Skip to content
Snippets Groups Projects
Commit d78d383a authored by Rob Clark's avatar Rob Clark
Browse files

drm/msm: protect against faults from copy_from_user() in submit ioctl

An evil userspace could try to cause deadlock by passing an unfaulted-in
GEM bo as submit->bos (or submit->cmds) table.  Which will trigger
msm_gem_fault() while we already hold struct_mutex.  See:

https://github.com/freedreno/msmtest/blob/master/evilsubmittest.c



Cc: stable@vger.kernel.org
Signed-off-by: default avatarRob Clark <robdclark@gmail.com>
parent 89f82cbb
No related merge requests found
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment