Commit 1b67ca8a authored by Ville Syrjälä's avatar Ville Syrjälä Committed by Yi Yang
Browse files

drm/client: Fully protect modes[] with dev->mode_config.mutex 

stable inclusion
from stable-v5.10.216
commit 41586487769eede64ab1aa6c65c74cbf76c12ef0
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QRRC
CVE: CVE-2024-35950

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=41586487769eede64ab1aa6c65c74cbf76c12ef0

--------------------------------

commit 3eadd887dbac1df8f25f701e5d404d1b90fd0fea upstream.

The modes[] array contains pointers to modes on the connectors'
mode lists, which are protected by dev->mode_config.mutex.
Thus we need to extend modes[] the same protection or by the
time we use it the elements may already be pointing to
freed/reused memory.

Cc: stable@vger.kernel.org
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10583


Signed-off-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240404203336.10454-2-ville.syrjala@linux.intel.com


Reviewed-by: default avatarDmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: default avatarJani Nikula <jani.nikula@intel.com>
Reviewed-by: default avatarThomas Zimmermann <tzimmermann@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Conflicts:
	drivers/gpu/drm/drm_fb_helper.c
	drivers/gpu/drm/drm_client_modeset.c
[Since commit e13a0583 (drm/fb-helper: Stop using mode_config.mutex for internals)
mode_config mutex introduced. adaptation mutex in drm_setup_crtcs()]
Signed-off-by: default avatarYi Yang <yiyang13@huawei.com>
parent 4ba26291
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment