diff options
| author |   kettenis <kettenis@openbsd.org> | 2013-12-21 12:21:23 +0000 |
|---|---|---|
| committer | kettenis <kettenis@openbsd.org> | 2013-12-21 12:21:23 +0000 |
| commit | a57d2032191ed0b3cea5feae0801786dafb93a13 (patch) | |
| tree | 04c70a153b90b5156bc2a4fa26d232cd628f5eaf /lib | |
| parent | Recognize itimer and ktrace facility names to {get,set}itimer() and ktrace() (diff) | |
| download | wireguard-openbsd-a57d2032191ed0b3cea5feae0801786dafb93a13.tar.xz wireguard-openbsd-a57d2032191ed0b3cea5feae0801786dafb93a13.zip | |
Fix locking in the page fault handler. A (somewhat malicious) userland
program could force a copyin/copyout from/to memory mapped through the GTT,
forcing a "locking against myself" panic. The intel-gpu-tools "package" has
a test for this. The problem can be circumvented by making the fault handler
fail if we already hold the (DRM) lock. This will make the copyin/copyout
return with EFAULT making the caller fall back on a "slow path".
This makes it obvious that using a shared (read) lock here doesn't make any
sense. So use an exclusive (write) lock like everywhere else in the inteldrm
code.
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions