr 2026 18:58:30 +0200 [thread overview]
Message-ID: <adU3tnnjDrj1MynZ@phenom.ffwll.local> (raw)
In-Reply-To: <177557988645.129480.6094289548721099346@jlahtine-mobl>
On Tue, Apr 07, 2026 at 07:38:06PM +0300, Joonas Lahtinen wrote:
> Quoting Linus Torvalds (2026-04-04 01:12:17)
> > On Thu, 26 Mar 2026 at 05:32, Ville Syrjälä
> > <ville.syrjala@linux.intel.com> wrote:
> > >
> > > Ignoring the AI slop aspect, I did have a quick look at the code a bit
> > > and noticed this:
> > >
> > > eb_lookup_vma() {
> > > ...
> > > rcu_read_lock();
> > > vma = radix_tree_lookup(...);
> > > if (likely(vma && vma->vm == vm))
> > > vma = i915_vma_tryget(vma);
> > > rcu_read_unlock();
> > > if (likely(vma))
> > > return vma;
> > > ...
> > > }
> > >
> > > So if we somehow get a vma with the wrong vm there then we
> > > return the vma without grabbing a reference to it.
> >
> > The fix for this seems to have gotten lost and wasn't in the recent
> > drm pull request.
> >
> > I can just fix it up by myself, but it would be good to have proper
> > authorship and sign-off. Please?
>
> Will include a proper patch in next -fixes PR.
>
> The big question is, what stance to take on a value of AI generated low
> quality reproducer code which was accompanied by wall of AI slop which
> caused hours of time get wasted on debunking the hallucinations?
>
> If the reproducer was sent verbatim with "AI claims this code crashes on
> downstream kernel X-Y.Z on my machine W, I have no idea why because
> it's AI generated." that would have been one thing.
>
> However no proof has been even provided that it crashes on any kernel,
> yet alone mainline. All there is AI ramblings claiming hard system lockup
> while describing mouse cursor to be moving doesn't add up. Just like nothing
> about the report adds up (like suddenly claiming the problem to equally
> reproduce inside QEMU where i915 is not loaded).
>
> "Reported-by" seems overly generous for causing hours to be wasted
> debunking false AI hallucinated claims? At most it lead to manual
> reviews where Ville finds a potential bug which may or may not be
> connected in any way to the claimed crash which may not have ever
> happened.
>
> Should there be any tags applied? "Badly-reported-by"?
[Joonas pinged me on irc whether there's a drm stake on this but then
immediately dropped, so here we go.]
I wouldn't use this tag, feels like insulting people on the record for no
gain.
That aside I'd go with Linus' general take in his reply to credit any bug
reports as you see fit. Personally maybe Reported-by: Ville (if someone
else types up the patch) and References: for the overall thread for
context. There's no requirement to thank people who just wasted your time.
Cheers, Sima
--
Simona Vetter
Software Engineer
http://blog.ffwll.ch
prev parent reply other threads:[~2026-04-07 16:58 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-24 15:17 [PATCH v2] [PATCH v2] drm/i915/gem: Fix UAF race in eb_relocate_vma Yassine Mounir
2026-03-25 8:01 ` Joonas Lahtinen
2026-03-25 8:20 ` Yassine Mounir
2026-03-25 14:07 ` Joonas Lahtinen
2026-03-25 15:43 ` Yassine Mounir
2026-03-25 15:46 ` Rodrigo Vivi
2026-03-25 17:30 ` Yassine Mounir
2026-03-25 17:30 ` Yassine Mounir
2026-03-25 22:14 ` Rodrigo Vivi
2026-03-25 22:37 ` Yassine Mounir
2026-03-26 6:54 ` AI slop security report against i915 (Was: Re: [PATCH v2] drm/i915/gem: Fix UAF race in eb_relocate_vma) Joonas Lahtinen
2026-03-26 8:45 ` Greg KH
2026-03-25 15:34 ` ✗ LGCI.VerificationFailed: failure for drm/i915/gem: Fix UAF race in eb_relocate_vma Patchwork
2026-03-26 12:32 ` [PATCH v2] [PATCH v2] " Ville Syrjälä
2026-03-26 15:19 ` Linus Torvalds
2026-04-03 22:12 ` Linus Torvalds
2026-04-03 22:35 ` Yassine Mounir
2026-04-03 22:38 ` Yassine Mounir
2026-04-07 16:38 ` Joonas Lahtinen
2026-04-07 16:46 ` Linus Torvalds
2026-04-08 11:15 ` Joonas Lahtinen
2026-04-08 15:38 ` Linus Torvalds
2026-04-08 16:24 ` Joonas Lahtinen
2026-04-09 15:45 ` Linus Torvalds
2026-04-13 4:39 ` Joonas Lahtinen
2026-04-09 8:05 ` Matthew Brost
2026-04-09 15:50 ` Linus Torvalds
2026-04-07 16:58 ` Simona Vetter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adU3tnnjDrj1MynZ@phenom.ffwll.local \
--to=simona.vetter@ffwll.ch \
--cc=airlied@gmail.com \
--cc=g@web.codeaurora.org \
--cc=gregkh@linuxfoundation.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=joonas.lahtinen@linux.intel.com \
--cc=rodrigo.vivi@intel.com \
--cc=security@kernel.org \
--cc=sosohero200@gmail.com \
--cc=torvalds@linuxfoundation.org \
--cc=ville.syrjala@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox