niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/drivers/gpu/drm/vmwgfx
History
Zack Rusin f9e96bf190 drm/vmwgfx: Fix possible invalid drm gem put calls 
vmw_bo_unreference sets the input buffer to null on exit, resulting in
null ptr deref's on the subsequent drm gem put calls.

This went unnoticed because only very old userspace would be exercising
those paths but it wouldn't be hard to hit on old distros with brand
new kernels.

Introduce a new function that abstracts unrefing of user bo's to make
the code cleaner and more explicit.

Signed-off-by: Zack Rusin <zackr@vmware.com>
Reported-by: Ian Forbes <iforbes@vmware.com>
Fixes: 9ef8d83e8e ("drm/vmwgfx: Do not drop the reference to the handle too soon")
Cc: <stable@vger.kernel.org> # v6.4+
Reviewed-by: Maaz Mombasawala<mombasawalam@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230818041301.407636-1-zack@kde.org
2023-08-23 13:20:04 -04:00
..
device_include drm/vmwgfx: cleanup comments 2022-08-04 11:30:46 -04:00
Kconfig drm/vmwgfx: Port the framebuffer code to drm fb helpers 2022-10-25 12:42:27 -04:00
Makefile drm/vmwgfx: Use the common gem mmap instead of the custom code 2023-02-13 21:34:13 -05:00
ttm_object.c drm/vmwgfx: Remove rcu locks from user resources 2023-01-09 21:15:36 -05:00
ttm_object.h Linux 6.2-rc6 2023-01-31 12:23:23 +01:00
vmw_surface_cache.h drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_binding.c drm/vmwgfx: add support for updating only offsets of constant buffers 2021-12-09 13:16:30 -05:00
vmwgfx_binding.h drm/vmwgfx: add support for updating only offsets of constant buffers 2021-12-09 13:16:30 -05:00
vmwgfx_blit.c drm/ttm: rework on ttm_resource to use size_t type 2022-10-27 11:42:58 +02:00
vmwgfx_bo.c drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_bo.h drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_cmd.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_cmdbuf.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_cmdbuf_res.c drm/vmwgfx: Remove vmwgfx_hashtab 2022-10-25 12:42:25 -04:00
vmwgfx_context.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_cotable.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_devcaps.c drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_devcaps.h drm/vmwgfx: Update device headers 2021-06-16 14:27:00 -04:00
vmwgfx_drv.c drm/vmwgfx: Print errors when running on broken/unsupported configs 2023-04-11 12:29:30 -04:00
vmwgfx_drv.h drm/vmwgfx: Fix shader stage validation 2023-08-23 13:19:22 -04:00
vmwgfx_execbuf.c drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_fence.c drm/vmwgfx: Rename vmw_buffer_object to vmw_bo 2023-02-13 22:37:08 -05:00
vmwgfx_fence.h drm/vmwgfx: remove vmw_wait_dma_fence 2022-02-02 16:15:37 +01:00
vmwgfx_gem.c drm: Track clients by tgid and not tid 2023-03-15 14:03:00 +01:00
vmwgfx_gmr.c drm/ttm: merge ttm_bo_api.h and ttm_bo_driver.h v2 2022-12-06 12:54:14 +01:00
vmwgfx_gmrid_manager.c drm/ttm: merge ttm_bo_api.h and ttm_bo_driver.h v2 2022-12-06 12:54:14 +01:00
vmwgfx_ioctl.c drm/vmwgfx: Allow querying of the SVGA PCI id from the userspace 2022-03-11 13:29:35 -05:00
vmwgfx_irq.c drm/vmwgfx: Implement MSI/MSI-X support for IRQs 2022-03-11 13:29:37 -05:00
vmwgfx_kms.c drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_kms.h drm/vmwgfx: Fix Legacy Display Unit atomic drm support 2023-04-11 12:29:30 -04:00
vmwgfx_ldu.c drm/vmwgfx: Fix Legacy Display Unit atomic drm support 2023-04-11 12:29:30 -04:00
vmwgfx_mksstat.h drm/vmwgfx: Add a mksstat counter for cotable resizes 2022-10-25 12:42:30 -04:00
vmwgfx_mob.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_msg.c drm/vmwgfx: Print errors when running on broken/unsupported configs 2023-04-11 12:29:30 -04:00
vmwgfx_msg_arm64.h treewide: fix up files incorrectly marked executable 2023-01-26 10:05:39 -08:00
vmwgfx_msg_x86.h drm/vmwgfx: Add unwind hints around RBP clobber 2023-06-07 10:03:12 -07:00
vmwgfx_overlay.c drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_page_dirty.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_prime.c drm/vmwgfx: Implement DRIVER_GEM 2021-12-09 13:16:16 -05:00
vmwgfx_reg.h
vmwgfx_resource.c drm/vmwgfx: Make the driver work without the dummy resources 2023-02-13 22:37:55 -05:00
vmwgfx_resource_priv.h drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_scrn.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_shader.c drm/vmwgfx: Fix possible invalid drm gem put calls 2023-08-23 13:20:04 -04:00
vmwgfx_simple_resource.c drm/vmwgfx: cleanup comments 2022-08-04 11:30:46 -04:00
vmwgfx_so.c flexible-array transformations for 6.4-rc1 2023-04-26 08:25:57 -07:00
vmwgfx_so.h drm/vmwgfx: support SVGA_3D_CMD_DX_DEFINE_RASTERIZER_STATE_V2 command 2021-12-09 13:16:27 -05:00
vmwgfx_stdu.c drm/vmwgfx: Fix src/dst_pitch confusion 2023-03-15 16:15:25 -04:00
vmwgfx_streamoutput.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_surface.c drm/vmwgfx: Do not drop the reference to the handle too soon 2023-02-14 23:00:09 -05:00
vmwgfx_system_manager.c drm/ttm: merge ttm_bo_api.h and ttm_bo_driver.h v2 2022-12-06 12:54:14 +01:00
vmwgfx_ttm_buffer.c drm/vmwgfx: Make the driver work without the dummy resources 2023-02-13 22:37:55 -05:00
vmwgfx_ttm_glue.c drm/vmwgfx: Use the common gem mmap instead of the custom code 2023-02-13 21:34:13 -05:00
vmwgfx_va.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_validation.c drm/vmwgfx: Stop using raw ttm_buffer_object's 2023-02-13 22:37:55 -05:00
vmwgfx_validation.h drm/vmwgfx: Abstract placement selection 2023-02-13 22:37:55 -05:00