From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel Vetter Subject: Re: [PATCH] drm/i915: Fix a use after free, and unbalanced refcounting Date: Fri, 13 Feb 2015 14:50:19 +0100 Message-ID: <20150213135019.GL24485@phenom.ffwll.local> References: <1423834235-14991-1-git-send-email-nicholas.hoath@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mail-we0-f176.google.com (mail-we0-f176.google.com [74.125.82.176]) by gabe.freedesktop.org (Postfix) with ESMTP id 91F696E01B for ; Fri, 13 Feb 2015 05:49:22 -0800 (PST) Received: by mail-we0-f176.google.com with SMTP id x3so16673844wes.7 for ; Fri, 13 Feb 2015 05:49:21 -0800 (PST) Content-Disposition: inline In-Reply-To: <1423834235-14991-1-git-send-email-nicholas.hoath@intel.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" To: Nick Hoath Cc: intel-gfx@lists.freedesktop.org List-Id: intel-gfx@lists.freedesktop.org T24gRnJpLCBGZWIgMTMsIDIwMTUgYXQgMDE6MzA6MzVQTSArMDAwMCwgTmljayBIb2F0aCB3cm90 ZToKPiBCdWd6aWxsYTogaHR0cHM6Ly9idWdzLmZyZWVkZXNrdG9wLm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9ODg2NTIKPiAKPiBXaGVuIGNvbnZlcnRpbmcgZnJvbSBpbXBsaWNpdGx5IHRyYWNrZWQgZXhl Y2xpc3QgcXVldWUgaXRlbXMgdG8gcmVmIGNvdW50ZWQKPiByZXF1ZXN0cywgbm90IGFsbCBmcmVl J3Mgb2YgcmVxdWVzdHMgd2VyZSByZXBsYWNlZCB3aXRoIHVucmVmcywgYW5kIGV4dHJhbmVvdXMK PiByZWZzL3VucmVmcyBvZiBjb250ZXh0cyB3ZXJlIGFkZGVkLgo+IENvcnJlY3QgdGhlIHVuYmFs YW5jZWQgcmVmY291bnQgJiByZXBsYWNlIHRoZSBmcmVlJ3MuCj4gCj4gUHJvYmxlbSBpbnRyb2R1 Y2VkIGluOgo+IGNvbW1pdCA2ZDNkODI3NGJjNDVkZTRiYWJiNjJkNjQ1NjJkOTJhZjk4NGRkMjM4 Cj4gQXV0aG9yOiAgICAgTmljayBIb2F0aCA8bmljaG9sYXMuaG9hdGhAaW50ZWwuY29tPgo+IEF1 dGhvckRhdGU6IFRodSBKYW4gMTUgMTM6MTA6MzkgMjAxNSArMDAwMAo+IAo+ICAgICBkcm0vaTkx NTogU3Vic3VtZSBpbnRlbF9jdHhfc3VibWl0X3JlcXVlc3QgaW4gdG8gZHJtX2k5MTVfZ2VtX3Jl cXVlc3QKCkltbyB0aGUgY29tbWl0IG1lc3NhZ2Ugc2hvdWxkIGJlIGFtbWVuZGVkIHdpdGggYSBz aG9ydCBwYXJhZ3JhcGggZXhwbGFpbmlnCnRoZSB2YXJpb3VzIHBvaW50ZXJzIGFuZCBpbXBsaWVk IGFuZCBleHBsaWNpdCByZWZlcmVuY2VzIHdlIG5vdyBoYXZlCmFyb3VuZCByZXF1ZXN0cyBhbmQg Y29udGV4dHMuIFRoYXQgd2F5IHJldmlldyBvZiB0aGlzIHdpbGwgZ2V0IGEgYml0CmVhc2llciBh bmQgd2UnbGwgYXZvaWQgYW5vdGhlciBtaXN1bmRlcnN0YW5kaW5nLgoKSSBldmVuIHRoaW5rIHdl IHNob3VsZCBhZGQgYSBjb21tZW50IGluIHRoZSBoZWFkZXIgdG8gcmVxdWVzdC5jdHggdG8KZXhw bGFpbiB0aGUgcnVsZXMgc2luY2UgYXBwYXJlbnRseSB0aGV5J3ZlIG5vdCBiZWVuIGZ1bGx5IGNs ZWFyLgoKPiBTaWduZWQtb2ZmLWJ5OiBOaWNrIEhvYXRoIDxuaWNob2xhcy5ob2F0aEBpbnRlbC5j b20+CgpCdXQgeWVhaCB0aGlzIG1ha2VzIGEgbG90IG1vcmUgc2Vuc2UgaW1vLiBQbGVhc2UgZmVl ZCB0aGlzIHRvIFFBIGZvcgpzdHJlc3MtdGVzdGluZyBpbiBhbGwgdGhlIHJlbGV2YW50IGJ1Z3Mu IFRvZGF5IEkgaGF2ZSBteSBoZWFkIGZ1bGwgd2l0aAprbXMgY29kZSBzbyBub3QgYSBnb29kIHRp bWUgZm9yIGEgZnVsbCBpbi1kZXB0aCByZXZpZXcuIEJ1dCBJIHRoaW5rIGl0J2QKYmUgZ29vZCBp ZiBvdGhlciBwZW9wbGUgdGFrZSBhIGxvb2sgYW55d2F5LCBzbyBwbGVhc2UgdGhyb3cgdGhpcyBh dCBhIGZldwpwcGwgZnJvbSB0aGUgdnBnIGNvcmUgdGVhbSB0b28uCgpUaGFua3MsIERhbmllbAoK PiAtLS0KPiAgZHJpdmVycy9ncHUvZHJtL2k5MTUvaTkxNV9nZW0uYyAgfCAzICstLQo+ICBkcml2 ZXJzL2dwdS9kcm0vaTkxNS9pbnRlbF9scmMuYyB8IDMgKy0tCj4gIDIgZmlsZXMgY2hhbmdlZCwg MiBpbnNlcnRpb25zKCspLCA0IGRlbGV0aW9ucygtKQo+IAo+IGRpZmYgLS1naXQgYS9kcml2ZXJz L2dwdS9kcm0vaTkxNS9pOTE1X2dlbS5jIGIvZHJpdmVycy9ncHUvZHJtL2k5MTUvaTkxNV9nZW0u Ywo+IGluZGV4IDE3NjU5ODkuLjc5ZTQ4YjIgMTAwNjQ0Cj4gLS0tIGEvZHJpdmVycy9ncHUvZHJt L2k5MTUvaTkxNV9nZW0uYwo+ICsrKyBiL2RyaXZlcnMvZ3B1L2RybS9pOTE1L2k5MTVfZ2VtLmMK PiBAQCAtMjY2MCw4ICsyNjYwLDcgQEAgc3RhdGljIHZvaWQgaTkxNV9nZW1fcmVzZXRfcmluZ19j bGVhbnVwKHN0cnVjdCBkcm1faTkxNV9wcml2YXRlICpkZXZfcHJpdiwKPiAgCQlpZiAoc3VibWl0 X3JlcS0+Y3R4ICE9IHJpbmctPmRlZmF1bHRfY29udGV4dCkKPiAgCQkJaW50ZWxfbHJfY29udGV4 dF91bnBpbihyaW5nLCBzdWJtaXRfcmVxLT5jdHgpOwo+ICAKPiAtCQlpOTE1X2dlbV9jb250ZXh0 X3VucmVmZXJlbmNlKHN1Ym1pdF9yZXEtPmN0eCk7Cj4gLQkJa2ZyZWUoc3VibWl0X3JlcSk7Cj4g KwkJaTkxNV9nZW1fcmVxdWVzdF91bnJlZmVyZW5jZShzdWJtaXRfcmVxKTsKPiAgCX0KPiAgCj4g IAkvKgo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vaTkxNS9pbnRlbF9scmMuYyBiL2Ry aXZlcnMvZ3B1L2RybS9pOTE1L2ludGVsX2xyYy5jCj4gaW5kZXggYWFmY2VmMy4uYTE4OTI1ZCAx MDA2NDQKPiAtLS0gYS9kcml2ZXJzL2dwdS9kcm0vaTkxNS9pbnRlbF9scmMuYwo+ICsrKyBiL2Ry aXZlcnMvZ3B1L2RybS9pOTE1L2ludGVsX2xyYy5jCj4gQEAgLTUxOCwxMiArNTE4LDEyIEBAIHN0 YXRpYyBpbnQgZXhlY2xpc3RzX2NvbnRleHRfcXVldWUoc3RydWN0IGludGVsX2VuZ2luZV9jcyAq cmluZywKPiAgCQkJcmV0dXJuIC1FTk9NRU07Cj4gIAkJcmVxdWVzdC0+cmluZyA9IHJpbmc7Cj4g IAkJcmVxdWVzdC0+Y3R4ID0gdG87Cj4gKwkJaTkxNV9nZW1fY29udGV4dF9yZWZlcmVuY2UocmVx dWVzdC0+Y3R4KTsKPiAgCX0gZWxzZSB7Cj4gIAkJV0FSTl9PTih0byAhPSByZXF1ZXN0LT5jdHgp Owo+ICAJfQo+ICAJcmVxdWVzdC0+dGFpbCA9IHRhaWw7Cj4gIAlpOTE1X2dlbV9yZXF1ZXN0X3Jl ZmVyZW5jZShyZXF1ZXN0KTsKPiAtCWk5MTVfZ2VtX2NvbnRleHRfcmVmZXJlbmNlKHJlcXVlc3Qt PmN0eCk7Cj4gIAo+ICAJaW50ZWxfcnVudGltZV9wbV9nZXQoZGV2X3ByaXYpOwo+ICAKPiBAQCAt NzQwLDcgKzc0MCw2IEBAIHZvaWQgaW50ZWxfZXhlY2xpc3RzX3JldGlyZV9yZXF1ZXN0cyhzdHJ1 Y3QgaW50ZWxfZW5naW5lX2NzICpyaW5nKQo+ICAJCWlmIChjdHhfb2JqICYmIChjdHggIT0gcmlu Zy0+ZGVmYXVsdF9jb250ZXh0KSkKPiAgCQkJaW50ZWxfbHJfY29udGV4dF91bnBpbihyaW5nLCBj dHgpOwo+ICAJCWludGVsX3J1bnRpbWVfcG1fcHV0KGRldl9wcml2KTsKPiAtCQlpOTE1X2dlbV9j b250ZXh0X3VucmVmZXJlbmNlKGN0eCk7Cj4gIAkJbGlzdF9kZWwoJnJlcS0+ZXhlY2xpc3RfbGlu ayk7Cj4gIAkJaTkxNV9nZW1fcmVxdWVzdF91bnJlZmVyZW5jZShyZXEpOwo+ICAJfQo+IC0tIAo+ IDIuMS4xCj4gCgotLSAKRGFuaWVsIFZldHRlcgpTb2Z0d2FyZSBFbmdpbmVlciwgSW50ZWwgQ29y cG9yYXRpb24KKzQxICgwKSA3OSAzNjUgNTcgNDggLSBodHRwOi8vYmxvZy5mZndsbC5jaApfX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpJbnRlbC1nZnggbWFp bGluZyBsaXN0CkludGVsLWdmeEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cDovL2xpc3RzLmZy ZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ludGVsLWdmeAo=