On Thu, Sep 15, 2016 at 1:18 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > On Thu, Sep 15, 2016 at 10:39:57AM -0400, Rob Clark wrote: >> commit d78d383ab354b0b9e1d23404ae0d9fbdeb9aa035 upstream. >> >> An evil userspace could try to cause deadlock by passing an unfaulted-in >> GEM bo as submit->bos (or submit->cmds) table. Which will trigger >> msm_gem_fault() while we already hold struct_mutex. See: >> >> https://github.com/freedreno/msmtest/blob/master/evilsubmittest.c >> >> Cc: stable@xxxxxxxxxxxxxxx >> Signed-off-by: Rob Clark <robdclark@xxxxxxxxx> >> --- >> drivers/gpu/drm/msm/msm_drv.h | 6 ++++++ >> drivers/gpu/drm/msm/msm_gem.c | 9 +++++++++ >> drivers/gpu/drm/msm/msm_gem_submit.c | 2 ++ >> 3 files changed, 17 insertions(+) > > What stable kernel(s) do you want this applied to? Oh, sorry, this was rebased back to 4.7 (since I got an email that it did not apply there). And I expect it should apply cleanly in this form going back a few more kernel versions from there. BR, -R > thanks, > > greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html