On Fri, Mar 08, 2024 at 09:25:16AM +0100, Johan Hovold wrote:
Hi Sasha, On Thu, Mar 07, 2024 at 01:30:35PM -0500, Sasha Levin wrote:This is a note to let you know that I've just added the patch titled drm/bridge: aux-hpd: separate allocation and registration to the 6.7-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-bridge-aux-hpd-separate-allocation-and-registrat.patch and it can be found in the queue-6.7 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 357c636cf7159761a5bf455bd7e68e1c884eaa60 Author: Johan Hovold <johan+linaro@xxxxxxxxxx> Date: Sat Feb 17 16:02:24 2024 +0100 drm/bridge: aux-hpd: separate allocation and registration [ Upstream commit e5ca263508f7e9d2cf711edf3258d11ca087885c ] Combining allocation and registration is an anti-pattern that should be avoided. Add two new functions for allocating and registering an dp-hpd bridge with a proper 'devm' prefix so that it is clear that these are device managed interfaces. devm_drm_dp_hpd_bridge_alloc() devm_drm_dp_hpd_bridge_add() The new interface will be used to fix a use-after-free bug in the Qualcomm PMIC GLINK driver and may prevent similar issues from being introduced elsewhere. The existing drm_dp_hpd_bridge_register() is reimplemented using the above and left in place for now. Signed-off-by: Johan Hovold <johan+linaro@xxxxxxxxxx> Reviewed-by: Bjorn Andersson <andersson@xxxxxxxxxx> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx> Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/20240217150228.5788-3-johan+linaro@xxxxxxxxxx Stable-dep-of: b979f2d50a09 ("soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free") Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>Please drop this patch and the other DRM dependencies for the pmic_glink use-after-free: drm-bridge-add-transparent-bridge-helper.patch drm-bridge-implement-generic-dp-hpd-bridge.patch soc-qcom-pmic-glink-switch-to-drm_aux_hpd_bridge.patch drm-bridge-aux-hpd-separate-allocation-and-registrat.patch soc-qcom-pmic_glink_altmode-fix-drm-bridge-use-after.patch The UAF was triggered by the aux bridge rework, and while it may potentially be possible to hit it also before 6.8-rc1, we can address that without backporting the DRM changes. I can look into doing a minimal backport, but it's probably fine to just leave this as is in 6.7 and earlier trees too.
I'll drop it, and apply the backport you've sent out. Thanks! -- Thanks, Sasha
