Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:24:13 +0100
commit20064cc95c906602d11bfd5e078b7bb8c0849d92 (patch)
treed8cd3aba9a9dfd66c54d5be749589a7733b841f2
parent3613cb3d8cda505704a874a1248a9da7f0f4495c (diff)
drm/vmwgfx: Fix an uninitialized fence handle value
-rw-r--r--patches.kernel.org/4.20.9-042-drm-vmwgfx-Fix-an-uninitialized-fence-handle-v.patch43
-rw-r--r--series.conf1
2 files changed, 44 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-042-drm-vmwgfx-Fix-an-uninitialized-fence-handle-v.patch b/patches.kernel.org/4.20.9-042-drm-vmwgfx-Fix-an-uninitialized-fence-handle-v.patch
new file mode 100644
index 0000000000..66ea3321b0
--- /dev/null
+++ b/patches.kernel.org/4.20.9-042-drm-vmwgfx-Fix-an-uninitialized-fence-handle-v.patch
@@ -0,0 +1,43 @@
+From: Thomas Hellstrom <thellstrom@vmware.com>
+Date: Thu, 31 Jan 2019 10:52:21 +0100
+Subject: [PATCH] drm/vmwgfx: Fix an uninitialized fence handle value
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: 51fdbeb4ca1a8415c98f87cb877956ae83e71627
+
+commit 51fdbeb4ca1a8415c98f87cb877956ae83e71627 upstream.
+
+if vmw_execbuf_fence_commands() fails, The handle value will be
+uninitialized and a bogus fence handle might be copied to user-space.
+
+Cc: <stable@vger.kernel.org>
+Fixes: 2724b2d54cda: ("drm/vmwgfx: Use new validation interface for the modesetting code v2")
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
+Reviewed-by: Brian Paul <brianp@vmware.com> #v1
+Reviewed-by: Sinclair Yeh <syeh@vmware.com> #v1
+Reviewed-by: Deepak Rawat <drawat@vmware.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+index dca04d4246ea..d59125c55dc2 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+@@ -2592,8 +2592,8 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv,
+ user_fence_rep)
+ {
+ struct vmw_fence_obj *fence = NULL;
+- uint32_t handle;
+- int ret;
++ uint32_t handle = 0;
++ int ret = 0;
+
+ if (file_priv || user_fence_rep || vmw_validation_has_bos(ctx) ||
+ out_fence)
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index b55172eac2..95dc6696f8 100644
--- a/series.conf
+++ b/series.conf
@@ -1124,6 +1124,7 @@
patches.kernel.org/4.20.9-039-drm-amd-powerplay-Fix-missing-break-in-switch.patch
patches.kernel.org/4.20.9-040-drm-i915-always-return-something-on-DDI-clock-.patch
patches.kernel.org/4.20.9-041-drm-vmwgfx-Fix-setting-of-dma-masks.patch
+ patches.kernel.org/4.20.9-042-drm-vmwgfx-Fix-an-uninitialized-fence-handle-v.patch
########################################################
# Build fixes that apply to the vanilla kernel too.