Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 46f6a79f authored by Dhaval Patel's avatar Dhaval Patel
Browse files

drm: protect blob list within blob_lock 



DRM createblob_ioctl and destroyblob_ioctl
may run in two different threads. This race condition
can lead to null pointer access in createblob_ioctl
function call. List access in create blob API should be
protected within bloblock mutex to avoid such
race condition.

Change-Id: I8c71f432700b68a6a12ad6b41f89d4b1a85bf253
Signed-off-by: default avatarDhaval Patel <pdhaval@codeaurora.org>
parent 3f0b1f99

drivers/gpu/drm/drm_property.c

+2 −0
Original line number Diff line number Diff line
@@ -793,8 +793,10 @@ int drm_mode_createblob_ioctl(struct drm_device *dev, 
	if (!drm_core_check_feature(dev, DRIVER_MODESET))

		return -EINVAL;



	mutex_lock(&dev->mode_config.blob_lock);

	list_for_each_entry(bt, &file_priv->blobs, head_file)

		count++;

	mutex_unlock(&dev->mode_config.blob_lock);



	if (count >= MAX_BLOB_PROP_COUNT)

		return -EINVAL;