Quoting Janusz Krzysztofik (2019-07-09 07:58:00)
> Commit e163484afa8d ("drm/i915: Update size upon return from
> GEM_CREATE") (re)introduced reporting of actual size of created GEM
> objects, possibly rounded up on object alignment. Unfortunately, its
> implementation resulted in a possible use-after-free bug. The bug has
> been fixed by commit 929eec99f5fd ("drm/i915: Avoid use-after-free in
> reporting create.size") at the cost of possibly incorrect value being
> reported as actual object size.
>
> Safely restore correct reporting by capturing actual size of created
> GEM object before a reference to the object is put.
>
> Fixes: 929eec99f5fd ("drm/i915: Avoid use-after-free in reporting create.size")
This doesn't do anything.
-Chris
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
