[PATCH] drm/virtio: Fix Smatch tool warnings in virtgpu_dma_buf_free_obj()

[Dmitry Osipenko]

On 12/12/24 08:54, Vivek Kasireddy wrote:
> Fix the following issues identified by Smatch static checker:
> - The call to dma_buf_put(attach->dmabuf) after dma_buf_detach()
>   leads to a UAF bug as dma_buf_detach() frees the attach object.
>   Fix this by extracting the dmabuf object from attach and using
>   that in the call to dma_buf_put().
> 
> - The resv object is extracted from attach before checking to see
>   if attach is valid (that is !NULL) or not. Although, attach would
>   very likely be valid, fix this by making sure that the resv object
>   is used only after ensuring that attach is valid.
> 
> Fixes: 2885e575abc7 ("drm/virtio: Add helpers to initialize and free the imported object")
> Fixes: ca77f27a2665 ("drm/virtio: Import prime buffers from other devices as guest blobs")
> Cc: Gerd Hoffmann <kraxel at redhat.com>
> Cc: Dmitry Osipenko <dmitry.osipenko at collabora.com>
> Cc: Gurchetan Singh <gurchetansingh at chromium.org>
> Cc: Chia-I Wu <olvaffe at gmail.com>
> Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
> Signed-off-by: Vivek Kasireddy <vivek.kasireddy at intel.com>
> ---
>  drivers/gpu/drm/virtio/virtgpu_prime.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)

Applied to misc-next with edited commit title, thanks!

P.S.: This patch may also be needed applied to next-fixes, but that
branch is locked at the moment. I'll keep an eye on whether patch will
be missed in 6.14-rc1 and I'll need to re-add it to the -fixes.

-- 
Best regards,
Dmitry