Re: [PATCH 3.2 46/77] drm: Fix an unwanted master inheritance v2

stable.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Thomas Hellstrom <thellstrom@vmware.com>
To: Ben Hutchings <ben@decadent.org.uk>,
	<linux-kernel@vger.kernel.org>, <stable@vger.kernel.org>
Cc: <akpm@linux-foundation.org>, Dave Airlie <airlied@redhat.com>
Subject: Re: [PATCH 3.2 46/77] drm: Fix an unwanted master inheritance v2
Date: Fri, 25 Dec 2015 15:13:28 +0100	[thread overview]
Message-ID: <567D4F08.9000700@vmware.com> (raw)
In-Reply-To: <lsq.1450971462.1055459@decadent.org.uk>

On 12/24/2015 04:37 PM, Ben Hutchings wrote:
> 3.2.75-rc1 review patch.  If anyone has any objections, please let me know.
>
> ------------------
>
> From: Thomas Hellstrom <thellstrom@vmware.com>
>
> commit a0af2e538c80f3e47f1d6ddf120a153ad909e8ad upstream.
>
> A client calling drmSetMaster() using a file descriptor that was opened
> when another client was master would inherit the latter client's master
> object and all its authenticated clients.
>
> This is unwanted behaviour, and when this happens, instead allocate a
> brand new master object for the client calling drmSetMaster().
>
> Fixes a BUG() throw in vmw_master_set().
>
> Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
> Signed-off-by: Dave Airlie <airlied@redhat.com>
> [bwh: Backported to 3.2:
>  - s/master_mutex/struct_mutex/
>  - drm_new_set_master() must drop struct_mutex while calling
>    drm_driver::master_create
>  - Adjust filename, context, indentation]
> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
> ---
> --- a/drivers/gpu/drm/drm_stub.c
> +++ b/drivers/gpu/drm/drm_stub.c
> @@ -225,6 +225,10 @@ int drm_setmaster_ioctl(struct drm_devic
>  	if (!file_priv->minor->master &&
>  	    file_priv->minor->master != file_priv->master) {
>  		mutex_lock(&dev->struct_mutex);
> +		if (!file_priv->allowed_master) {
> +			ret = drm_new_set_master(dev, file_priv);
> +			goto out_unlock;
> +		}
>  		file_priv->minor->master = drm_master_get(file_priv->master);
>  		file_priv->is_master = 1;
>  		if (dev->driver->master_set) {
> @@ -234,10 +238,11 @@ int drm_setmaster_ioctl(struct drm_devic
>  				drm_master_put(&file_priv->minor->master);
>  			}
>  		}
> +	out_unlock:
>  		mutex_unlock(&dev->struct_mutex);
>  	}
>  
> -	return 0;
> +	return ret;
>  }
>  
>  int drm_dropmaster_ioctl(struct drm_device *dev, void *data,
> --- a/drivers/gpu/drm/drm_fops.c
> +++ b/drivers/gpu/drm/drm_fops.c
> @@ -219,6 +219,62 @@ static int drm_cpu_valid(void)
>  }
>  
>  /**
> + * drm_new_set_master - Allocate a new master object and become master for the
> + * associated master realm.
> + *
> + * @dev: The associated device.
> + * @fpriv: File private identifying the client.
> + *
> + * This function must be called with dev::struct_mutex held.
> + * Returns negative error code on failure. Zero on success.
> + */
> +int drm_new_set_master(struct drm_device *dev, struct drm_file *fpriv)
> +{
> +	struct drm_master *old_master;
> +	int ret;
> +
> +	lockdep_assert_held_once(&dev->struct_mutex);
> +

Is lockdep_assert_held_once() backported into the 3.2 series? If not,
this line could probably be replaced by lockdep_assert_held() for stable
kernels or removed entirely.

Thanks,
Thomas

next prev parent reply	other threads:[~2015-12-25 14:13 UTC|newest]

Thread overview: 84+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-24 15:37 [PATCH 3.2 00/77] 3.2.75-rc1 review Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 03/77] ALSA: usb-audio: add packet size quirk for the Medeli DD305 Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 68/77] sctp: update the netstamp_needed counter when copying sockets Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 52/77] ipmi: move timer init to before irq is setup Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 29/77] vfs: Make sendfile(2) killable even better Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 18/77] USB: option: add XS Stick W100-2 from 4G Systems Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 04/77] ALSA: usb-audio: prevent CH345 multiport output SysEx corruption Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 63/77] ipv6: distinguish frag queues by device for multicast and link-local packets Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 12/77] net: fix __netdev_update_features return on ndo_set_features failure Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 48/77] sched/core: Clear the root_domain cpumasks in init_rootdomain() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 35/77] RDS: fix race condition when sending a message on unbound socket Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 39/77] sata_sil: disable trim Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 57/77] mm: hugetlb: call huge_pte_alloc() only if ptep is null Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 10/77] usb: musb: core: fix order of arguments to ulpi write callback Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 41/77] USB: whci-hcd: add check for dma mapping error Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 32/77] ring-buffer: Update read stamp with first real commit on page Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 34/77] jbd2: Fix unreclaimed pages after truncate in data=journal mode Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 77/77] ppp, slip: Validate VJ compression slot parameters completely Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 09/77] USB: ti_usb_3410_5052: Add Honeywell HGI80 ID Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 40/77] wan/x25: Fix use-after-free in x25_asy_open_tty() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 66/77] ipv6: sctp: implement sctp_v6_destroy_sock() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 71/77] sh_eth: fix kernel oops in skb_put() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 60/77] tcp: initialize tp->copied_seq in case of cross SYN connection Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 02/77] sctp: translate host order to network order when setting a hmacid Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 70/77] net: add validation for the socket syscall protocol argument Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 30/77] vfs: Avoid softlockups with sendfile(2) Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 55/77] parisc iommu: fix panic due to trying to allocate too large region Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 38/77] AHCI: Fix softreset failed issue of Port Multiplier Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 67/77] atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 07/77] USB: serial: ti_usb_3410_5052: add Abbott strip port ID to combined table as well Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 27/77] unix: avoid use-after-free in ep_remove_wait_queue Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 61/77] net, scm: fix PaX detected msg_controllen overflow in scm_detach_fds Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 20/77] mac: validate mac_partition is within sector Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 16/77] xhci: Add XHCI_INTEL_HOST quirk Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 22/77] net: ip6mr: fix static mfc/dev leaks on table destruction Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 50/77] ALSA: rme96: Fix unexpected volume reset after rate changes Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 49/77] usb: xhci: fix config fail of FS hub behind a HS hub with MTT Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 62/77] net: ipmr: fix static mfc/dev leaks on table destruction Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 19/77] usblp: do not set TASK_INTERRUPTIBLE before lock Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 72/77] pptp: verify sockaddr_len in pptp_bind() and pptp_connect() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 44/77] ipv4: igmp: Allow removing groups from a removed interface Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 43/77] dm btree: fix leak of bufio-backed block in btree_split_sibling error path Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 47/77] sched/core: Remove false-positive warning from wake_up_process() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 51/77] 9p: ->evict_inode() should kick out ->i_data, not ->i_mapping Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 21/77] ip6mr: call del_timer_sync() in ip6mr_free_table() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 08/77] USB: ti_usb_3410_502: Fix ID table size Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 31/77] broadcom: fix PHY_ID_BCM5481 entry in the id table Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 73/77] bluetooth: Validate socket address length in sco_sock_bind() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 24/77] USB: cp210x: Remove CP2110 ID from compatibility list Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 69/77] ipv6: sctp: clone options to avoid use after free Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 59/77] snmp: Remove duplicate OUTMCAST stat increment Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 17/77] xhci: Workaround to get Intel xHCI reset working more reliably Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 28/77] fix sysvfs symlinks Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 13/77] FS-Cache: Add missing initialization of ret in cachefiles_write_page() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 23/77] can: sja1000: clear interrupts on start Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 45/77] locking: Add WARN_ON_ONCE lock assertion Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 42/77] usb: Use the USB_SS_MULT() macro to decode burst multiplier for log message Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 64/77] dccp: remove unnecessary codes in ipv6.c Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 53/77] dm btree: fix bufio buffer leaks in dm_btree_del() error path Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 26/77] USB: cdc_acm: Ignore Infineon Flash Loader utility Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 75/77] af_unix: fix a fatal race with bit fields Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 65/77] ipv6: add complete rcu protection around np->opt Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 76/77] isdn_ppp: Add checks for allocation failure in isdn_ppp_open() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 06/77] USB: serial: option: add support for Novatel MiFi USB620L Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 37/77] drm/ttm: Fixed a read/write lock imbalance Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 05/77] ALSA: usb-audio: work around CH345 input SysEx corruption Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 74/77] af_unix: Revert 'lock_interruptible' in stream receive code Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 11/77] ASoC: wm8962: correct addresses for HPF_C_0/1 Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 56/77] mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 58/77] sh64: fix __NR_fgetxattr Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 01/77] fuse: break infinite loop in fuse_fill_write_pages() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 46/77] drm: Fix an unwanted master inheritance v2 Ben Hutchings
2015-12-25 14:13   ` Thomas Hellstrom [this message]
2015-12-26  4:31     ` Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 54/77] vgaarb: fix signal handling in vga_get() Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 25/77] USB: cdc-acm - Add IGNORE_DEVICE quirk Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 36/77] nfs: if we have no valid attrs, then don't declare the attribute cache valid Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 15/77] macvlan: fix leak in macvlan_handle_frame Ben Hutchings
2015-12-24 15:37 ` [PATCH 3.2 33/77] ext4: Fix handling of extended tv_sec Ben Hutchings
2015-12-24 21:21   ` David Turner
2015-12-24 15:37 ` [PATCH 3.2 14/77] mac80211: mesh: fix call_rcu() usage Ben Hutchings
2015-12-24 16:40 ` [PATCH 3.2 00/77] 3.2.75-rc1 review Ben Hutchings
2015-12-24 22:20 ` Guenter Roeck
2015-12-24 22:31   ` Ben Hutchings

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=567D4F08.9000700@vmware.com \
    --to=thellstrom@vmware.com \
    --cc=airlied@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=ben@decadent.org.uk \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).