kernel-fxtec-pro1x

History

Vasily Averin 0d28ac49eb drm/qxl: qxl_release use after free commit 933db73351d359f74b14f4af095808260aff11f9 upstream. qxl_release should not be accesses after qxl_push_*_ring_release() calls: userspace driver can process submitted command quickly, move qxl_release into release_ring, generate interrupt and trigger garbage collector. It can lead to crashes in qxl driver or trigger memory corruption in some kmalloc-192 slab object Gerd Hoffmann proposes to swap the qxl_release_fence_buffer_objects() + qxl_push_{cursor,command}_ring_release() calls to close that race window. cc: stable@vger.kernel.org Fixes: `f64122c1f6` ("drm: add new QXL driver. (v1.4)") Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Link: http://patchwork.freedesktop.org/patch/msgid/fa17b338-66ae-f299-68fe-8d32419d9071@virtuozzo.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> [backported to v.4.19 stable] Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-05-06 08:13:27 +02:00
..
drm	drm/qxl: qxl_release use after free	2020-05-06 08:13:27 +02:00
host1x	gpu: host1x: Allocate gather copy for host1x	2019-12-31 16:35:29 +01:00
ipu-v3	gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change	2019-12-05 09:21:07 +01:00
vga	vga_switcheroo: Fix missing gpu_bound call at audio client registration	2018-11-13 11:09:00 -08:00
Makefile