lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 25 Dec 2015 15:13:28 +0100
From:	Thomas Hellstrom <thellstrom@...are.com>
To:	Ben Hutchings <ben@...adent.org.uk>,
	<linux-kernel@...r.kernel.org>, <stable@...r.kernel.org>
CC:	<akpm@...ux-foundation.org>, Dave Airlie <airlied@...hat.com>
Subject: Re: [PATCH 3.2 46/77] drm: Fix an unwanted master inheritance v2

On 12/24/2015 04:37 PM, Ben Hutchings wrote:
> 3.2.75-rc1 review patch.  If anyone has any objections, please let me know.
>
> ------------------
>
> From: Thomas Hellstrom <thellstrom@...are.com>
>
> commit a0af2e538c80f3e47f1d6ddf120a153ad909e8ad upstream.
>
> A client calling drmSetMaster() using a file descriptor that was opened
> when another client was master would inherit the latter client's master
> object and all its authenticated clients.
>
> This is unwanted behaviour, and when this happens, instead allocate a
> brand new master object for the client calling drmSetMaster().
>
> Fixes a BUG() throw in vmw_master_set().
>
> Signed-off-by: Thomas Hellstrom <thellstrom@...are.com>
> Signed-off-by: Dave Airlie <airlied@...hat.com>
> [bwh: Backported to 3.2:
>  - s/master_mutex/struct_mutex/
>  - drm_new_set_master() must drop struct_mutex while calling
>    drm_driver::master_create
>  - Adjust filename, context, indentation]
> Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
> ---
> --- a/drivers/gpu/drm/drm_stub.c
> +++ b/drivers/gpu/drm/drm_stub.c
> @@ -225,6 +225,10 @@ int drm_setmaster_ioctl(struct drm_devic
>  	if (!file_priv->minor->master &&
>  	    file_priv->minor->master != file_priv->master) {
>  		mutex_lock(&dev->struct_mutex);
> +		if (!file_priv->allowed_master) {
> +			ret = drm_new_set_master(dev, file_priv);
> +			goto out_unlock;
> +		}
>  		file_priv->minor->master = drm_master_get(file_priv->master);
>  		file_priv->is_master = 1;
>  		if (dev->driver->master_set) {
> @@ -234,10 +238,11 @@ int drm_setmaster_ioctl(struct drm_devic
>  				drm_master_put(&file_priv->minor->master);
>  			}
>  		}
> +	out_unlock:
>  		mutex_unlock(&dev->struct_mutex);
>  	}
>  
> -	return 0;
> +	return ret;
>  }
>  
>  int drm_dropmaster_ioctl(struct drm_device *dev, void *data,
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -219,6 +219,62 @@ static int drm_cpu_valid(void)
>  }
>  
>  /**
> + * drm_new_set_master - Allocate a new master object and become master for the
> + * associated master realm.
> + *
> + * @dev: The associated device.
> + * @fpriv: File private identifying the client.
> + *
> + * This function must be called with dev::struct_mutex held.
> + * Returns negative error code on failure. Zero on success.
> + */
> +int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv)
> +{
> +	struct drm_master *old_master;
> +	int ret;
> +
> +	lockdep_assert_held_once(&dev->struct_mutex);
> +

Is lockdep_assert_held_once() backported into the 3.2 series? If not,
this line could probably be replaced by lockdep_assert_held() for stable
kernels or removed entirely.

Thanks,
Thomas

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ