From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 493E6C433DF for ; Wed, 17 Jun 2020 08:21:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3102C20C09 for ; Wed, 17 Jun 2020 08:21:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726326AbgFQIVd (ORCPT ); Wed, 17 Jun 2020 04:21:33 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.86.151]:58112 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726025AbgFQIVd (ORCPT ); Wed, 17 Jun 2020 04:21:33 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-151-NNVoDzt9NdeCYy0h9mSXPw-1; Wed, 17 Jun 2020 09:21:29 +0100 X-MC-Unique: NNVoDzt9NdeCYy0h9mSXPw-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 17 Jun 2020 09:21:28 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Wed, 17 Jun 2020 09:21:28 +0100 From: David Laight To: 'Charan Teja Kalla' , "Ruhl, Michael J" , Sumit Semwal , "open list:DMA BUFFER SHARING FRAMEWORK" , "DRI mailing list" CC: Linaro MM SIG , "vinmenon@codeaurora.org" , LKML , "stable@vger.kernel.org" Subject: RE: [PATCH] dmabuf: use spinlock to access dmabuf->name Thread-Topic: [PATCH] dmabuf: use spinlock to access dmabuf->name Thread-Index: AQHWRHCUCFGeEhsHd0uEJ3SlJWBlmajcdwBw Date: Wed, 17 Jun 2020 08:21:28 +0000 Message-ID: References: <316a5cf9-ca71-6506-bf8b-e79ded9055b2@codeaurora.org> <14063C7AD467DE4B82DEDB5C278E8663010F365EF5@fmsmsx107.amr.corp.intel.com> <14063C7AD467DE4B82DEDB5C278E8663010F365F7D@fmsmsx107.amr.corp.intel.com> <5b960c9a-ef9d-b43d-716d-113efc793fe5@codeaurora.org> In-Reply-To: <5b960c9a-ef9d-b43d-716d-113efc793fe5@codeaurora.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org RnJvbTogQ2hhcmFuIFRlamEgS2FsbGENCj4gU2VudDogMTcgSnVuZSAyMDIwIDA3OjI5DQouLi4N Cj4gPj4gSWYgbmFtZSBpcyBmcmVlZCB5b3Ugd2lsbCBjb3B5IGdhcmJhZ2UsIGJ1dCB0aGUgb25s eSB3YXkNCj4gPj4gZm9yIHRoYXQgdG8gaGFwcGVuIGlzIHRoYXQgX3NldF9uYW1lIG9yIF9yZWxl YXNlIGhhdmUgdG8gYmUgY2FsbGVkDQo+ID4+IGF0IGp1c3QgdGhlIHJpZ2h0IHRpbWUuDQo+ID4+ DQo+ID4+IEFuZCB0aGUgYWJvdmUgd291bGQgcHJvYmFibHkgb25seSBiZSBhbiBpc3N1ZSBpZiB0 aGUgc2V0X25hbWUNCj4gPj4gd2FzIGNhbGxlZCwgc28geW91IHdpbGwgZ2V0IE5VTEwgb3IgYSBy ZWFsIG5hbWUuDQo+IA0KPiBBbmQgdGhlcmUgZXhpc3RzIGEgdXNlLWFmdGVyLWZyZWUgdG8gYXZv aWQgd2hpY2ggcmVxdWlyZXMgdGhlIGxvY2suIFNheQ0KPiB0aGF0IG1lbWNweSgpIGluIGRtYWJ1 ZmZzX2RuYW1lIGlzIGluIHByb2dyZXNzIGFuZCBpbiBwYXJhbGxlbCBfc2V0X25hbWUNCj4gd2ls bCBmcmVlIHRoZSBzYW1lIGJ1ZmZlciB0aGF0IG1lbWNweSBpcyBvcGVyYXRpbmcgb24uDQoNCklm IHRoZSBuYW1lIGlzIGJlaW5nIGxvb2tlZCBhdCB3aGlsZSB0aGUgaXRlbSBpcyBiZWluZyBmcmVl ZA0KeW91IGFsbW9zdCBjZXJ0YWlubHkgaGF2ZSBtdWNoIGJpZ2dlciBwcm9ibGVtcyB0aGF0IGp1 c3QNCnRoZSBuYW1lIGJlaW5nIGEgJ2p1bmsnIHBvaW50ZXIuDQoNCglEYXZpZC4NCg0KLQ0KUmVn aXN0ZXJlZCBBZGRyZXNzIExha2VzaWRlLCBCcmFtbGV5IFJvYWQsIE1vdW50IEZhcm0sIE1pbHRv biBLZXluZXMsIE1LMSAxUFQsIFVLDQpSZWdpc3RyYXRpb24gTm86IDEzOTczODYgKFdhbGVzKQ0K From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59683C433E1 for ; Thu, 18 Jun 2020 07:18:36 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3AE9D21532 for ; Thu, 18 Jun 2020 07:18:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3AE9D21532 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=ACULAB.COM Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 3FAB46EB0D; Thu, 18 Jun 2020 07:17:36 +0000 (UTC) X-Greylist: delayed 311 seconds by postgrey-1.36 at gabe; Wed, 17 Jun 2020 08:28:14 UTC Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [207.82.80.151]) by gabe.freedesktop.org (Postfix) with ESMTPS id C4A2F6E13B for ; Wed, 17 Jun 2020 08:28:14 +0000 (UTC) Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-151-NNVoDzt9NdeCYy0h9mSXPw-1; Wed, 17 Jun 2020 09:21:29 +0100 X-MC-Unique: NNVoDzt9NdeCYy0h9mSXPw-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 17 Jun 2020 09:21:28 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Wed, 17 Jun 2020 09:21:28 +0100 From: David Laight To: 'Charan Teja Kalla' , "Ruhl, Michael J" , Sumit Semwal , "open list:DMA BUFFER SHARING FRAMEWORK" , "DRI mailing list" Subject: RE: [PATCH] dmabuf: use spinlock to access dmabuf->name Thread-Topic: [PATCH] dmabuf: use spinlock to access dmabuf->name Thread-Index: AQHWRHCUCFGeEhsHd0uEJ3SlJWBlmajcdwBw Date: Wed, 17 Jun 2020 08:21:28 +0000 Message-ID: References: <316a5cf9-ca71-6506-bf8b-e79ded9055b2@codeaurora.org> <14063C7AD467DE4B82DEDB5C278E8663010F365EF5@fmsmsx107.amr.corp.intel.com> <14063C7AD467DE4B82DEDB5C278E8663010F365F7D@fmsmsx107.amr.corp.intel.com> <5b960c9a-ef9d-b43d-716d-113efc793fe5@codeaurora.org> In-Reply-To: <5b960c9a-ef9d-b43d-716d-113efc793fe5@codeaurora.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com X-Mailman-Approved-At: Thu, 18 Jun 2020 07:17:31 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Linaro MM SIG , "vinmenon@codeaurora.org" , LKML , "stable@vger.kernel.org" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" From: Charan Teja Kalla > Sent: 17 June 2020 07:29 ... > >> If name is freed you will copy garbage, but the only way > >> for that to happen is that _set_name or _release have to be called > >> at just the right time. > >> > >> And the above would probably only be an issue if the set_name > >> was called, so you will get NULL or a real name. > > And there exists a use-after-free to avoid which requires the lock. Say > that memcpy() in dmabuffs_dname is in progress and in parallel _set_name > will free the same buffer that memcpy is operating on. If the name is being looked at while the item is being freed you almost certainly have much bigger problems that just the name being a 'junk' pointer. David. - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales) _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel