Hi, Am Do den 19. Okt 2023 um 20:46 schrieb Salvatore Bonaccorso: > On Thu, Oct 12, 2023 at 06:57:20AM +0100, Klaus Ethgen wrote: > > Package: src:linux > > Version: 6.5.6-1 > > Severity: critical > > Tags: security > > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > > > It is not fully clear for me, where exactly this bug happens. First I > > was thinking about xscreensaver but that package got not updated for > > ages. The bug happens with updates from kernel 6.4.0 to 6.5.0. > > So you are saying this happens solely after switching from 6.4.y > series to 6.5.y series. Thus I assume 6.5.3-1 in testing as well > exposes the issue.
Might be but I cannot test that due to the other AMD display related bug. > > I use xscreensaver with fvwm3 on my amd laptop. xscreensaver is set up > > to only blank the screen. I first thought, that it does not happen with fvwm2 but I also see it with fvwm2 but not that often. > > When I lock the screen and press a key or moving the mouse, everything > > is fine. But when I go to suspend too ram after locking and waking up > > the laptop, the password dialog gets showed as usual but I can see the > > full desktop content with probably sensitive material on in. Although, I > > cannot interact with the desktop, it is a security break to reveal the > > content without authenticating. > > > > It might be related, when I have a PSI chat window on the screen but on > > different desktop, it gets moved to the current one. That definitively > > also came with the new kernel. > > Can you please attach as well the kernel log once you triggered the > behaviour? Anything suspicious logged? I could. But there is no hint and no unusual log entry. > Next, can you bisect the kernel between a good known upstream version > and 6.5.6? Can you as well test 6.5.7 upstream to see if it fixes the > issue? That would take many time to recompile kernel, test it for several hours and try again. Even worse, there is another AMD related bug that makes testing impossible. > Currently there is nothing which sound similar in the kernel > regression tracking status, TTBOMK. There was many changes in AMD display code. Some of them already was broken for systems (laptops) with internal display (eDP). The mentioned bug was fixed between linux-image-6.5.0-1-amd64 and linux-image-6.5.0-2-amd64. (It broke between linux-image-6.4.0-4-amd64 and linux-image-6.5.0-1-amd64.) So, this is the history in upstream versions: 6.4.13: Works well 6.5.3: Two bugs, this bug and another related to scaling. 6.5.6: Bug related to scaling fixed and this bug fully visible. I believe that it is related to eDP. So, maybe that limit's the possible problem. I have a work laptop that shows only this bug on AMD system but not the scaling one (As it has no 4K resolution). But I cannot use that one for testing. Maybe another data point: Both laptops are from Lenovo. My private one is a T14GEN3 and the one for work is a Z16. Regards Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
signature.asc
Description: PGP signature
