leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bb765d1c33
linux/drivers/tee
History
Jann Horn bb765d1c33 tee: shm: fix use-after-free via temporarily dropped reference 
Bump the file's refcount before moving the reference into the fd table,
not afterwards. The old code could drop the file's refcount to zero for a
short moment before calling get_file() via get_dma_buf().

This code can only be triggered on ARM systems that use Linaro's OP-TEE.

Fixes: 967c9cca2c ("tee: generic TEE subsystem")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
2018-05-07 11:50:25 +02:00
..
optee tee: optee: report OP-TEE revision information 2018-03-06 11:03:55 +01:00
Kconfig
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tee_core.c tee: correct max value for id allocation 2018-03-06 11:03:55 +01:00
tee_private.h tee: use reference counting for tee_context 2017-12-15 13:36:18 +01:00
tee_shm_pool.c tee: flexible shared memory pool creation 2017-12-15 12:37:29 +01:00
tee_shm.c tee: shm: fix use-after-free via temporarily dropped reference 2018-05-07 11:50:25 +02:00