projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 707d561) | patch
Fix use after free in get_capset_info callback.
authorDoug Horn <doughorn@google.com>
Wed, 2 Sep 2020 21:08:25 +0000 (14:08 -0700)
committerGerd Hoffmann <kraxel@redhat.com>
Wed, 9 Sep 2020 06:54:14 +0000 (08:54 +0200)
commite219688fc5c3d0d9136f8d29d7e0498388f01440
tree5dec56331a6d437fcba1220979a6a82c6dfb3116tree | snapshot
parent707d561f77b5e2a6f90c9786bee44ee7a8dedc7ecommit | diff
Fix use after free in get_capset_info callback.

If a response to virtio_gpu_cmd_get_capset_info takes longer than
five seconds to return, the callback will access freed kernel memory
in vg->capsets.

Signed-off-by: Doug Horn <doughorn@google.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200902210847.2689-2-gurchetansingh@chromium.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
drivers/gpu/drm/virtio/virtgpu_kms.c diff | blob | history
drivers/gpu/drm/virtio/virtgpu_vq.c diff | blob | history
Domain: System / Kernel;