drm/virtio: Ensure cached capset entries are valid before copying.
authorDavid Riley <davidriley@chromium.org>
Wed, 5 Jun 2019 23:44:20 +0000 (16:44 -0700)
committerGerd Hoffmann <kraxel@redhat.com>
Thu, 6 Jun 2019 07:44:40 +0000 (09:44 +0200)
commit7fdf478a43869bee27e1b50955830f6ebc730b67
tree153bfa07887ea8f1b5b73f0a6675072626b79896
parent50f9495efe308eb25fd921ea7c8c8143ddeeae30
drm/virtio: Ensure cached capset entries are valid before copying.

virtio_gpu_get_caps_ioctl could return success with invalid data if a
second caller to the function occurred after the entry was created in
virtio_gpu_cmd_get_capset but prior to the virtio_gpu_cmd_capset_cb
callback being called.  This could leak contents of memory as well
since the caps_cache allocation is done without zeroing.

Signed-off-by: David Riley <davidriley@chromium.org>
Link: http://patchwork.freedesktop.org/patch/msgid/20190605234423.11348-1-davidriley@chromium.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drivers/gpu/drm/virtio/virtgpu_ioctl.c