leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9ae9ab5220
linux/drivers/gpu/drm/i915
History
Chris Wilson 9ae9ab5220 drm/i915: Prevent double unref following alloc failure during execbuffer 
Whilst looking up the objects required for an execbuffer, an untimely
allocation failure in creating the vma results in the object being
unreferenced from two lists. The ownership during the lookup is meant to
be moved from the list of objects being looked to the vma, and this
double unreference upon error results in a use-after-free.

Fixes regression from
commit 27173f1f95
Author: Ben Widawsky <ben@bwidawsk.net>
Date:   Wed Aug 14 11:38:36 2013 +0200

    drm/i915: Convert execbuf code to use vmas

Based on the fix by Ben Widawsky.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ben Widawsky <ben@bwidawsk.net>
Cc: stable@vger.kernel.org
[danvet: Bikeshed the crucial comment above the ownership transfer as
discussed on irc.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
2013-12-12 10:44:57 +01:00
..
dvo_ch7xxx.c drm/i915: dvo_ch7xxx: fix vsync polarity setting 2013-07-25 16:10:22 +02:00
dvo_ch7017.c
dvo_ivch.c
dvo_ns2501.c
dvo_sil164.c
dvo_tfp410.c
dvo.h drm/i915: Remove unused mode_fixup() vfunc of struct intel_dvo_dev_ops 2013-09-05 21:39:59 +02:00
i915_debugfs.c Merge tag 'bdw-stage1-2013-11-08-v2' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-11-10 18:35:33 +10:00
i915_dma.c drm/i915: don't update the dri1 breadcrumb with modesetting 2013-12-11 14:25:58 +01:00
i915_drv.c drm/i915: Do not clobber config status after a forced restore of hw state 2013-12-03 23:15:46 +01:00
i915_drv.h Merge tag 'drm-intel-fixes-2013-12-11' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-12-12 10:38:43 +10:00
i915_gem_context.c drm/i915: Fix use-after-free in do_switch 2013-12-06 13:09:11 +01:00
i915_gem_debug.c drm/i915: Fix #endif comment 2013-08-09 10:45:52 +02:00
i915_gem_dmabuf.c drm/i915: Pin pages whilst allocating for dma-buf vmap() 2013-11-29 15:51:20 +01:00
i915_gem_evict.c drm/i915: Repeat eviction search after idling the GPU 2013-12-10 08:13:58 +01:00
i915_gem_execbuffer.c drm/i915: Prevent double unref following alloc failure during execbuffer 2013-12-12 10:44:57 +01:00
i915_gem_gtt.c Merge branch 'bdw-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-12-12 10:38:08 +10:00
i915_gem_stolen.c Linux 3.12-rc2 2013-09-24 09:32:53 +02:00
i915_gem_tiling.c drm/i915: prevent tiling changes on framebuffer backing storage 2013-10-16 22:04:52 +02:00
i915_gem.c drm/i915: MI_PREDICATE_RESULT_2 is HSW only 2013-11-29 15:00:03 +01:00
i915_gpu_error.c drm/i915/bdw: Update relevant error state 2013-11-08 18:09:43 +01:00
i915_ioc32.c
i915_irq.c Merge tag 'bdw-stage1-2013-11-08-v2' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-11-10 18:35:33 +10:00
i915_reg.h drm/i915: Make the DERRMR SRM target global GTT 2013-11-29 14:56:44 +01:00
i915_suspend.c drm/i915/vlv: use per-pipe backlight controls v2 2013-11-06 18:26:31 +01:00
i915_sysfs.c Merge tag 'drm-intel-next-2013-10-18' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-10-25 09:35:04 +01:00
i915_trace_points.c
i915_trace.h drm/i915: Add a tracepoint for using a semaphore 2013-10-01 07:45:24 +02:00
i915_ums.c drm/i915: scrap register address storage 2013-06-10 19:54:14 +02:00
intel_acpi.c ACPI: Eliminate the DEVICE_ACPI_HANDLE() macro 2013-11-14 23:17:21 +01:00
intel_bios.c i915: Use 120MHz LVDS SSC clock for gen5/gen6/gen7 2013-11-15 00:38:44 +01:00
intel_bios.h drm/i915: Make intel_dp_is_edp() less specific 2013-11-05 07:59:40 +01:00
intel_crt.c drm/i915: Use hsw_crt_get_config on BDW 2013-11-08 18:10:09 +01:00
intel_ddi.c drm/i915: Check VBT for eDP ports on VLV 2013-11-28 13:42:12 +01:00
intel_display.c drm/i915: Skip clock checks on BDW 2013-12-03 23:15:47 +01:00
intel_dp.c drm/i915: Simplify DP vs. eDP detection 2013-11-28 13:42:25 +01:00
intel_drv.h drm/i915: fix pm init ordering 2013-12-06 13:08:15 +01:00
intel_dsi_cmd.c drm/i915/dsi: s/size_t/int/ 2013-09-04 17:34:51 +02:00
intel_dsi_cmd.h drm/i915/dsi: s/size_t/int/ 2013-09-04 17:34:51 +02:00
intel_dsi_pll.c drm/i915: Use adjusted_mode in DSI PLL calculations 2013-09-16 23:36:38 +02:00
intel_dsi.c drm/i915: Use pipe_name() instead of the pipe number 2013-10-16 19:42:52 +02:00
intel_dsi.h drm/i915: add VLV DSI PLL Calculations 2013-09-04 17:34:48 +02:00
intel_dvo.c drm/i915/dvo: call ->mode_set callback only when the port is running 2013-11-04 16:30:33 +01:00
intel_fbdev.c drm/i915: fix open-coded DIV_ROUND_UP 2013-10-21 10:04:03 +02:00
intel_hdmi.c drm/i915/bdw: Broadwell has a max port clock of 300Mhz on HDMI 2013-11-08 18:10:01 +01:00
intel_i2c.c drm/i915: Program GMBUS Frequency based on the CDCLK for VLV. 2013-10-01 07:45:41 +02:00
intel_lvds.c drm/i915: make backlight functions take a connector 2013-11-06 17:56:28 +01:00
intel_modes.c
intel_opregion.c More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
intel_overlay.c drm/i915: use pointer = k[cmz...]alloc(sizeof(*pointer), ...) pattern 2013-10-01 07:45:01 +02:00
intel_panel.c drm/i915/bdw: GEN8 backlight support 2013-11-14 09:33:09 +01:00
intel_pm.c Merge tag 'drm-intel-fixes-2013-12-11' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-12-12 10:38:43 +10:00
intel_ringbuffer.c drm/i915/bdw: Add comment about gen8 HWS PGA 2013-11-14 09:33:11 +01:00
intel_ringbuffer.h drm/i915: Write RING_TAIL once per-request 2013-09-10 15:35:58 +02:00
intel_sdvo_regs.h
intel_sdvo.c drm/i915: destroy connector sysfs files earlier 2013-10-01 07:45:48 +02:00
intel_sideband.c drm/i915/vlv: add doc names to sideband file 2013-10-11 23:33:44 +02:00
intel_sprite.c Merge tag 'bdw-stage1-2013-11-08-v2' of git://people.freedesktop.org/~danvet/drm-intel into drm-next 2013-11-10 18:35:33 +10:00
intel_tv.c drm/i915/tv: add ->get_config callback 2013-11-18 22:24:33 +01:00
intel_uncore.c Merge branch 'bdw-fixes' of git://people.freedesktop.org/~danvet/drm-intel into drm-fixes 2013-12-12 10:38:08 +10:00
Kconfig drm/i915: Kconfig option to disable the legacy fbdev support 2013-10-11 23:37:23 +02:00
Makefile drm/i915: rename intel_fb.c to intel_fbdev.c 2013-10-11 23:37:33 +02:00