CVSROOT: /cvs
Module name: src
Changes by: kette...@cvs.openbsd.org 2013/12/21 05:21:23
Modified files:
sys/dev/pci/drm/i915: i915_gem.c
Log message:
Fix locking in the page fault handler. A (somewhat malicious) userland
program could force a copyin/copyout from/to memory mapped through the GTT,
forcing a "locking against myself" panic. The intel-gpu-tools "package" has
a test for this. The problem can be circumvented by making the fault handler
fail if we already hold the (DRM) lock. This will make the copyin/copyout
return with EFAULT making the caller fall back on a "slow path".
This makes it obvious that using a shared (read) lock here doesn't make any
sense. So use an exclusive (write) lock like everywhere else in the inteldrm
code.
