mirror
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers/gpu/drm/virtio
History
Rob Clark 5253125831 drm/virtio: Fix GEM handle creation UAF 
Userspace can guess the handle value and try to race GEM object creation
with handle close, resulting in a use-after-free if we dereference the
object after dropping the handle's reference.  For that reason, dropping
the handle's reference must be done *after* we are done dereferencing
the object.

Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
Fixes: 62fb7a5e10 ("virtio-gpu: add 3d/virgl support")
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221216233355.542197-2-robdclark@gmail.com
 		2023-01-10 02:17:50 +03:00
..
Kconfig drivers: gpu: drm: virtio: fix dependency of DRM_VIRTIO_GPU on VIRTIO 2020-12-22 13:43:29 +01:00
Makefile
virtgpu_debugfs.c drm: Convert open-coded yes/no strings to yesno() 2022-02-07 13:04:25 -08:00
virtgpu_display.c drm/virtio: set fb_modifiers_not_supported 2022-09-07 12:13:22 +02:00
virtgpu_drv.c drm/fb-helper: Move generic fbdev emulation into separate source file 2022-11-05 17:12:04 +01:00
virtgpu_drv.h drm/fb-helper: Remove unnecessary include statements 2022-11-05 17:12:04 +01:00
virtgpu_fence.c drm/virtio: implement context init: add virtio_gpu_fence_event 2021-09-29 09:22:31 +02:00
virtgpu_gem.c drm/virtio: Unlock reservations on dma_resv_reserve_fences() error 2022-07-19 14:40:58 +02:00
virtgpu_ioctl.c drm/virtio: Fix GEM handle creation UAF 2023-01-10 02:17:50 +03:00
virtgpu_kms.c drm/virtio: kms: use drm managed resources 2022-07-19 14:40:59 +02:00
virtgpu_object.c drm/virtio: Fix memory leak in virtio_gpu_object_create() 2023-01-02 17:42:25 +03:00
virtgpu_plane.c drm/virtio: remove drm_plane_cleanup() destroy hook 2022-08-19 16:00:15 +02:00
virtgpu_prime.c drm/virtio: simplify the return expression 2022-06-09 07:30:13 +02:00
virtgpu_trace.h
virtgpu_trace_points.c
virtgpu_vq.c drm/virtio: Return proper error codes instead of -1 2022-07-19 14:40:58 +02:00
virtgpu_vram.c drm/virtio: support mapping exported vram 2021-08-16 14:09:40 +02:00