Re: [PATCH] drm/gem: Avoid use-after-free on drm_gem_mmap_obj() failure

ping? On Tue, 20 Sep 2022 16:24:08 +0900, Shigeru Yoshida wrote: > syzbot reported use-after-free for drm_gem_object [1]. This causes > the call trace like below: > > [ 75.327400][ T5723] Call Trace: > [ 75.327611][ T5723] > [ 75.327803][ T5723] drm_gem_object_handle_

[PATCH] drm/gem: Avoid use-after-free on drm_gem_mmap_obj() failure

without calling drm_gem_object_put(). Link: https://syzkaller.appspot.com/bug?id=c42a72b0b3bcedd95e5f132a4ccd7cd550334160 [1] Reported-by: syzbot+c512687fff9d22327...@syzkaller.appspotmail.com Signed-off-by: Shigeru Yoshida --- drivers/gpu/drm/drm_gem.c | 4 +++- 1 file changed, 3 insertions(+), 1

[PATCH] fbcon: Destroy mutex on freeing struct fb_info

It's needed to destroy bl_curve_mutex on freeing struct fb_info since the mutex is embedded in the structure and initialized when it's allocated. Signed-off-by: Shigeru Yoshida --- drivers/video/fbdev/core/fbsysfs.c | 4 1 file changed, 4 insertions(+) diff --git a/drivers/v

[PATCH] fbcon: Properly revert changes when vc_resize() failed

aaa7778273...@syzkaller.appspotmail.com Signed-off-by: Shigeru Yoshida --- drivers/video/fbdev/core/fbcon.c | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index cf9ac4da0a82..82