torvalds/linux
torvalds/linux
2
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-09-04 20:19:47 +08:00
Code
901b3290bd
linux/drivers/gpu/drm/virtio
History
Vivek Kasireddy db8b2c0e2a drm/virtio: Fix UAF in virtgpu_dma_buf_free_obj() 
Fix the following issues identified by Smatch static checker:
- The call to dma_buf_put(attach->dmabuf) after dma_buf_detach()
  leads to a UAF bug as dma_buf_detach() frees the attach object.
  Fix this by extracting the dmabuf object from attach and using
  that in the call to dma_buf_put().

- The resv object is extracted from attach before checking to see
  if attach is valid (that is !NULL) or not. Although, attach would
  very likely be valid, fix this by making sure that the resv object
  is used only after ensuring that attach is valid.

Fixes: 2885e575ab ("drm/virtio: Add helpers to initialize and free the imported object")
Fixes: ca77f27a26 ("drm/virtio: Import prime buffers from other devices as guest blobs")
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Cc: Gurchetan Singh <gurchetansingh@chromium.org>
Cc: Chia-I Wu <olvaffe@gmail.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20241212055421.775759-1-vivek.kasireddy@intel.com
Reviewed-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
[dmitry.osipenko@collabora.com: Edited commit title]
2025-01-19 15:12:28 +03:00
..
Kconfig drm/virtgpu: Run DRM default client setup 2024-09-26 09:31:28 +02:00
Makefile drm/virtio: Refactor and optimize job submission code path 2023-06-03 04:50:40 +03:00
virtgpu_debugfs.c
virtgpu_display.c drm/virtio: switch to struct drm_edid 2024-05-13 19:12:46 +02:00
virtgpu_drv.c drm: remove driver date from struct drm_driver and all drivers 2024-12-05 12:35:42 +02:00
virtgpu_drv.h drm: remove driver date from struct drm_driver and all drivers 2024-12-05 12:35:42 +02:00
virtgpu_fence.c
virtgpu_gem.c drm/virtio: Don't create a context with default param if context_init is supported 2024-11-18 21:17:42 +03:00
virtgpu_ioctl.c drm/virtio: Use generic dumb_map_offset implementation 2024-11-18 14:08:37 +03:00
virtgpu_kms.c virtio: rename virtio_find_vqs_info() to virtio_find_vqs() 2024-07-17 05:20:58 -04:00
virtgpu_object.c drm/virtio: Add helpers to initialize and free the imported object 2024-11-26 12:52:52 +03:00
virtgpu_plane.c drm/virtio: Add prepare and cleanup routines for imported dmabuf obj 2024-11-26 13:28:02 +03:00
virtgpu_prime.c drm/virtio: Fix UAF in virtgpu_dma_buf_free_obj() 2025-01-19 15:12:28 +03:00
virtgpu_submit.c drm/virtio: Fix type of dma-fence context variable 2024-07-24 20:42:19 +03:00
virtgpu_trace_points.c
virtgpu_trace.h tracing/treewide: Remove second parameter of __assign_str() 2024-05-22 20:14:47 -04:00
virtgpu_vq.c drm/virtio: Implement VIRTIO_GPU_CMD_RESOURCE_DETACH_BACKING cmd 2024-11-26 12:52:18 +03:00
virtgpu_vram.c mm: replace vma->vm_flags direct modifications with modifier calls 2023-02-09 16:51:39 -08:00