e219688fc5c3d0d9136f8d29d7e0498388f01440 - SHIFTPHONES/kernel/common

commit	e219688fc5c3d0d9136f8d29d7e0498388f01440	[log] [tgz]
author	Doug Horn <doughorn@google.com>	Wed Sep 02 14:08:25 2020 -0700
committer	Gerd Hoffmann <kraxel@redhat.com>	Wed Sep 09 08:54:14 2020 +0200
tree	5dec56331a6d437fcba1220979a6a82c6dfb3116
parent	707d561f77b5e2a6f90c9786bee44ee7a8dedc7e [diff]

Fix use after free in get_capset_info callback.

If a response to virtio_gpu_cmd_get_capset_info takes longer than
five seconds to return, the callback will access freed kernel memory
in vg->capsets.

Signed-off-by: Doug Horn <doughorn@google.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200902210847.2689-2-gurchetansingh@chromium.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

drivers/gpu/drm/virtio/virtgpu_kms.c[diff]
drivers/gpu/drm/virtio/virtgpu_vq.c[diff]

2 files changed

tree: 5dec56331a6d437fcba1220979a6a82c6dfb3116