On Fri, Dec 16, 2022 at 3:33 PM Rob Clark <robdclark@xxxxxxxxx> wrote: > > From: Rob Clark <robdclark@xxxxxxxxxxxx> > > Userspace can guess the handle value and try to race GEM object creation > with handle close, resulting in a use-after-free if we dereference the > object after dropping the handle's reference. For that reason, dropping > the handle's reference must be done *after* we are done dereferencing > the object. > > Signed-off-by: Rob Clark <robdclark@xxxxxxxxxxxx> Reviewed-by: Chia-I Wu <olvaffe@xxxxxxxxx>
