DivestOS/Patches/Linux_CVEs/CVE-2016-8434/ANY/0001.patch

From 3e3866a5fced40ccf9ca442675cf915961efe4d9 Mon Sep 17 00:00:00 2001
From: Jeremy Gebben <jgebben@codeaurora.org>
Date: Fri, 27 Feb 2015 11:32:29 -0700
Subject: msm: kgsl: fix sync file error handling

We need to call put_unused_fd() on failure, but only if
a file hasn't been stored into the fd yet. This function
wasn't called from kgsl_ioctl_syncsource_create_fence()
and was called incorrectly from kgsl_add_fence_event().
Reorder our sync_fence_install() calls to happen after
all possible failures so that error cleanup will be
correct.

Change-Id: I0e7bb459f2acc010446ac5e5b3b72c8b16cce079
Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>
---
 drivers/gpu/msm/kgsl_sync.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/msm/kgsl_sync.c b/drivers/gpu/msm/kgsl_sync.c
index 4695b33..9e9e058 100644
--- a/drivers/gpu/msm/kgsl_sync.c
+++ b/drivers/gpu/msm/kgsl_sync.c
@@ -203,7 +203,6 @@ int kgsl_add_fence_event(struct kgsl_device *device,
 		ret = priv.fence_fd;
 		goto out;
 	}
-	sync_fence_install(fence, priv.fence_fd);
 
 	/*
 	 * If the timestamp hasn't expired yet create an event to trigger it.
@@ -222,9 +221,11 @@ int kgsl_add_fence_event(struct kgsl_device *device,
 			goto out;
 	}
 
-	if (copy_to_user(data, &priv, sizeof(priv)))
+	if (copy_to_user(data, &priv, sizeof(priv))) {
 		ret = -EFAULT;
-
+		goto out;
+	}
+	sync_fence_install(fence, priv.fence_fd);
 out:
 	kgsl_context_put(context);
 	if (ret) {
@@ -599,6 +600,9 @@ out:
 	if (ret) {
 		if (fence)
 			sync_fence_put(fence);
+		if (fd >= 0)
+			put_unused_fd(fd);
+
 	}
 	kgsl_syncsource_put(syncsource);
 	return ret;
-- 
cgit v1.1
Add patches for many Linux CVEs, and overhaul script paths 2017-10-29 01:48:53 -04:00			`From 3e3866a5fced40ccf9ca442675cf915961efe4d9 Mon Sep 17 00:00:00 2001`
			`From: Jeremy Gebben <jgebben@codeaurora.org>`
			`Date: Fri, 27 Feb 2015 11:32:29 -0700`
			`Subject: msm: kgsl: fix sync file error handling`

			`We need to call put_unused_fd() on failure, but only if`
			`a file hasn't been stored into the fd yet. This function`
			`wasn't called from kgsl_ioctl_syncsource_create_fence()`
			`and was called incorrectly from kgsl_add_fence_event().`
			`Reorder our sync_fence_install() calls to happen after`
			`all possible failures so that error cleanup will be`
			`correct.`

			`Change-Id: I0e7bb459f2acc010446ac5e5b3b72c8b16cce079`
			`Signed-off-by: Jeremy Gebben <jgebben@codeaurora.org>`
			`---`
			`drivers/gpu/msm/kgsl_sync.c \| 10 +++++++---`
			`1 file changed, 7 insertions(+), 3 deletions(-)`

			`diff --git a/drivers/gpu/msm/kgsl_sync.c b/drivers/gpu/msm/kgsl_sync.c`
			`index 4695b33..9e9e058 100644`
			`--- a/drivers/gpu/msm/kgsl_sync.c`
			`+++ b/drivers/gpu/msm/kgsl_sync.c`
			`@@ -203,7 +203,6 @@ int kgsl_add_fence_event(struct kgsl_device *device,`
			`ret = priv.fence_fd;`
			`goto out;`
			`}`
			`- sync_fence_install(fence, priv.fence_fd);`

			`/*`
			`* If the timestamp hasn't expired yet create an event to trigger it.`
			`@@ -222,9 +221,11 @@ int kgsl_add_fence_event(struct kgsl_device *device,`
			`goto out;`
			`}`

			`- if (copy_to_user(data, &priv, sizeof(priv)))`
			`+ if (copy_to_user(data, &priv, sizeof(priv))) {`
			`ret = -EFAULT;`
			`-`
			`+ goto out;`
			`+ }`
			`+ sync_fence_install(fence, priv.fence_fd);`
			`out:`
			`kgsl_context_put(context);`
			`if (ret) {`
			`@@ -599,6 +600,9 @@ out:`
			`if (ret) {`
			`if (fence)`
			`sync_fence_put(fence);`
			`+ if (fd >= 0)`
			`+ put_unused_fd(fd);`
			`+`
			`}`
			`kgsl_syncsource_put(syncsource);`
			`return ret;`
			`--`
			`cgit v1.1`