Re: [PATCH] drm: Fix possible memleak and UAF in drm_addmap_core()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Nov 24, 2022 at 09:02:19AM +0800, Gaosheng Cui wrote:
> The dma_free_coherent() should be called when memory fails to
> be allocated for list, or drm_map_handle() fails, otherwise there
> will be a memory leak, so add dma_free_coherent to fix it.
> 
> In addition, if drm_map_handle() fails in drm_addmap_core(), list
> will be freed, but list->head will not be removed from dev->map_list,
> then list traversal may cause UAF, fix it by removeing it from
> dev->map_list before kfree().
> 
> Fixes: 8e4ff9b56957 ("drm: Remove the dma_alloc_coherent wrapper for internal usage")
> Fixes: 8d153f7107ff ("drm: update user token hashing and map handles")
> Signed-off-by: Gaosheng Cui <cuigaosheng1@xxxxxxxxxx>

Reviewed-by: Stanislaw Gruszka <stanislaw.gruszka@xxxxxxxxxxxxxxx>
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux