Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers
History
Rajesh Kemisetti eed7bf427c msm: kgsl: Fix race condition between cmdbatch and context destroy 
kgsl_cmdbatch_destroy() tries to cancel all pending sync events
by taking local copy of pending list. In case of sync point timestamp
event, it goes ahead and accesses context's events list assuming that
event's context would be alive.

But at the same time, if the other context, which is of interest for
these sync point events, can be destroyed by cancelling all
events in its group.

This leads to use-after-free in kgsl_cmdbatch_destroy() path.

Fix is to give the responsibility of putting the context's ref count
to the thread which clears the pending mask.

Change-Id: I8d08ef6ddb38ca917f75088071c04727bced11d2
Signed-off-by: Rajesh Kemisetti <rajeshk@codeaurora.org>
Signed-off-by: Archana Sriram <apsrir@codeaurora.org>
 		2019-10-27 19:33:27 +01:00
..
accessibility
acpi ACPI: APEI / ERST: Fix missing error handling in erst_reader() 2019-07-27 21:46:19 +02:00
amba
android ANDROID: binder: synchronize_rcu() when using POLLFREE. 2019-10-19 23:14:00 +02:00
ata treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
atm
auxdisplay
base firmware_class: Tie exporting caching routines with CONFIG_CACHE_FW 2019-07-27 22:11:15 +02:00
battery Import T813XXS2BRC2 kernel source changes 2018-05-26 00:39:42 +02:00
battery_v2
bcma
bif
block Revert "block/loop: Use global lock for ioctl() operation." 2019-07-27 22:10:39 +02:00
bluetooth bluetooth: Define proper kernel messages 2019-07-27 22:08:39 +02:00
bus
cdrom
char diag: Mark Buffer as NULL after freeing 2019-09-28 20:28:33 +02:00
clk ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
clocksource
connector
coresight
cpufreq ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
cpuidle lpm-levels: Remove kfree for memory allocated with devm_kzalloc 2019-07-27 22:08:40 +02:00
crypto msm: ice: check for crypto engine availability 2019-07-27 22:08:47 +02:00
dca
debug
debug_32
devfreq dev_freq: devfreq_spdm: add null terminator to prevent OOB access 2019-07-27 21:50:47 +02:00
dio
dma
edac
eisa
esoc
extcon
fingerprint
firewire
firmware
gpio gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input 2019-08-15 21:02:28 +02:00
gpu msm: kgsl: Fix race condition between cmdbatch and context destroy 2019-10-27 19:33:27 +01:00
hid HID: i2c-hid: Do not free buffers in i2c_hid_stop() 2019-07-27 22:11:08 +02:00
hsi
hv
hwmon hwmon: Cleanup kmesg when probing for VADC 2019-08-13 03:29:23 +02:00
hwspinlock
i2c i2c: dev: prevent adapter retries and timeout being set as minus value 2019-07-27 21:53:34 +02:00
ide UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
idle
iio iio: Fix scan mask selection 2019-08-15 21:02:28 +02:00
infiniband
input touchscreen: sec_ts: Fix array OOB issues in the sec_ts touch driver. 2019-09-11 19:44:53 +02:00
iommu iommu/amd: Finish TLB flush in amd_iommu_unmap() 2019-07-27 21:44:19 +02:00
ipack
irqchip
isdn net: add build-time checks for msg->msg_name size 2019-08-16 03:55:59 +02:00
leds
lguest
macintosh
mailbox
md dm kcopyd: avoid softlockup in run_complete_job 2019-07-27 21:51:38 +02:00
media msm: camera_v2: handle the error value returned during get clock 2019-09-11 19:45:11 +02:00
memory
memstick
message
mfd mfd: omap-usb-tll: Fix inverted bit use for USB TLL mode 2019-07-27 21:44:34 +02:00
misc qseecom: correct range check in __qseecom_update_cmd_buf_64 2019-09-28 20:28:33 +02:00
mmc mmc: mmc: fix switch timeout issue caused by jiffies precision 2019-07-27 22:08:58 +02:00
motor
mtd UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
muic drivers/muic: Fix '"WRITE" redefined' error after CVE-2019-2001 fix 2019-07-27 22:11:01 +02:00
net qcacld-2.0: Fix potential double free in wma_log_supported_evt_handler 2019-09-28 20:27:20 +02:00
nfc
ntb
nubus
of of: fdt: add missing allocation-failure check 2019-07-27 21:44:47 +02:00
oprofile
parisc
parport
pci PCI / PM: Force devices to D0 in pci_pm_thaw_noirq() 2019-07-27 21:46:19 +02:00
pcmcia
phy
pinctrl pinctrl: Really force states during suspend/resume 2019-07-27 21:49:40 +02:00
platform msm: sps: Update debug message format specifier 2019-07-27 22:11:32 +02:00
pnp
power ANDROID: fix uninitilized variable 2019-07-27 22:10:15 +02:00
pps
ps3
ptp
pwm
rapidio
regulator regulator: core: Use the power efficient workqueue for delayed powerdown 2019-07-27 22:11:03 +02:00
remoteproc
reset
rpmsg
rtc rtc: ensure rtc_set_alarm fails when alarms are not supported 2019-07-27 22:10:53 +02:00
s390 UPSTREAM: block: disable entropy contributions for nonrot devices 2019-07-27 21:47:56 +02:00
sbus
scsi treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
sensorhub
sensors
sfi
sh
slimbus
sn
soc soc: qcom: smem: validate fields of shared structures 2019-07-27 22:11:30 +02:00
soundwire
spi
spmi
ssb
ssbi
staging ANDROID: Remove conflicting Samsung options for upstream changes 2019-07-27 22:09:50 +02:00
switch
target scsi: target: fix __transport_register_session locking 2019-07-27 21:51:38 +02:00
tc
thermal msm: thermal: validate userspace args to prevent buffer overflow. 2019-07-27 22:10:00 +02:00
tty tty: make n_tty_read() always abort if hangup is in progress 2019-07-27 21:49:23 +02:00
uio uio: Fix an Oops on load 2019-07-27 22:06:01 +02:00
usb USB: check usb_get_extra_descriptor for proper size 2019-09-11 19:44:53 +02:00
uwb
vfio
vhost
video fbdev: msm: check the length of the external input buffer properly 2019-07-27 22:11:31 +02:00
virt
virtio
vlynq
vme
w1
watchdog
xen
zorro
Kconfig
Makefile