Pandora Sourcecodes - pandora-kernel.git/commit

author	Thomas Hellstrom <thellstrom@vmware.com>
	Tue, 24 Jan 2012 17:54:21 +0000 (18:54 +0100)
committer	Dave Airlie <airlied@redhat.com>
	Wed, 25 Jan 2012 09:27:45 +0000 (09:27 +0000)
commit	598781d71119827b454fd75d46f84755bca6f0c6
tree	51ccb65b8e26b3347099af3f466ad0fedc6e1cb6	tree \| snapshot
parent	15b63d35261ba3351d07e7937252f18bb6cbf814	commit \| diff

drm: Fix authentication kernel crash

If the master tries to authenticate a client using drm_authmagic and
that client has already closed its drm file descriptor,
either wilfully or because it was terminated, the
call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory
and corrupt it.

Typically this results in a hard system hang.

This patch fixes that problem by removing any authentication tokens
(struct drm_magic_entry) open for a file descriptor when that file
descriptor is closed.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>

drivers/gpu/drm/drm_auth.c		diff \| blob \| history
drivers/gpu/drm/drm_fops.c		diff \| blob \| history
include/drm/drmP.h		diff \| blob \| history