Skip to content

GitLab

Switch branch/tag
History Find file
Clone
udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
Vivek Kasireddy authored 
[ Upstream commit d9c04a1b ]

When userspace tries to map the dmabuf and if for some reason
(e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be
set to NULL. Otherwise, when the userspace subsequently closes the
dmabuf fd, we'd try to erroneously free the invalid sg table from
release_udmabuf resulting in the following crash reported by syzbot:

general protection fault, probably for non-canonical address
0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 PID: 3609 Comm: syz-executor487 Not tainted
5.19.0-syzkaller-13930-g7ebfc85e #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 07/22/2022
RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline]
RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline]
RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114
Code...
bbe2f6f9
Name Last commit Last update
Documentation iio: ABI: Fix wrong format of differential capacitance channel ABI.
LICENSES LICENSES/deprecated: add Zlib license text
arch x86/entry: Work around Clang __bdos() bug
block block: fix inflight statistics of part0
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist
crypto crypto: akcipher - default implementation for setting a private key
drivers udmabuf: Set ubuf->sg = NULL if the creation of sg table fails
fs NFSD: fix use-after-free on source server when doing inter-server copy
include iommu/iova: Fix module config properly
init Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
kernel rcu-tasks: Convert RCU_LOCKDEP_WARN() to WARN_ONCE()
lib dyndbg: drop EXPORTed dynamic_debug_exec_queries
mm mm/mmap: undo ->mmap() when arch_validate_flags() fails
net Bluetooth: L2CAP: Fix user-after-free
samples x86: Prepare inline-asm for straight-line-speculation
scripts kbuild: rpm-pkg: fix breakage when V=1 is used
security hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
sound ALSA: hda/hdmi: Don't skip notification handling during PM operation
tools bpftool: Clear errno after libcap's checks
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage
virt KVM: SEV: add cache flush to solve SEV cache incoherency issues
.clang-format Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl
.gitattributes .gitattributes: use 'dts' diff driver for dts files
.gitignore kbuild: generate Module.symvers only when vmlinux exists
.mailmap mailmap: add two more addresses of Uwe Kleine-König
COPYING COPYING: state that all contributions really are covered by this file
CREDITS MAINTAINERS: Move Jason Cooper to CREDITS
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y
Kconfig kbuild: ensure full rebuild when the compiler is updated
MAINTAINERS MAINTAINERS: add Amir as xfs maintainer for 5.10.y
Makefile hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
README Drop all 00-INDEX files from Documentation/
README
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.