search for: c7a5ca027245

Displaying 2 results from an estimated 2 matches for "c7a5ca027245".

2019 Jun 10
0
[PATCH v2 4/4] drm/virtio: Add memory barriers for capset cache.
.../* is_valid check must proceed before copy of the cache entry. */ + smp_rmb(); + ptr = cache_ent->caps_cache; if (copy_to_user((void __user *)(unsigned long)args->addr, ptr, size)) diff --git a/drivers/gpu/drm/virtio/virtgpu_vq.c b/drivers/gpu/drm/virtio/virtgpu_vq.c index dd5ead2541c2..c7a5ca027245 100644 --- a/drivers/gpu/drm/virtio/virtgpu_vq.c +++ b/drivers/gpu/drm/virtio/virtgpu_vq.c @@ -583,6 +583,8 @@ static void virtio_gpu_cmd_capset_cb(struct virtio_gpu_device *vgdev, cache_ent->id == le32_to_cpu(cmd->capset_id)) { memcpy(cache_ent->caps_cache, resp->capset_data...
2019 Jun 05
10
[PATCH 1/4] drm/virtio: Ensure cached capset entries are valid before copying.
From: David Riley <davidriley at chromium.org> virtio_gpu_get_caps_ioctl could return success with invalid data if a second caller to the function occurred after the entry was created in virtio_gpu_cmd_get_capset but prior to the virtio_gpu_cmd_capset_cb callback being called. This could leak contents of memory as well since the caps_cache allocation is done without zeroing.