[PATCH] drm/fence: fix memory overwrite when setting out_fence fd
Gustavo Padovan
gustavo at padovan.org
Fri Jan 13 16:56:39 UTC 2017
2017-01-13 Laurent Pinchart <laurent.pinchart at ideasonboard.com>:
> Hi Gustavo,
>
> Thank you for the patch.
>
> On Friday 13 Jan 2017 12:22:09 Gustavo Padovan wrote:
> > From: Gustavo Padovan <gustavo.padovan at collabora.com>
> >
> > Currently if the userspace declares a int variable to store the out_fence
> > fd and pass it to OUT_FENCE_PTR the kernel will overwrite the 32 bits
> > above the int variable on 64 bits systems.
> >
> > Fix this by making the internal storage of out_fence in the kernel a s32
> > pointer.
> >
> > Reported-by: Chad Versace <chadversary at chromium.org>
> > Signed-off-by: Gustavo Padovan <gustavo.padovan at collabora.com>
> > Cc: Daniel Vetter <daniel at ffwll.ch>
> > Cc: Rafael Antognolli <rafael.antognolli at intel.com>
> > Cc: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
>
> Acked-by: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
>
> > Cc: stable at vger.kernel.org
>
> I don't think this is needed, given that the code was merged in v4.10-rc1, and
> this patch should be merged as a v4.10-rc fix.
Hmm, yeah. I got confused.
Gustavo
More information about the dri-devel
mailing list