superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/iommu/iommufd
History
Jason Gunthorpe 53d0584eeb iommufd: WARN if an object is aborted with an elevated refcount 
If something holds a refcount then it is at risk of UAFing. For abort
paths we expect the caller to never share the object with a parallel
thread and to clean up any refcounts it obtained on its own.

Add the missing dec inside iommufd_hwpt_paging_alloc() during error unwind
by making iommufd_hw_pagetable_attach/detach() proper pairs.

Link: https://patch.msgid.link/r/2-v1-02cd136829df+31-iommufd_syz_fput_jgg@nvidia.com
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
 		2025-09-19 10:34:49 -03:00
..
Kconfig iommufd: Move iommufd_sw_msi and related functions to driver.c 2025-03-25 10:18:19 -03:00
Makefile iommufd: Rename fault.c to eventq.c 2025-03-17 14:51:19 -03:00
device.c iommufd: WARN if an object is aborted with an elevated refcount 2025-09-19 10:34:49 -03:00
double_span.h
driver.c iommufd/vdevice: Remove struct device reference from struct vdevice 2025-07-18 17:33:08 -03:00
eventq.c iommufd: Fix race during abort for file descriptors 2025-09-19 10:34:49 -03:00
hw_pagetable.c iommufd: Return EOPNOTSUPP for failures due to driver bugs 2025-06-19 15:43:28 -03:00
io_pagetable.c iommufd: Prevent ALIGN() overflow 2025-07-17 11:46:55 -03:00
io_pagetable.h iommufd/access: Bypass access->ops->unmap for internal use 2025-07-11 11:09:22 -03:00
ioas.c iommufd: Add IOMMU_IOAS_CHANGE_PROCESS 2024-11-14 12:57:13 -04:00
iommufd_private.h iommufd: WARN if an object is aborted with an elevated refcount 2025-09-19 10:34:49 -03:00
iommufd_test.h iommufd/selftest: Add coverage for the new mmap interface 2025-07-11 14:34:35 -03:00
iova_bitmap.c iommufd: Apply obvious cosmetic fixes 2025-06-19 15:43:27 -03:00
main.c iommufd: WARN if an object is aborted with an elevated refcount 2025-09-19 10:34:49 -03:00
pages.c iommufd/access: Bypass access->ops->unmap for internal use 2025-07-11 11:09:22 -03:00
selftest.c iommufd 6.17 merge window pull 2025-07-31 12:43:08 -07:00
vfio_compat.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
viommu.c iommufd: viommu: free memory allocated by kvcalloc() using kvfree() 2025-08-18 11:10:40 -03:00