hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/drivers/gpu/drm/vkms
History
Eric Biggers 36b6c9ed45
drm/vkms: fix use-after-free when drm_gem_handle_create() fails 
If drm_gem_handle_create() fails in vkms_gem_create(), then the
vkms_gem_object is freed twice: once when the reference is dropped by
drm_gem_object_put_unlocked(), and again by the extra calls to
drm_gem_object_release() and kfree().

Fix it by skipping the second release and free.

This bug was originally found in the vgem driver by syzkaller using
fault injection, but I noticed it's also present in the vkms driver.

Fixes: 559e50fd34 ("drm/vkms: Add dumb operations")
Cc: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Cc: Haneen Mohammed <hamohammed.sa@gmail.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Reviewed-by: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Signed-off-by: Rodrigo Siqueira <rodrigosiqueiramelo@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190226220858.214438-1-ebiggers@kernel.org
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
 		2019-03-18 08:45:57 +01:00
..
Makefile drm/vkms: Implement CRC debugfs API 2018-08-03 14:52:58 -04:00
vkms_crc.c drm/vkms: Fix license inconsistent 2019-02-10 10:23:06 -02:00
vkms_crtc.c Linux 5.0-rc7 2019-02-18 13:27:15 +10:00
vkms_drv.c Linux 5.0-rc7 2019-02-18 13:27:15 +10:00
vkms_drv.h drm/vkms: Fix license inconsistent 2019-02-10 10:23:06 -02:00
vkms_gem.c drm/vkms: fix use-after-free when drm_gem_handle_create() fails 2019-03-18 08:45:57 +01:00
vkms_output.c Linux 5.0-rc7 2019-02-18 13:27:15 +10:00
vkms_plane.c drm/vkms: Fix license inconsistent 2019-02-10 10:23:06 -02:00