Re: [PATCH] drm/msm: protect against faults from copy_from_user() in submit ioctl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 15, 2016 at 10:39:57AM -0400, Rob Clark wrote:
> commit d78d383ab354b0b9e1d23404ae0d9fbdeb9aa035 upstream.
> 
> An evil userspace could try to cause deadlock by passing an unfaulted-in
> GEM bo as submit->bos (or submit->cmds) table.  Which will trigger
> msm_gem_fault() while we already hold struct_mutex.  See:
> 
> https://github.com/freedreno/msmtest/blob/master/evilsubmittest.c
> 
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Rob Clark <robdclark@xxxxxxxxx>
> ---
>  drivers/gpu/drm/msm/msm_drv.h        | 6 ++++++
>  drivers/gpu/drm/msm/msm_gem.c        | 9 +++++++++
>  drivers/gpu/drm/msm/msm_gem_submit.c | 2 ++
>  3 files changed, 17 insertions(+)

What stable kernel(s) do you want this applied to?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]