[PATCH] drm/fence: fix memory overwrite when setting out_fence fd
Chad Versace
chadversary at chromium.org
Fri Jan 13 21:27:51 UTC 2017
On Fri 13 Jan 2017, Gustavo Padovan wrote:
> From: Gustavo Padovan <gustavo.padovan at collabora.com>
>
> Currently if the userspace declares a int variable to store the out_fence
> fd and pass it to OUT_FENCE_PTR the kernel will overwrite the 32 bits
> above the int variable on 64 bits systems.
>
> Fix this by making the internal storage of out_fence in the kernel a s32
> pointer.
>
> Reported-by: Chad Versace <chadversary at chromium.org>
> Signed-off-by: Gustavo Padovan <gustavo.padovan at collabora.com>
> Cc: Daniel Vetter <daniel at ffwll.ch>
> Cc: Rafael Antognolli <rafael.antognolli at intel.com>
> Cc: Laurent Pinchart <laurent.pinchart at ideasonboard.com>
> Cc: stable at vger.kernel.org
Reviewed-and-Tested-by: Chad Versace <chadversary at chromium.org>
I applied this to my kernel branch, updated kmscube, and the spinning cube still looks good.
For reference, here are the tags I tested with:
mesa: http://git.kiwitree.net/cgit/~chadv/mesa/tag/?h=chadv/review/i965-exec-fence-v03
libdrm: http://git.kiwitree.net/cgit/~chadv/libdrm/tag/?h=chadv/review/intel-exec-fence-v01
linux: http://git.kiwitree.net/cgit/~chadv/linux/tag/?h=chadv/test/i915-exec-fence-v04
kmscube: http://git.kiwitree.net/cgit/~chadv/kmscube/tag/?h=chadv/test/fences-v03
More information about the dri-devel
mailing list