From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Daniel, Thomas" <thomas.daniel@intel.com>
Subject: Re: [PATCH] drm/i915: Fix a use after free,
 and unbalanced refcounting
Date: Mon, 16 Feb 2015 11:13:32 +0000
Message-ID: <BFEE8FEC12424048AF1805991D65FA911973D334@irsmsx105.ger.corp.intel.com>
References: <1423834235-14991-1-git-send-email-nicholas.hoath@intel.com>
 <20150213135019.GL24485@phenom.ffwll.local>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by gabe.freedesktop.org (Postfix) with ESMTP id B192E6E254
 for <intel-gfx@lists.freedesktop.org>; Mon, 16 Feb 2015 03:13:36 -0800 (PST)
In-Reply-To: <20150213135019.GL24485@phenom.ffwll.local>
Content-Language: en-US
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
To: Daniel Vetter <daniel@ffwll.ch>, "Hoath, Nicholas" <nicholas.hoath@intel.com>
Cc: "intel-gfx@lists.freedesktop.org" <intel-gfx@lists.freedesktop.org>
List-Id: intel-gfx@lists.freedesktop.org

PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBJbnRlbC1nZnggW21haWx0bzpp
bnRlbC1nZngtYm91bmNlc0BsaXN0cy5mcmVlZGVza3RvcC5vcmddIE9uIEJlaGFsZiBPZg0KPiBE
YW5pZWwgVmV0dGVyDQo+IFNlbnQ6IEZyaWRheSwgRmVicnVhcnkgMTMsIDIwMTUgMTo1MCBQTQ0K
PiBUbzogSG9hdGgsIE5pY2hvbGFzDQo+IENjOiBpbnRlbC1nZnhAbGlzdHMuZnJlZWRlc2t0b3Au
b3JnDQo+IFN1YmplY3Q6IFJlOiBbSW50ZWwtZ2Z4XSBbUEFUQ0hdIGRybS9pOTE1OiBGaXggYSB1
c2UgYWZ0ZXIgZnJlZSwgYW5kIHVuYmFsYW5jZWQNCj4gcmVmY291bnRpbmcNCj4gDQo+IE9uIEZy
aSwgRmViIDEzLCAyMDE1IGF0IDAxOjMwOjM1UE0gKzAwMDAsIE5pY2sgSG9hdGggd3JvdGU6DQo+
ID4gQnVnemlsbGE6IGh0dHBzOi8vYnVncy5mcmVlZGVza3RvcC5vcmcvc2hvd19idWcuY2dpP2lk
PTg4NjUyDQo+ID4NCj4gPiBXaGVuIGNvbnZlcnRpbmcgZnJvbSBpbXBsaWNpdGx5IHRyYWNrZWQg
ZXhlY2xpc3QgcXVldWUgaXRlbXMgdG8gcmVmIGNvdW50ZWQNCj4gPiByZXF1ZXN0cywgbm90IGFs
bCBmcmVlJ3Mgb2YgcmVxdWVzdHMgd2VyZSByZXBsYWNlZCB3aXRoIHVucmVmcywgYW5kIGV4dHJh
bmVvdXMNCj4gPiByZWZzL3VucmVmcyBvZiBjb250ZXh0cyB3ZXJlIGFkZGVkLg0KPiA+IENvcnJl
Y3QgdGhlIHVuYmFsYW5jZWQgcmVmY291bnQgJiByZXBsYWNlIHRoZSBmcmVlJ3MuDQo+ID4NCj4g
PiBQcm9ibGVtIGludHJvZHVjZWQgaW46DQo+ID4gY29tbWl0IDZkM2Q4Mjc0YmM0NWRlNGJhYmI2
MmQ2NDU2MmQ5MmFmOTg0ZGQyMzgNCj4gPiBBdXRob3I6ICAgICBOaWNrIEhvYXRoIDxuaWNob2xh
cy5ob2F0aEBpbnRlbC5jb20+DQo+ID4gQXV0aG9yRGF0ZTogVGh1IEphbiAxNSAxMzoxMDozOSAy
MDE1ICswMDAwDQo+ID4NCj4gPiAgICAgZHJtL2k5MTU6IFN1YnN1bWUgaW50ZWxfY3R4X3N1Ym1p
dF9yZXF1ZXN0IGluIHRvIGRybV9pOTE1X2dlbV9yZXF1ZXN0DQo+IA0KPiBJbW8gdGhlIGNvbW1p
dCBtZXNzYWdlIHNob3VsZCBiZSBhbW1lbmRlZCB3aXRoIGEgc2hvcnQgcGFyYWdyYXBoIGV4cGxh
aW5pZw0KPiB0aGUgdmFyaW91cyBwb2ludGVycyBhbmQgaW1wbGllZCBhbmQgZXhwbGljaXQgcmVm
ZXJlbmNlcyB3ZSBub3cgaGF2ZQ0KPiBhcm91bmQgcmVxdWVzdHMgYW5kIGNvbnRleHRzLiBUaGF0
IHdheSByZXZpZXcgb2YgdGhpcyB3aWxsIGdldCBhIGJpdA0KPiBlYXNpZXIgYW5kIHdlJ2xsIGF2
b2lkIGFub3RoZXIgbWlzdW5kZXJzdGFuZGluZy4NCj4gDQo+IEkgZXZlbiB0aGluayB3ZSBzaG91
bGQgYWRkIGEgY29tbWVudCBpbiB0aGUgaGVhZGVyIHRvIHJlcXVlc3QuY3R4IHRvDQo+IGV4cGxh
aW4gdGhlIHJ1bGVzIHNpbmNlIGFwcGFyZW50bHkgdGhleSd2ZSBub3QgYmVlbiBmdWxseSBjbGVh
ci4NCkFncmVlIHRoYXQgbW9yZSBkb2N1bWVudGF0aW9uIGFyb3VuZCB0aGVzZSBjdHggcmVmcyB3
b3VsZCBiZSBnb29kIHRvIGhhdmUgdG8gY2xlYXIgdXAgY29uZnVzaW9uLg0KRm9yIGV4YW1wbGUs
IEkgaW5pdGlhbGx5IHRob3VnaHQgdGhhdCB0aGlzIHBhdGNoIGludHJvZHVjZWQgYSBuZXcgdXNl
LWFmdGVyLWZyZWUgYmVjYXVzZSBvZiB0aGUgcmVtb3ZhbCBvZiB0aGUgY3R4IHJlZiBpbiBleGVj
bGlzdHNfY29udGV4dF9xdWV1ZSgpLg0KDQo+IA0KPiA+IFNpZ25lZC1vZmYtYnk6IE5pY2sgSG9h
dGggPG5pY2hvbGFzLmhvYXRoQGludGVsLmNvbT4NCj4gDQo+IEJ1dCB5ZWFoIHRoaXMgbWFrZXMg
YSBsb3QgbW9yZSBzZW5zZSBpbW8uIFBsZWFzZSBmZWVkIHRoaXMgdG8gUUEgZm9yDQo+IHN0cmVz
cy10ZXN0aW5nIGluIGFsbCB0aGUgcmVsZXZhbnQgYnVncy4gVG9kYXkgSSBoYXZlIG15IGhlYWQg
ZnVsbCB3aXRoDQo+IGttcyBjb2RlIHNvIG5vdCBhIGdvb2QgdGltZSBmb3IgYSBmdWxsIGluLWRl
cHRoIHJldmlldy4gQnV0IEkgdGhpbmsgaXQnZA0KPiBiZSBnb29kIGlmIG90aGVyIHBlb3BsZSB0
YWtlIGEgbG9vayBhbnl3YXksIHNvIHBsZWFzZSB0aHJvdyB0aGlzIGF0IGEgZmV3DQo+IHBwbCBm
cm9tIHRoZSB2cGcgY29yZSB0ZWFtIHRvby4NCkkgZ3Vlc3MgdGhhdCB3b3VsZCBiZSBtZS4uLg0K
VGhlIGNvZGUgY2hhbmdlcyBsb29rIE9LLCB3b3VsZCBsaWtlIHRvIHNlZSB0aGUgdXBkYXRlZCBj
b21tZW50cyBhbmQgUUEgcmVzdWx0cy4NCg0KQ2hlZXJzLA0KVGhvbWFzLg0KDQo+IFRoYW5rcywg
RGFuaWVsDQo+IA0KPiA+IC0tLQ0KPiA+ICBkcml2ZXJzL2dwdS9kcm0vaTkxNS9pOTE1X2dlbS5j
ICB8IDMgKy0tDQo+ID4gIGRyaXZlcnMvZ3B1L2RybS9pOTE1L2ludGVsX2xyYy5jIHwgMyArLS0N
Cj4gPiAgMiBmaWxlcyBjaGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pDQo+
ID4NCj4gPiBkaWZmIC0tZ2l0IGEvZHJpdmVycy9ncHUvZHJtL2k5MTUvaTkxNV9nZW0uYw0KPiBi
L2RyaXZlcnMvZ3B1L2RybS9pOTE1L2k5MTVfZ2VtLmMNCj4gPiBpbmRleCAxNzY1OTg5Li43OWU0
OGIyIDEwMDY0NA0KPiA+IC0tLSBhL2RyaXZlcnMvZ3B1L2RybS9pOTE1L2k5MTVfZ2VtLmMNCj4g
PiArKysgYi9kcml2ZXJzL2dwdS9kcm0vaTkxNS9pOTE1X2dlbS5jDQo+ID4gQEAgLTI2NjAsOCAr
MjY2MCw3IEBAIHN0YXRpYyB2b2lkIGk5MTVfZ2VtX3Jlc2V0X3JpbmdfY2xlYW51cChzdHJ1Y3QN
Cj4gZHJtX2k5MTVfcHJpdmF0ZSAqZGV2X3ByaXYsDQo+ID4gIAkJaWYgKHN1Ym1pdF9yZXEtPmN0
eCAhPSByaW5nLT5kZWZhdWx0X2NvbnRleHQpDQo+ID4gIAkJCWludGVsX2xyX2NvbnRleHRfdW5w
aW4ocmluZywgc3VibWl0X3JlcS0+Y3R4KTsNCj4gPg0KPiA+IC0JCWk5MTVfZ2VtX2NvbnRleHRf
dW5yZWZlcmVuY2Uoc3VibWl0X3JlcS0+Y3R4KTsNCj4gPiAtCQlrZnJlZShzdWJtaXRfcmVxKTsN
Cj4gPiArCQlpOTE1X2dlbV9yZXF1ZXN0X3VucmVmZXJlbmNlKHN1Ym1pdF9yZXEpOw0KPiA+ICAJ
fQ0KPiA+DQo+ID4gIAkvKg0KPiA+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vaTkxNS9p
bnRlbF9scmMuYyBiL2RyaXZlcnMvZ3B1L2RybS9pOTE1L2ludGVsX2xyYy5jDQo+ID4gaW5kZXgg
YWFmY2VmMy4uYTE4OTI1ZCAxMDA2NDQNCj4gPiAtLS0gYS9kcml2ZXJzL2dwdS9kcm0vaTkxNS9p
bnRlbF9scmMuYw0KPiA+ICsrKyBiL2RyaXZlcnMvZ3B1L2RybS9pOTE1L2ludGVsX2xyYy5jDQo+
ID4gQEAgLTUxOCwxMiArNTE4LDEyIEBAIHN0YXRpYyBpbnQgZXhlY2xpc3RzX2NvbnRleHRfcXVl
dWUoc3RydWN0DQo+IGludGVsX2VuZ2luZV9jcyAqcmluZywNCj4gPiAgCQkJcmV0dXJuIC1FTk9N
RU07DQo+ID4gIAkJcmVxdWVzdC0+cmluZyA9IHJpbmc7DQo+ID4gIAkJcmVxdWVzdC0+Y3R4ID0g
dG87DQo+ID4gKwkJaTkxNV9nZW1fY29udGV4dF9yZWZlcmVuY2UocmVxdWVzdC0+Y3R4KTsNCj4g
PiAgCX0gZWxzZSB7DQo+ID4gIAkJV0FSTl9PTih0byAhPSByZXF1ZXN0LT5jdHgpOw0KPiA+ICAJ
fQ0KPiA+ICAJcmVxdWVzdC0+dGFpbCA9IHRhaWw7DQo+ID4gIAlpOTE1X2dlbV9yZXF1ZXN0X3Jl
ZmVyZW5jZShyZXF1ZXN0KTsNCj4gPiAtCWk5MTVfZ2VtX2NvbnRleHRfcmVmZXJlbmNlKHJlcXVl
c3QtPmN0eCk7DQo+ID4NCj4gPiAgCWludGVsX3J1bnRpbWVfcG1fZ2V0KGRldl9wcml2KTsNCj4g
Pg0KPiA+IEBAIC03NDAsNyArNzQwLDYgQEAgdm9pZCBpbnRlbF9leGVjbGlzdHNfcmV0aXJlX3Jl
cXVlc3RzKHN0cnVjdA0KPiBpbnRlbF9lbmdpbmVfY3MgKnJpbmcpDQo+ID4gIAkJaWYgKGN0eF9v
YmogJiYgKGN0eCAhPSByaW5nLT5kZWZhdWx0X2NvbnRleHQpKQ0KPiA+ICAJCQlpbnRlbF9scl9j
b250ZXh0X3VucGluKHJpbmcsIGN0eCk7DQo+ID4gIAkJaW50ZWxfcnVudGltZV9wbV9wdXQoZGV2
X3ByaXYpOw0KPiA+IC0JCWk5MTVfZ2VtX2NvbnRleHRfdW5yZWZlcmVuY2UoY3R4KTsNCj4gPiAg
CQlsaXN0X2RlbCgmcmVxLT5leGVjbGlzdF9saW5rKTsNCj4gPiAgCQlpOTE1X2dlbV9yZXF1ZXN0
X3VucmVmZXJlbmNlKHJlcSk7DQo+ID4gIAl9DQo+ID4gLS0NCj4gPiAyLjEuMQ0KPiA+DQo+IA0K
PiAtLQ0KPiBEYW5pZWwgVmV0dGVyDQo+IFNvZnR3YXJlIEVuZ2luZWVyLCBJbnRlbCBDb3Jwb3Jh
dGlvbg0KPiArNDEgKDApIDc5IDM2NSA1NyA0OCAtIGh0dHA6Ly9ibG9nLmZmd2xsLmNoDQo+IF9f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IEludGVsLWdm
eCBtYWlsaW5nIGxpc3QNCj4gSW50ZWwtZ2Z4QGxpc3RzLmZyZWVkZXNrdG9wLm9yZw0KPiBodHRw
Oi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vaW50ZWwtZ2Z4DQpfX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwpJbnRlbC1nZnggbWFp
bGluZyBsaXN0CkludGVsLWdmeEBsaXN0cy5mcmVlZGVza3RvcC5vcmcKaHR0cDovL2xpc3RzLmZy
ZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ludGVsLWdmeAo=