| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANgpojXKgZXjeCO9MYr83=p-Kz0_Migm4c9-4qTidHYp=G+fMg@mail.gmail.com> Date: Tue, 24 Sep 2024 20:01:06 +0800 From: Qiu-ji Chen <chenqiuji666@...il.com> To: Qiu-ji Chen <chenqiuji666@...il.com>, mripard@...nel.org, dave.stevenson@...pberrypi.com, kernel-list@...pberrypi.com, maarten.lankhorst@...ux.intel.com, tzimmermann@...e.de, airlied@...il.com, dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org, baijiaju1990@...il.com, stable@...r.kernel.org, simona.vetter@...ll.ch Cc: daniel@...ll.ch Subject: Re: [PATCH] drm/vc4: Fix atomicity violation in vc4_crtc_send_vblank() Hi, In the drm_device structure, it is mentioned: "@event_lock: Protects @vblank_event_list and event delivery in general." I believe that the validity check and the subsequent null assignment operation are part of the event delivery process, and all of these should be protected by the event_lock. If there is no lock protection before the validity check, it is possible for a null crtc->state->event to be passed into the drm_crtc_send_vblank_event() function, leading to a null pointer dereference error. We have observed its callers and found that they are from the drm_crtc_helper_funcs driver interface. We believe that functions within driver interfaces can be concurrent, potentially causing a data race on crtc->state->event. Qiu-ji Chen
Powered by blists - more mailing lists