review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Zack Rusin <zackr@vmware.com>
	Fri, 18 Aug 2023 04:13:01 +0000 (00:13 -0400)
committer	Zack Rusin <zackr@vmware.com>
	Wed, 23 Aug 2023 17:20:04 +0000 (13:20 -0400)
commit	f9e96bf1905479f18e83a3a4c314a8dfa56ede2c
tree	e66f797c55073d1c284fb802f5a9f78e5c9db7ae	tree \| snapshot
parent	14abdfae508228a7307f7491b5c4215ae70c6542	commit \| diff

drm/vmwgfx: Fix possible invalid drm gem put calls

vmw_bo_unreference sets the input buffer to null on exit, resulting in
null ptr deref's on the subsequent drm gem put calls.

This went unnoticed because only very old userspace would be exercising
those paths but it wouldn't be hard to hit on old distros with brand
new kernels.

Introduce a new function that abstracts unrefing of user bo's to make
the code cleaner and more explicit.

Signed-off-by: Zack Rusin <zackr@vmware.com>
Reported-by: Ian Forbes <iforbes@vmware.com>
Fixes: 9ef8d83e8e25 ("drm/vmwgfx: Do not drop the reference to the handle too soon")
Cc: <stable@vger.kernel.org> # v6.4+
Reviewed-by: Maaz Mombasawala<mombasawalam@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230818041301.407636-1-zack@kde.org

drivers/gpu/drm/vmwgfx/vmwgfx_bo.c		diff \| blob \| history
drivers/gpu/drm/vmwgfx/vmwgfx_bo.h		diff \| blob \| history
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c		diff \| blob \| history
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c		diff \| blob \| history
drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c		diff \| blob \| history
drivers/gpu/drm/vmwgfx/vmwgfx_shader.c		diff \| blob \| history