Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 90af660bec3b2d47e17cb3caae742810656e2d4f
commit90af660bec3b2d47e17cb3caae742810656e2d4f[log] [tgz]
authorThomas Hellstrom <thellstrom@vmware.com>Tue Jan 24 18:54:21 2012 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Fri Feb 03 09:18:52 2012 -0800
treee8f4d93c7386c19dd9b50156696b4447ba7877d6
parentc196878589eb5f88e244a557a55b229a3c285b3b [diff]
drm: Fix authentication kernel crash

commit 598781d71119827b454fd75d46f84755bca6f0c6 upstream.

If the master tries to authenticate a client using drm_authmagic and
that client has already closed its drm file descriptor,
either wilfully or because it was terminated, the
call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory
and corrupt it.

Typically this results in a hard system hang.

This patch fixes that problem by removing any authentication tokens
(struct drm_magic_entry) open for a file descriptor when that file
descriptor is closed.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
3 files changed
tree: e8f4d93c7386c19dd9b50156696b4447ba7877d6
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS