From patchwork Wed Sep 25 04:01:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hui Wang X-Patchwork-Id: 1989145 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XD3251q7Wz1xt4 for ; Wed, 25 Sep 2024 14:01:32 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1stJDL-00082Q-3r; Wed, 25 Sep 2024 04:01:19 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1stJDJ-00082J-Jj for kernel-team@lists.ubuntu.com; Wed, 25 Sep 2024 04:01:17 +0000 Received: from hwang4-ThinkPad-T14s-Gen-2a.. (unknown [120.85.106.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 2386E3F0A3 for ; Wed, 25 Sep 2024 04:01:15 +0000 (UTC) From: Hui Wang To: kernel-team@lists.ubuntu.com Subject: [SRU][J/F][PATCH 0/1] CVE-2024-35951 Date: Wed, 25 Sep 2024 12:01:08 +0800 Message-Id: <20240925040110.11539-1-hui.wang@canonical.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let the fault handler try again next time it's called. [Backport] This fix commit can't be cleanly applied to J and F due to missing a prerequisite commit 21aa27ddc582 ("drm/shmem-helper: Switch to reservation lock"), the prerequisite commit will introduce a significant change hence here can't introduce it in the J and F. So I edited the fix commit accordingly, changed "goto err_unlock" to "goto err_bo". [Fix] Noble: Already fixed Jammy: Backported from mainline v6.9-rc4, see explanation in [Backport] Focal: Backported from mainline v6.9-rc4, see explanation in [Backport] Bionic: Not affected Xenial: Not affected Trusty: Not affected [Test Case] Compile and boot test. [Where problems could occur] The change is on drm/panfrost driver, if there is regression, it could impact graphic on platforms with panfrost hw. But the likely of regression is very low, the change is basically same as the original commit and is straightforward. Boris Brezillon (1): drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() drivers/gpu/drm/panfrost/panfrost_mmu.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) Acked-by: Mehmet Basaran Acked-by: Chris Chiu