video: tegra: nvmap: fix nvmap create handle vulnerability
authorKrishna Reddy <vdumpa@nvidia.com>
Fri, 4 Nov 2016 19:45:53 +0000 (12:45 -0700)
committerWinnie Hsu <whsu@nvidia.com>
Wed, 26 Jul 2017 18:25:50 +0000 (11:25 -0700)
commit481eb890d4c989e61a998dca11797a3035f1b1de
treebd330dda889430ec68721b439150bd7e9f94c61b
parent54c1cc0aa58a97e18563c6d996d5dde741055ddd
video: tegra: nvmap: fix nvmap create handle vulnerability

Handle the race condition between malicious fd close and
copy_to_user error, which can create use after free condition.
This is fixed by deferring the fd install, which eliminates
the race that leads to use after free condition.
Fixing Google Bug 32160775.

Bug 1835857

Change-Id: I337807e4360661beced8f9e1155c47b66607b8df
Signed-off-by: Krishna Reddy <vdumpa@nvidia.com>
Reviewed-on: http://git-master/r/1248391
Reviewed-on: https://git-master.nvidia.com/r/1512958
GVS: Gerrit_Virtual_Submit
Reviewed-by: Bibek Basu <bbasu@nvidia.com>
Tested-by: Bibek Basu <bbasu@nvidia.com>
drivers/video/tegra/nvmap/nvmap_dmabuf.c
drivers/video/tegra/nvmap/nvmap_ioctl.c