[PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free

Paul Menzel pmenzel at molgen.mpg.de
Fri Jul 24 21:19:59 UTC 2020


Dear Kees,


Am 24.07.20 um 19:33 schrieb Kees Cook:
> On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote:
>> Am 24.07.20 um 00:32 schrieb Kees Cook:
>>> On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote:
>> As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit
>> 3202fa62f ("slub: relocate freelist pointer to middle of object") should be
>> reverted for now to fix the regression for the users according to Linux’ no
>> regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be
>> reapplied. I know it’s not optimal, but as some testing is going to be
>> involved for the fix, I’d argue it’s the best option for the users.
> 
> Well, the SLUB defense was already released in v5.7, so I'm not sure it
> really helps for amdgpu_dm users seeing it there too.

In my opinion, it would help, as the stable release could pick up the 
revert, ones it’s in Linus’ master branch.

> There was a fix to disable the async path for this driver that worked
> around the bug too, yes? That seems like a safer and more focused
> change that doesn't revert the SLUB defense for all users, and would
> actually provide a complete, I think, workaround whereas reverting
> the SLUB change means the race still exists. For example, it would be
> hit with slab poisoning, etc.

I do not know. If there is such a fix, that would be great. But if you 
do not know, how should a normal user? ;-)


Kind regards,

Paul


Kind regards,

Paul


More information about the amd-gfx mailing list