]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c09fcb) | patch
drm/msm: protect against faults from copy_from_user() in submit ioctl
authorRob Clark <robdclark@gmail.com>
Mon, 22 Aug 2016 19:28:38 +0000 (15:28 -0400)
committerRob Clark <robdclark@gmail.com>
Sun, 28 Aug 2016 16:49:39 +0000 (12:49 -0400)
commit815cd7ad4434ab23bc47a215f2f27093a778a14f
treeaee4580ca0766d3be40c2b574dd7816aabc3d080tree | snapshot
parent4c09fcb925d2b3d678944f9018d6a3941624038dcommit | diff
drm/msm: protect against faults from copy_from_user() in submit ioctl

An evil userspace could try to cause deadlock by passing an unfaulted-in
GEM bo as submit->bos (or submit->cmds) table.  Which will trigger
msm_gem_fault() while we already hold struct_mutex.  See:

https://github.com/freedreno/msmtest/blob/master/evilsubmittest.c

Cc: stable@vger.kernel.org
Signed-off-by: Rob Clark <robdclark@gmail.com>
drivers/gpu/drm/msm/msm_drv.h diff | blob | history
drivers/gpu/drm/msm/msm_gem.c diff | blob | history
drivers/gpu/drm/msm/msm_gem_submit.c diff | blob | history
Linux Kernel Source Tree.