RE: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

.kozlow...@linaro.org; alim.akh...@samsung.com; dri- > de...@lists.freedesktop.org; linux-arm-ker...@lists.infradead.org; linux- > samsung-...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: [PATCH] drm/exynos: fix race condition UAF in > exynos_g2d_exec_ioctl > > Hi Inki, &g

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Inki, > > > > > > > If it is async, runqueue_node is freed in g2d_runqueue_worker on > > another > > > > > > > worker thread. So in extreme cases, if g2d_runqueue_worker runs > > first, and > > > > > > > then executes the following if statement, there will be use- > > after-free. > > > > > > >

RE: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

amsung.com; dri- > de...@lists.freedesktop.org; linux-arm-ker...@lists.infradead.org; linux- > samsung-...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: Re: [PATCH] drm/exynos: fix race condition UAF in > exynos_g2d_exec_ioctl > > Hi Min, > > On Wed, May 31, 2

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Min, On Wed, May 31, 2023 at 06:54:34PM +0800, lm0963 wrote: > Hi Andi, > > On Wed, May 31, 2023 at 4:19 PM Andi Shyti wrote: > > > > Hi Min, > > > > > > > If it is async, runqueue_node is freed in g2d_runqueue_worker on > > > > > another > > > > > worker thread. So in extreme cases, if g2d_

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Andi, On Wed, May 31, 2023 at 4:19 PM Andi Shyti wrote: > > Hi Min, > > > > > If it is async, runqueue_node is freed in g2d_runqueue_worker on another > > > > worker thread. So in extreme cases, if g2d_runqueue_worker runs first, > > > > and > > > > then executes the following if statement, t

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Min, > > > If it is async, runqueue_node is freed in g2d_runqueue_worker on another > > > worker thread. So in extreme cases, if g2d_runqueue_worker runs first, and > > > then executes the following if statement, there will be use-after-free. > > > > > > Signed-off-by: Min Li > > > --- > > >

RE: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

g.com; > dri-devel@lists.freedesktop.org; linux-arm-ker...@lists.infradead.org; > linux-samsung-...@vger.kernel.org; linux-ker...@vger.kernel.org > Subject: [PATCH] drm/exynos: fix race condition UAF in > exynos_g2d_exec_ioctl > > If it is async, runqueue_node is freed in g2d_runqueue_worker on an

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Andi, On Wed, May 31, 2023 at 6:21 AM Andi Shyti wrote: > > Hi Min, > > On Fri, May 26, 2023 at 09:01:31PM +0800, Min Li wrote: > > If it is async, runqueue_node is freed in g2d_runqueue_worker on another > > worker thread. So in extreme cases, if g2d_runqueue_worker runs first, and > > then e

Re: [PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

Hi Min, On Fri, May 26, 2023 at 09:01:31PM +0800, Min Li wrote: > If it is async, runqueue_node is freed in g2d_runqueue_worker on another > worker thread. So in extreme cases, if g2d_runqueue_worker runs first, and > then executes the following if statement, there will be use-after-free. > > Sig

[PATCH] drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl

If it is async, runqueue_node is freed in g2d_runqueue_worker on another worker thread. So in extreme cases, if g2d_runqueue_worker runs first, and then executes the following if statement, there will be use-after-free. Signed-off-by: Min Li --- drivers/gpu/drm/exynos/exynos_drm_g2d.c | 2 +- 1