Re: [PATCH] drm/virtio: Fix GEM handle creation UAF

2023-01-10 Thread Dmitry Osipenko
On 1/10/23 04:47, Rob Clark wrote: > On Mon, Jan 9, 2023 at 3:28 PM Dmitry Osipenko > wrote: >> >> On 12/17/22 02:33, Rob Clark wrote: >>> From: Rob Clark >>> >>> Userspace can guess the handle value and try to race GEM object creation >>> with handle close, resulting in a use-after-free if we de

Re: [PATCH] drm/virtio: Fix GEM handle creation UAF

2023-01-09 Thread Rob Clark
On Mon, Jan 9, 2023 at 3:28 PM Dmitry Osipenko wrote: > > On 12/17/22 02:33, Rob Clark wrote: > > From: Rob Clark > > > > Userspace can guess the handle value and try to race GEM object creation > > with handle close, resulting in a use-after-free if we dereference the > > object after dropping t

Re: [PATCH] drm/virtio: Fix GEM handle creation UAF

2023-01-09 Thread Dmitry Osipenko
On 12/17/22 02:33, Rob Clark wrote: > From: Rob Clark > > Userspace can guess the handle value and try to race GEM object creation > with handle close, resulting in a use-after-free if we dereference the > object after dropping the handle's reference. For that reason, dropping > the handle's ref

Re: [PATCH] drm/virtio: Fix GEM handle creation UAF

2022-12-16 Thread Chia-I Wu
On Fri, Dec 16, 2022 at 3:33 PM Rob Clark wrote: > > From: Rob Clark > > Userspace can guess the handle value and try to race GEM object creation > with handle close, resulting in a use-after-free if we dereference the > object after dropping the handle's reference. For that reason, dropping > t

[PATCH] drm/virtio: Fix GEM handle creation UAF

2022-12-16 Thread Rob Clark
From: Rob Clark Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done derefere