Commit 99c2c466 authored by Min Li's avatar Min Li Committed by sanglipeng
Browse files

drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl 

stable inclusion
from stable-v5.10.186
commit 485fe165084bdff372049f9d109326756764b620
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8J4KH

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=485fe165084bdff372049f9d109326756764b620



--------------------------------

[ Upstream commit 48bfd025 ]

If it is async, runqueue_node is freed in g2d_runqueue_worker on another
worker thread. So in extreme cases, if g2d_runqueue_worker runs first, and
then executes the following if statement, there will be use-after-free.

Signed-off-by: default avatarMin Li <lm0963hack@gmail.com>
Reviewed-by: default avatarAndi Shyti <andi.shyti@kernel.org>
Signed-off-by: default avatarInki Dae <inki.dae@samsung.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarsanglipeng <sanglipeng1@jd.com>
parent 9bb5b9b0
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment