]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 8ec5a4e) | patch
drm/xe/vm: move xa_alloc to prevent UAF
authorMatthew Auld <matthew.auld@intel.com>
Wed, 25 Sep 2024 07:14:27 +0000 (08:14 +0100)
committerMatthew Auld <matthew.auld@intel.com>
Fri, 27 Sep 2024 08:28:58 +0000 (09:28 +0100)
commitdcfd3971327f3ee92765154baebbaece833d3ca9
treeba9f3374bea95dae78a17aa9c05b2a35c4952492tree
parent8ec5a4e5ce97d6ee9f5eb5b4ce4cfc831976fdeccommit | diff
drm/xe/vm: move xa_alloc to prevent UAF

Evil user can guess the next id of the vm before the ioctl completes and
then call vm destroy ioctl to trigger UAF since create ioctl is still
referencing the same vm. Move the xa_alloc all the way to the end to
prevent this.

v2:
 - Rebase

Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: <stable@vger.kernel.org> # v6.8+
Reviewed-by: Nirmoy Das <nirmoy.das@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240925071426.144015-3-matthew.auld@intel.com
drivers/gpu/drm/xe/xe_vm.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.