[PATCH] udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
Gerd Hoffmann
kraxel at redhat.com
Thu Aug 25 10:00:28 UTC 2022
On Wed, Aug 24, 2022 at 11:35:22PM -0700, Vivek Kasireddy wrote:
> When userspace tries to map the dmabuf and if for some reason
> (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be
> set to NULL. Otherwise, when the userspace subsequently closes the
> dmabuf fd, we'd try to erroneously free the invalid sg table from
> release_udmabuf resulting in the following crash reported by syzbot:
>
> general protection fault, probably for non-canonical address
> 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
[ ... ]
> Reported-by: syzbot+c80e9ef5d8bb45894db0 at syzkaller.appspotmail.com
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> Signed-off-by: Vivek Kasireddy <vivek.kasireddy at intel.com>
Pushed to drm-misc-next.
thanks,
Gerd
More information about the dri-devel
mailing list