Zack McKevitt aa16b2bc0f accel/qaic: Add overflow check to remap_pfn_range during mmap ... The call to remap_pfn_range in qaic_gem_object_mmap is susceptible to (re)mapping beyond the VMA if the BO is too large. This can cause use after free issues when munmap() unmaps only the VMA region and not the additional mappings. To prevent this, check the remaining size of the VMA before remapping and truncate the remapped length if sg->length is too large. Reported-by: Lukas Maar <lukas.maar@tugraz.at> Fixes: ff13be8303 ("accel/qaic: Add datapath") Reviewed-by: Karol Wachowski <karol.wachowski@linux.intel.com> Signed-off-by: Zack McKevitt <zachary.mckevitt@oss.qualcomm.com> Reviewed-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> [jhugo: fix braces from checkpatch --strict] Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Link: https://patch.msgid.link/20260430193858.1178641-1-zachary.mckevitt@oss.qualcomm.com		2026-05-12 10:58:18 -06:00
..
amdxdna	Merge drm/drm-fixes into drm-misc-next-fixes	2026-03-30 10:05:36 +02:00
ethosu	accel: ethosu: Add hardware dependency hint	2026-04-02 15:18:14 -05:00
habanalabs	Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses	2026-02-22 08:26:33 -08:00
ivpu	accel/ivpu: Disallow re-exporting imported GEM objects	2026-04-30 13:51:37 +02:00
qaic	accel/qaic: Add overflow check to remap_pfn_range during mmap	2026-05-12 10:58:18 -06:00
rocket	accel/rocket: Fix prep_bo ioctl leaking positive return from dma_resv_wait_timeout()	2026-05-07 14:52:55 +01:00
Kconfig	accel: Add Arm Ethos-U NPU driver	2025-10-24 15:07:39 -05:00
Makefile	accel: Add Arm Ethos-U NPU driver	2025-10-24 15:07:39 -05:00
drm_accel.c	drm: move drm based debugfs funcs to drm_debugfs.c	2025-07-04 15:58:22 +02:00