[CVE-2017-5577][Yakkety] drm/vc4: Return -EINVAL on the overflow checks failing.
Po-Hsu Lin
po-hsu.lin at canonical.com
Fri May 19 12:08:32 UTC 2017
From: Eric Anholt <eric at anholt.net>
By failing to set the errno, we'd continue on to trying to set up the
RCL, and then oops on trying to dereference the tile_bo that binning
validation should have set up.
Reported-by: Ingo Molnar <mingo at kernel.org>
Signed-off-by: Eric Anholt <eric at anholt.net>
Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.")
(cherry picked from commit 6b8ac63847bc2f958dd93c09edc941a0118992d9)
CVE-2017-5577
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
drivers/gpu/drm/vc4/vc4_gem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/vc4/vc4_gem.c b/drivers/gpu/drm/vc4/vc4_gem.c
index ae1609e..2f732f9 100644
--- a/drivers/gpu/drm/vc4/vc4_gem.c
+++ b/drivers/gpu/drm/vc4/vc4_gem.c
@@ -603,6 +603,7 @@ vc4_get_bcl(struct drm_device *dev, struct vc4_exec_info *exec)
sizeof(struct vc4_shader_state)) ||
temp_size < exec_size) {
DRM_ERROR("overflow in exec arguments\n");
+ ret = -EINVAL;
goto fail;
}
--
1.7.9.5
More information about the kernel-team
mailing list