Zhenyu Wang 于2022年12月21日周三 11:01写道:
>
> On 2022.12.20 17:40:14 +0800, Zheng Wang wrote:
> > If intel_gvt_dma_map_guest_page failed, it will call
> > ppgtt_invalidate_spt, which will finally free the spt. But the
> > caller function ppgtt_populate_spt_by_guest_entry does not notice
> > that, it
Zhenyu Wang 于2022年12月20日周二 16:25写道:
>
> On 2022.12.19 20:52:04 +0800, Zheng Wang wrote:
> > If intel_gvt_dma_map_guest_page failed, it will call
> > ppgtt_invalidate_spt, which will finally free the spt. But the caller does
> > not notice that, it will free spt again in error path.
> >
>
> It's
Hi Zhi,
Thanks for your reply and suggestion about fix. I am a little bit busy now.
I will review the code as soon as possible. Also thanks
Joonas for the reminding. We'll try to think out the new fix.
Best regards,
Zheng Wang
Dave Airlie 于2022年10月27日周四 13:12写道:
> I'll add some more people who can probably look at it.
>
> Dave.
Got it, Thanks Dave.
Regards,
Zheng Wang
Dave Airlie 于2022年10月27日周四 08:01写道:
>
> On Fri, 7 Oct 2022 at 11:38, Zheng Wang wrote:
> >
> > If intel_gvt_dma_map_guest_page failed, it will call
> > ppgtt_invalidate_spt, which will finally free the spt.
> > But the caller does not notice that, it will free spt again in error path.
> >
> > Fix
Greg KH 于2022年10月7日周五 03:22写道:
>
> On Fri, Oct 07, 2022 at 12:58:45AM +0800, Zheng Wang wrote:
> > If intel_gvt_dma_map_guest_page failed, it will call
> > ppgtt_invalidate_spt, which will finally free the spt.
> > But the caller does not notice that, it will free spt again in error path.
> >
> >
> That is a horrible way to make an api (and it should be a bool too.)
> Now every time you see this call in the code, you have to go look up
> what the last parameter means. Just make 2 functions, one that does the
> "is error" thing, and one that does not, and that will be much easier to
> maint
I've sent it using git send-email with another email account (zyytlz...@163.com)
Regards,
Zheng Wang
Jani Nikula 于2022年9月19日周一 17:30写道:
>
> On Mon, 19 Sep 2022, Zheng Wang <1002992...@qq.com> wrote:
> > From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001
> > From: xmzyshypnc
Got it. I'll try again later.
Best Regards,
Zheng Wang
Jani Nikula 于2022年9月19日周一 17:30写道:
>
> On Mon, 19 Sep 2022, Zheng Wang <1002992...@qq.com> wrote:
> > From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001
> > From: xmzyshypnc <1002992...@qq.com>
> > Date: Fri, 16 Sep 2022
Here I introduced is_error to judge if the ppgtt_invalidate_spt is
called from good case or not. Only free spt in good case, leave it to
handle for the error path of caller.
Zheng Hacker 于2022年9月16日周五 14:39写道:
>
> From 8d95c1399e3ff345500a575e21254a73b0c89144 Mon Sep 17 00:00:00 2001
I'll try using another mail client like Mutt later. :)
Regards,
Zheng Wang
Greg KH 于2022年9月17日周六 17:07写道:
>
> On Fri, Sep 16, 2022 at 11:54:42PM +0800, Zheng Hacker wrote:
> > >From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001
> > From: xmz
ail;
}
- ret = ppgtt_invalidate_spt(s);
+ ret = ppgtt_invalidate_spt(s, 0);
if (ret)
goto fail;
} else {
--
2.25.1
Zheng Hacker 于2022年9月8日周四 19:59写道:
>
> Hi Greg,
>
> I got it, Greg.
>
> Mid-Autumn Festival is coming and I will have a couple of days off.
> I'll see
>From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001
From: xmzyshypnc <1002992...@qq.com>
Date: Fri, 16 Sep 2022 23:48:23 +0800
Subject: [PATCH] drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry
There is a double-free security bug in split_2MB_gtt_entry.
Here is a callin
Hi Greg,
Sorry for that. I’ll write another one.
Regards,
Zheng Wang
在 2022年9月17日星期六,Greg KH 写道:
> On Fri, Sep 16, 2022 at 11:54:42PM +0800, Zheng Hacker wrote:
> > >From afe79848cb74cc8e45ab426d13fa2394c87e0422 Mon Sep 17 00:00:00 2001
> > From: xmzyshypnc <1002992...@
Hi greg,
Thanks for pointing that out. Working on it now :)
Best wishes,
Zheng Wang
Greg KH 于2022年9月16日周五 16:25写道:
>
> On Fri, Sep 16, 2022 at 02:39:21PM +0800, Zheng Hacker wrote:
> > >From 8d95c1399e3ff345500a575e21254a73b0c89144 Mon Sep 17 00:00:00 2001
> > From
Hi Greg,
I got it, Greg.
Mid-Autumn Festival is coming and I will have a couple of days off.
I'll see what I can do after holiday :)
Regards,
Zheng Wang
在 2022年9月8日星期四,Greg KH 写道:
> On Thu, Sep 08, 2022 at 05:09:40PM +0800, Zheng Hacker wrote:
> > Hi Zhenyu,
> >
> >
>From 18fc95d6a73f0af7e8947a1cb01a3a39f2e61c00 Mon Sep 17 00:00:00 2001
From: xmzyshypnc <1002992...@qq.com>
Date: Sun, 4 Sep 2022 20:20:56 +0800
Subject: [PATCH] drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry.
There is a double-free security bug in split_2MB_gtt_entry.
Here is a callin
Hello,
I think it may because I erase the email address in "sigh-off" line. I
will send the original patch later.
Regards.
Zheng Wang
Patchwork 于2022年9月6日周二 20:58写道:
>
> == Series Details ==
>
> Series: drm/i915/gvt: fix double-free bug in split_2MB_gtt_entry.
> URL : https://patchwork.freede
Hi Zhenyu,
This issue has been open for a few days. Could you plz write a patch
for that :) I'm not familiar with the logical code here.
Regards,
Zheng Wang
Zhenyu Wang 于2022年9月7日周三 11:33写道:
>
> On 2022.09.06 19:36:56 +0800, Zheng Hacker wrote:
> > Hi Greg,
> >
> &
think your plan is the best. We need to free the
spt only in bad case.
[1]
https://github.com/torvalds/linux/commit/39b4cbadb9a95bf3f13ea102d6ec841940916ee2
Regards,
Zheng Wang
Zhenyu Wang 于2022年9月7日周三 11:33写道:
>
> On 2022.09.06 19:36:56 +0800, Zheng Hacker wrote:
> > Hi Greg,
>
Hi everyone,
Now the letter is really plain-text now :)
Thanks Greg
Regards,
Zheng Wang
Zheng Hacker 于2022年9月5日周一 12:47写道:
>
> Hello everyone,
>
> I'm Zheng Wang. I found a potential double-free bug in
> drivers/gpu/drm/i915/gvt/gtt.c. I haven't been replied for a long
Resent the mail for the former letter contains html text.
Regards,
Zheng Wang
Zheng Hacker 于2022年9月5日周一 12:47写道:
> Hello everyone,
>
> I'm Zheng Wang. I found a potential double-free bug
> in drivers/gpu/drm/i915/gvt/gtt.c. I haven't been replied for a long time.
> S
I rewrote the letter. Hope it works.
There is a double-free security bug in split_2MB_gtt_entry.
Here is a calling chain :
ppgtt_populate_spt->ppgtt_populate_shadow_entry->split_2MB_gtt_entry.
If intel_gvt_dma_map_guest_page failed, it will call
ppgtt_invalidate_spt, which will finally call ppgtt
Hello everyone,
I'm Zheng Wang. I found a potential double-free bug
in drivers/gpu/drm/i915/gvt/gtt.c. I haven't been replied for a long time.
So I decided to send it to more relavent supporters and developers to help
to solve the problem.
Best regards,
Zheng Wang.
xmzyshypnc <1002992...@qq.com>
Wang.
Greg KH 于2022年9月5日周一 16:04写道:
>
> On Mon, Sep 05, 2022 at 03:46:09PM +0800, Zheng Hacker wrote:
> > I rewrote the letter. Hope it works.
> >
> > There is a double-free security bug in split_2MB_gtt_entry.
> >
> > Here is a calling chain :
> >
25 matches
Mail list logo
