Displaying 2 results from an estimated 2 matches for "virtio_gpu_submit".
2023 Mar 22
0
[PATCH v2 1/2] drm/virtio: Refactor job submission code path
...Alon Levy
> + */
> +
> +#include <linux/file.h>
> +#include <linux/sync_file.h>
> +#include <linux/uaccess.h>
> +
> +#include <drm/drm_file.h>
> +#include <drm/virtgpu_drm.h>
> +
> +#include "virtgpu_drv.h"
> +
> +struct virtio_gpu_submit {
> + struct virtio_gpu_object_array *buflist;
> + struct drm_virtgpu_execbuffer *exbuf;
> + struct virtio_gpu_fence *out_fence;
> + struct virtio_gpu_fpriv *vfpriv;
> + struct virtio_gpu_device *vgdev;
> + struct drm_file *file;
> + ui...
2023 Apr 03
1
[PATCH v4 2/2] drm/virtio: Support sync objects
...t looked at it too closely
> > but I suspect that will trigger an UAF or two.
>
> There are checks for NULL pointers in the code that will prevent the
> UAF. I'll add zeroing of the nums for more consistency.
>
Riiiight the drm_syncobj is attached to the encapsulating struct
virtio_gpu_submit _only_ on success.
By clearing the num variables, the NULL checks will no longer be
needed ... in case you'd want to drop that.
Either way - even as-is the code is safe.
> >> ret = virtio_gpu_install_out_fence_fd(&submit);
> >> if (ret)
> >>...