superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu
History
Thomas Hellström c9db07cab7 drm/xe/svm: Fix a potential bo UAF 
If drm_gpusvm_migrate_to_devmem() succeeds, if a cpu access happens to the
range the bo may be freed before xe_bo_unlock(), causing a UAF.

Since the reference is transferred, use xe_svm_devmem_release() to
release the reference on drm_gpusvm_migrate_to_devmem() failure,
and hold a local reference to protect the UAF.

Fixes: 2f118c9491 ("drm/xe: Add SVM VRAM migration")
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Link: https://lore.kernel.org/r/20250326080551.40201-3-thomas.hellstrom@linux.intel.com
 		2025-03-27 11:49:58 +01:00
..
drm drm/xe/svm: Fix a potential bo UAF 2025-03-27 11:49:58 +01:00
host1x gpu: host1x: Remove unused host1x_debug_dump_syncpts 2025-02-28 17:44:13 +01:00
ipu-v3 gpu: ipu-v3 ipu-cpmem: Remove unused functions 2025-03-01 11:29:03 +02:00
nova-core gpu: nova-core: add initial driver stub 2025-03-09 19:24:27 +01:00
trace
vga
Makefile gpu: nova-core: add initial driver stub 2025-03-09 19:24:27 +01:00