[PATCH] drm: Fix authentication kernel crash
Greg KH
greg at kroah.com
Tue Jan 24 09:12:55 PST 2012
On Tue, Jan 24, 2012 at 10:31:46AM +0100, Thomas Hellstrom wrote:
> If the master tries to authenticate a client using drm_authmagic and
> that client has already closed its drm file descriptor,
> either wilfully or because it was terminated, the
> call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory
> and corrupt it.
>
> Typically this results in a hard system hang.
>
> This patch fixes that problem by removing any authentication tokens
> (struct drm_magic_entry) open for a file descriptor when that file
> descriptor is closed.
>
> Signed-off-by: Thomas Hellstrom <thellstrom at vmware.com>
> ---
> Please review. This should also go into stable kernels.
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read Documentation/stable_kernel_rules.txt
for how to do this properly.
</formletter>
More information about the dri-devel
mailing list