diff options
| author | Simona Vetter <simona.vetter@ffwll.ch> | 2025-07-09 16:52:20 +0300 | 
|---|---|---|
| committer | Steven Price <steven.price@arm.com> | 2025-07-10 12:16:50 +0300 | 
| commit | fe69a391808404977b1f002a6e7447de3de7a88e (patch) | |
| tree | 1336fc0240699305211493b774a45bf2eb941756 /scripts/gdb/linux/kasan.py | |
| parent | 0f168e7be696a17487e83d1d47e5a408a181080f (diff) | |
| download | linux-fe69a391808404977b1f002a6e7447de3de7a88e.tar.xz | |
drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code
The object is potentially already gone after the drm_gem_object_put().
In general the object should be fully constructed before calling
drm_gem_handle_create(), except the debugfs tracking uses a separate
lock and list and separate flag to denotate whether the object is
actually initialized.
Since I'm touching this all anyway simplify this by only adding the
object to the debugfs when it's ready for that, which allows us to
delete that separate flag. panthor_gem_debugfs_bo_rm() already checks
whether we've actually been added to the list or this is some error
path cleanup.
v2: Fix build issues for !CONFIG_DEBUGFS (Adrián)
v3: Add linebreak and remove outdated comment (Liviu)
Fixes: a3707f53eb3f ("drm/panthor: show device-wide list of DRM GEM objects over DebugFS")
Cc: Adrián Larumbe <adrian.larumbe@collabora.com>
Cc: Boris Brezillon <boris.brezillon@collabora.com>
Cc: Steven Price <steven.price@arm.com>
Cc: Liviu Dudau <liviu.dudau@arm.com>
Reviewed-by: Liviu Dudau <liviu.dudau@arm.com>
Signed-off-by: Simona Vetter <simona.vetter@intel.com>
Signed-off-by: Simona Vetter <simona.vetter@ffwll.ch>
Reviewed-by: Steven Price <steven.price@arm.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Link: https://lore.kernel.org/r/20250709135220.1428931-1-simona.vetter@ffwll.ch
Diffstat (limited to 'scripts/gdb/linux/kasan.py')
0 files changed, 0 insertions, 0 deletions
