mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/gpu/drm/vmwgfx
History
Mathias Krause a0f90c8815 drm/vmwgfx: Fix stale file descriptors on failed usercopy 
A failing usercopy of the fence_rep object will lead to a stale entry in
the file descriptor table as put_unused_fd() won't release it. This
enables userland to refer to a dangling 'file' object through that still
valid file descriptor, leading to all kinds of use-after-free
exploitation scenarios.

Fix this by deferring the call to fd_install() until after the usercopy
has succeeded.

Fixes: c906965dee ("drm/vmwgfx: Add export fence to file descriptor support")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Signed-off-by: Zack Rusin <zackr@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-01-27 17:55:20 +02:00
..
device_include drm/vmwgfx: Update device headers for GL43 2021-12-09 13:16:22 -05:00
Kconfig drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
Makefile drm/vmwgfx: Remove explicit transparent hugepages support 2021-12-17 16:34:27 +01:00
ttm_object.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
ttm_object.h drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmw_surface_cache.h drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_binding.c drm/vmwgfx: add support for updating only offsets of constant buffers 2021-12-09 13:16:30 -05:00
vmwgfx_binding.h drm/vmwgfx: add support for updating only offsets of constant buffers 2021-12-09 13:16:30 -05:00
vmwgfx_blit.c
vmwgfx_bo.c drm/vmwgfx: Fix possible usage of an uninitialized variable 2021-12-17 16:35:30 +01:00
vmwgfx_cmd.c drm/vmwgfx: Fail to initialize on broken configs 2021-12-01 11:58:34 -05:00
vmwgfx_cmdbuf.c drm/vmwgfx: Make use of PFN_ALIGN/PFN_UP helper macro 2021-08-09 17:30:34 -04:00
vmwgfx_cmdbuf_res.c drm/vmwgfx: Remove the dedicated memory accounting 2021-12-09 13:16:10 -05:00
vmwgfx_context.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_cotable.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_devcaps.c drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_devcaps.h drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_drv.c drm/vmwgfx: Remove explicit transparent hugepages support 2021-12-17 16:34:27 +01:00
vmwgfx_drv.h drm/vmwgfx: Fix stale file descriptors on failed usercopy 2022-01-27 17:55:20 +02:00
vmwgfx_execbuf.c drm/vmwgfx: Fix stale file descriptors on failed usercopy 2022-01-27 17:55:20 +02:00
vmwgfx_fb.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_fence.c drm/vmwgfx: Fix stale file descriptors on failed usercopy 2022-01-27 17:55:20 +02:00
vmwgfx_fence.h
vmwgfx_gem.c drm/vmwgfx: Fix a size_t/long int format specifier mismatch 2021-12-17 16:34:02 +01:00
vmwgfx_gmr.c
vmwgfx_gmrid_manager.c drm/vmwgfx: Add a debug callback to mobid resource manager 2021-12-09 13:16:15 -05:00
vmwgfx_hashtab.c drm/vmwgfx: Copy DRM hash-table code into driver 2021-11-30 09:41:25 +01:00
vmwgfx_hashtab.h drm/vmwgfx: Copy DRM hash-table code into driver 2021-11-30 09:41:25 +01:00
vmwgfx_ioctl.c drm/vmwgfx: Allow checking for gl43 contexts 2021-12-09 13:16:29 -05:00
vmwgfx_irq.c drm/vmwgfx: Convert to Linux IRQ interfaces 2021-07-08 14:11:43 +02:00
vmwgfx_kms.c drm/vmwgfx: Fix stale file descriptors on failed usercopy 2022-01-27 17:55:20 +02:00
vmwgfx_kms.h drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_ldu.c drm/vmwgfx: Cleanup logging 2021-07-28 14:53:23 -04:00
vmwgfx_mksstat.h drm/vmwgfx: Introduce VMware mks-guest-stats 2021-06-12 00:00:53 -04:00
vmwgfx_mob.c drm/vmwgfx: Remove unused compile options 2021-12-17 16:35:02 +01:00
vmwgfx_msg.c treewide: Replace the use of mem_encrypt_active() with cc_platform_has() 2021-10-04 11:47:24 +02:00
vmwgfx_msg_arm64.h
vmwgfx_msg_x86.h
vmwgfx_overlay.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_page_dirty.c drm/vmwgfx: Remove the dedicated memory accounting 2021-12-09 13:16:10 -05:00
vmwgfx_prime.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_reg.h
vmwgfx_resource.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_resource_priv.h
vmwgfx_scrn.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_shader.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_simple_resource.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_so.c drm/vmwgfx: support SVGA_3D_CMD_DX_DEFINE_RASTERIZER_STATE_V2 command 2021-12-09 13:16:27 -05:00
vmwgfx_so.h drm/vmwgfx: support SVGA_3D_CMD_DX_DEFINE_RASTERIZER_STATE_V2 command 2021-12-09 13:16:27 -05:00
vmwgfx_stdu.c drm/vmwgfx: Remove unused compile options 2021-12-17 16:35:02 +01:00
vmwgfx_streamoutput.c drm/vmwgfx: Remove the dedicated memory accounting 2021-12-09 13:16:10 -05:00
vmwgfx_surface.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_system_manager.c drm/vmwgfx: Introduce a new placement for MOB page tables 2021-12-01 11:58:35 -05:00
vmwgfx_ttm_buffer.c drm/vmwgfx: Remove usage of MOBFMT_RANGE 2021-12-09 13:16:34 -05:00
vmwgfx_ttm_glue.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_va.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_validation.c drm/vmwgfx: Remove the dedicated memory accounting 2021-12-09 13:16:10 -05:00
vmwgfx_validation.h drm/vmwgfx: Remove the dedicated memory accounting 2021-12-09 13:16:10 -05:00