OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
89931d4762
linux/drivers/dma-buf
History
Pavel Skripkin 5d50f851dd udmabuf: validate ubuf->pagecount 
[ Upstream commit 2b6dd600dd72573c23ea180b5b0b2f1813405882 ]

Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The
problem was in ubuf->pages == ZERO_PTR.

ubuf->pagecount is calculated from arguments passed from user-space. If
user creates udmabuf with list.size == 0 then ubuf->pagecount will be
also equal to zero; it causes kmalloc_array() to return ZERO_PTR.

Fix it by validating ubuf->pagecount before passing it to
kmalloc_array().

Fixes: fbb0de7950 ("Add udmabuf misc device")
Reported-and-tested-by: syzbot+2c56b725ec547fa9cb29@syzkaller.appspotmail.com
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20211230142649.23022-1-paskripkin@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-04-15 14:18:10 +02:00
..
dma-buf.c dma-buf: WARN on dmabuf release with pending attachments 2021-11-17 09:48:27 +01:00
dma-fence-array.c dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() 2022-01-27 09:19:28 +01:00
dma-fence-chain.c dma-buf: fix stack corruption in dma_fence_chain_release 2019-08-05 17:32:33 +02:00
dma-fence.c dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) 2020-10-01 13:17:11 +02:00
dma-resv.c dma-buf/dma-resv: Respect num_fences when initializing the shared fence list. 2020-12-30 11:51:46 +01:00
Kconfig dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
Makefile dma-buf: Add selftests for dma-fence 2019-08-19 18:09:46 +01:00
selftest.c dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftest.h dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftests.h dma-buf: Add selftests for dma-fence 2019-08-19 18:09:46 +01:00
seqno-fence.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
st-dma-fence.c dmabuf: Mark up onstack timer for selftests 2019-08-20 13:49:15 +01:00
sw_sync.c dma-buf/sw_sync: Synchronize signal vs syncpt free 2019-08-13 07:57:51 +01:00
sync_debug.c Linux 5.2-rc5 2019-06-19 12:07:29 +02:00
sync_debug.h
sync_file.c dma-buf/sync_file: Don't leak fences on merge failure 2021-07-25 14:35:15 +02:00
sync_trace.h
udmabuf.c udmabuf: validate ubuf->pagecount 2022-04-15 14:18:10 +02:00