Commit 06def97c authored by Rob Clark's avatar Rob Clark Committed by Richard Fung
Browse files

FROMGIT: drm/shmem-helper: Remove errant put in error path 

drm_gem_shmem_mmap() doesn't own this reference, resulting in the GEM
object getting prematurely freed leading to a later use-after-free.

Link: https://syzkaller.appspot.com/bug?extid=c8ae65286134dd1b800d


Reported-by: default avatar <syzbot+c8ae65286134dd1b800d@syzkaller.appspotmail.com>
Fixes: 2194a63a ("drm: Add library for shmem backed GEM objects")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarRob Clark <robdclark@chromium.org>
Reviewed-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: default avatarJavier Martinez Canillas <javierm@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221130185748.357410-2-robdclark@gmail.com
(cherry picked from commit 24013314
 git://anongit.freedesktop.org/drm/drm-misc drm-misc-fixes)

BUG=chromium:1393499
TEST=boot trogdor

Change-Id: Ia81cac04a692d115cbeb625314272d66e8216e9d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4081881


Tested-by: default avatarRob Clark <robdclark@chromium.org>
Auto-Submit: Rob Clark <robdclark@chromium.org>
Reviewed-by: default avatarDouglas Anderson <dianders@chromium.org>
Commit-Queue: Rob Clark <robdclark@chromium.org>
(cherry picked from commit 936b9b7e61788306021814a6a8741d6e900aa511)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/4086781


Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Reviewed-by: default avatarSean Paul <sean@poorly.run>
Signed-off-by: default avatarRichard Fung <richardfung@google.com>
parent bb4ebda7
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment