You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix the following issues identified by Smatch static checker:
- The call to dma_buf_put(attach->dmabuf) after dma_buf_detach()
leads to a UAF bug as dma_buf_detach() frees the attach object.
Fix this by extracting the dmabuf object from attach and using
that in the call to dma_buf_put().
- The resv object is extracted from attach before checking to see
if attach is valid (that is !NULL) or not. Although, attach would
very likely be valid, fix this by making sure that the resv object
is used only after ensuring that attach is valid.
Fixes: 2885e57 ("drm/virtio: Add helpers to initialize and free the imported object")
Fixes: ca77f27 ("drm/virtio: Import prime buffers from other devices as guest blobs")
Cc: Gerd Hoffmann <[email protected]>
Cc: Dmitry Osipenko <[email protected]>
Cc: Gurchetan Singh <[email protected]>
Cc: Chia-I Wu <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Signed-off-by: Vivek Kasireddy <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Reviewed-by: Dmitry Osipenko <[email protected]>
Tested-by: Dmitry Osipenko <[email protected]>
Signed-off-by: Dmitry Osipenko <[email protected]>
[[email protected]: Edited commit title]
0 commit comments