Re: [PATCH] amdgpu_dm: fix nonblocking atomic commit use-after-free

[Paul Menzel]

Dear Kees,


Am 24.07.20 um 19:33 schrieb Kees Cook:
> On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote:
> > Am 24.07.20 um 00:32 schrieb Kees Cook:
> > > On Thu, Jul 23, 2020 at 09:10:15PM +0000, Mazin Rezk wrote:
> > As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit
> > 3202fa62f ("slub: relocate freelist pointer to middle of object") should be
> > reverted for now to fix the regression for the users according to Linuxâ no
> > regression policy. Once the AMDGPU/DRM driver issue is fixed, it can be
> > reapplied. I know itâs not optimal, but as some testing is going to be
> > involved for the fix, Iâd argue itâs the best option for the users.
>
> Well, the SLUB defense was already released in v5.7, so I'm not sure it
> really helps for amdgpu_dm users seeing it there too.

In my opinion, it would help, as the stable release could pick up the 
revert, ones itâs in Linusâ master branch.

> There was a fix to disable the async path for this driver that worked
> around the bug too, yes? That seems like a safer and more focused
> change that doesn't revert the SLUB defense for all users, and would
> actually provide a complete, I think, workaround whereas reverting
> the SLUB change means the race still exists. For example, it would be
> hit with slab poisoning, etc.

I do not know. If there is such a fix, that would be great. But if you 
do not know, how should a normal user? ;-)


Kind regards,

Paul


Kind regards,

Paul