On Tue, Jan 24, 2012 at 10:31:46AM +0100, Thomas Hellstrom wrote:
If the master tries to authenticate a client using drm_authmagic and that client has already closed its drm file descriptor, either wilfully or because it was terminated, the call to drm_authmagic will dereference a stale pointer into kmalloc'ed memory and corrupt it.
Typically this results in a hard system hang.
This patch fixes that problem by removing any authentication tokens (struct drm_magic_entry) open for a file descriptor when that file descriptor is closed.
Signed-off-by: Thomas Hellstrom thellstrom@vmware.com
Please review. This should also go into stable kernels.
<formletter>
This is not the correct way to submit patches for inclusion in the stable kernel tree. Please read Documentation/stable_kernel_rules.txt for how to do this properly.
</formletter>