| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250911121537.523195c5@fedora> Date: Thu, 11 Sep 2025 12:15:37 +0200 From: Boris Brezillon <boris.brezillon@...labora.com> To: Alice Ryhl <aliceryhl@...gle.com> Cc: Danilo Krummrich <dakr@...nel.org>, Matthew Brost <matthew.brost@...el.com>, "Thomas Hellström" <thomas.hellstrom@...ux.intel.com>, Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>, Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>, David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>, Steven Price <steven.price@....com>, Daniel Almeida <daniel.almeida@...labora.com>, Liviu Dudau <liviu.dudau@....com>, dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org Subject: Re: [PATCH v2 2/2] panthor: use drm_gpuva_unlink_defer() On Tue, 09 Sep 2025 13:36:23 +0000 Alice Ryhl <aliceryhl@...gle.com> wrote: > static void panthor_vma_init(struct panthor_vma *vma, u32 flags) > @@ -2084,12 +2010,12 @@ static int panthor_gpuva_sm_step_map(struct drm_gpuva_op *op, void *priv) > if (ret) > return ret; > > - /* Ref owned by the mapping now, clear the obj field so we don't release the > - * pinning/obj ref behind GPUVA's back. > - */ > drm_gpuva_map(&vm->base, &vma->base, &op->map); > panthor_vma_link(vm, vma, op_ctx->map.vm_bo); > + > + drm_gpuvm_bo_put_deferred(op_ctx->map.vm_bo); Hm, I don't see why we need a drm_gpuvm_bo_put_deferred() here. The original idea was to delegate the vm_bo ownership to the VA being added to the VM tree, so if we put it here, we have a UAF situation, don't we? > op_ctx->map.vm_bo = NULL; > + > return 0; > }
Powered by blists - more mailing lists