github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-14 17:32:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
3faf0ce6e4
linux/drivers/gpu/drm
History
Linus Torvalds 5401b9adeb i915: don't use a vma that didn't match the context VM 
In eb_lookup_vma(), the code checks that the context vm matches before
incrementing the i915 vma usage count, but for the non-matching case it
didn't clear the non-matching vma pointer, so it would then mistakenly
be returned, causing potential UaF and refcount issues.

Reported-by: Yassine Mounir <sosohero200@gmail.com>
Suggested-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2026-04-05 12:42:25 -07:00
..
adp
amd drm/amd/display: Wire up dcn10_dio_construct() for all pre-DCN401 generations 2026-04-02 15:24:13 -04:00
arm Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
armada Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
aspeed
ast drm/ast: dp501: Fix initialization of SCU2C 2026-03-30 10:38:11 +02:00
atmel-hlcdc Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
bridge drm/bridge: dw-hdmi-qp: fix multi-channel audio output 2026-03-17 18:15:16 +01:00
ci mm.git review status for linus..mm-nonmm-stable 2026-02-12 12:13:01 -08:00
clients Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
display Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
etnaviv Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
exynos Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
fsl-dcu Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
gma500 Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
gud drm/gud: fix NULL crtc dereference on display disable 2026-03-08 20:20:30 +00:00
hisilicon drm/hisilicon/hibmc: Adding reset colorbar cfg in dp init. 2026-01-20 10:53:14 +02:00
hyperv drm/hyperv: Remove reference to hyperv_fb driver 2026-02-14 11:09:38 +01:00
i915 i915: don't use a vma that didn't match the context VM 2026-04-05 12:42:25 -07:00
imagination drm/imagination: Disable interrupts before suspending the GPU 2026-03-17 14:27:42 +00:00
imx Merge drm/drm-fixes into drm-misc-fixes 2026-02-23 10:09:45 +01:00
ingenic Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
kmb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
lib
lima Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
logicvc drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() 2026-02-10 15:18:36 +01:00
loongson Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
mcde
mediatek drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register 2026-03-22 14:15:44 +00:00
meson drm/meson/dw-hdmi: convert to of_drm_find_and_get_bridge() 2026-01-21 13:59:56 +01:00
mgag200 Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
msm Merge tag 'drm-msm-fixes-2026-03-06' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2026-03-12 14:38:07 +10:00
mxsfb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
nouveau nouveau/dpcd: return EBUSY for aux xfer if the device is asleep 2026-03-04 22:08:01 +01:00
nova
omapdrm Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
panel Several fixes for amdxdna around PM handling, error reporting and 2026-02-06 12:52:15 +10:00
panfrost Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
panthor drm/panthor: Correct the order of arguments passed to gem_sync 2026-03-05 16:53:09 +00:00
pl111 Linux 6.19-rc7 2026-01-28 12:44:28 +10:00
qxl Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
radeon drm/radeon: apply state adjust rules to some additional HAINAN vairants 2026-03-17 18:04:15 -04:00
renesas drm: renesas: rz-du: mipi_dsi: Set DSI divider 2026-03-02 10:28:38 +00:00
rockchip Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
scheduler drm/sched: Fix kernel-doc warning for drm_sched_job_done() 2026-03-04 10:29:27 +01:00
sitronix drm/sitronix/st7586: fix bad pixel data due to byte swap 2026-03-07 17:14:09 -06:00
solomon drm/solomon: Fix page start when updating rectangle in page addressing mode 2026-02-26 13:42:09 +01:00
sprd
sti Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
stm
sun4i Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
sysfb drm/sysfb: Fix efidrm error handling and memory type mismatch 2026-03-31 13:04:51 +02:00
tegra Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tests Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tidss Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tilcdc Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
tiny Merge drm/drm-fixes into drm-misc-fixes 2026-02-23 10:09:45 +01:00
ttm drm/ttm: Fix bo resource use-after-free 2026-03-05 08:12:36 +00:00
tve200
tyr Driver core changes for 7.0-rc1 2026-02-11 17:43:59 -08:00
udl Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
v3d Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
vboxvideo Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
vc4 Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
vgem Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
virtio Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
vkms Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
vmwgfx drm/vmwgfx: Don't overwrite KMS surface dirty tracker 2026-03-16 11:39:42 -04:00
xe drm/xe: Avoid memory allocations in xe_device_declare_wedged() 2026-03-30 08:52:20 -04:00
xen Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
xlnx Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_atomic_helper.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_atomic_state_helper.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_atomic_uapi.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_atomic.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_auth.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_blend.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_bridge_helper.c
drm_bridge.c drm/bridge: Fix refcount shown via debugfs for encoder_bridges_show() 2026-03-26 11:25:03 +01:00
drm_buddy.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_cache.c
drm_client_event.c
drm_client_modeset.c drm/client: Do not destroy NULL modes 2026-02-25 09:31:54 +02:00
drm_client_sysrq.c
drm_client.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_color_mgmt.c
drm_colorop.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_connector.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_crtc_helper_internal.h
drm_crtc_helper.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_crtc_internal.h
drm_crtc.c Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses 2026-02-22 08:26:33 -08:00
drm_damage_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_debugfs_crc.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_debugfs.c drm/debug: don't register files for unsupported HDMI InfoFrames 2026-01-19 13:11:47 +02:00
drm_displayid_internal.h
drm_displayid.c
drm_draw_internal.h
drm_draw.c
drm_drv.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_eld.c
drm_encoder.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c Linux 6.19-rc7 2026-01-28 12:44:28 +10:00
drm_fbdev_dma.c
drm_fbdev_shmem.c
drm_fbdev_ttm.c
drm_file.c Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" 2026-03-26 14:09:26 +01:00
drm_flip_work.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
drm_format_helper.c
drm_format_internal.h
drm_fourcc.c
drm_framebuffer.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gem_atomic_helper.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_gem_dma_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gem_framebuffer_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gem_shmem_helper.c drm/shmem-helper: Fix huge page mapping in fault handler 2026-03-20 09:15:39 +01:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gem.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_gpusvm.c drm/gpusvm: Fix drm_gpusvm_pages_valid_unlocked() kernel-doc 2026-02-24 09:25:36 -08:00
drm_gpuvm.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_internal.h
drm_ioc32.c drm/ioc32: stop speculation on the drm_compat_ioctl path 2026-04-02 08:24:55 +02:00
drm_ioctl.c
drm_kms_helper_common.c
drm_lease.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_managed.c
drm_mipi_dbi.c
drm_mipi_dsi.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_mm.c
drm_mode_config.c Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" 2026-03-26 14:09:26 +01:00
drm_mode_object.c drm/mode_object: add drm_object_immutable_property_get_value() 2026-01-14 02:18:31 +02:00
drm_modes.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_modeset_helper.c
drm_modeset_lock.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
drm_of.c
drm_pagemap_util.c drm/pagemap_util: Ensure proper cache lock management on free 2026-03-17 15:39:07 +01:00
drm_pagemap.c Revert "drm/pagemap: Disable device-to-device migration" 2026-03-04 08:53:37 -05:00
drm_panel_backlight_quirks.c
drm_panel_orientation_quirks.c
drm_panel.c
drm_panic_qr.rs
drm_panic.c
drm_pci.c
drm_plane_helper.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_plane.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
drm_prime.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_print.c
drm_privacy_screen_x86.c
drm_privacy_screen.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_probe_helper.c
drm_property.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_rect.c
drm_self_refresh_helper.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_simple_kms_helper.c
drm_suballoc.c treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
drm_syncobj.c drm/syncobj: Fix xa_alloc allocation flags 2026-03-25 08:05:35 +00:00
drm_sysfs.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_trace_points.c
drm_trace.h
drm_vblank_helper.c
drm_vblank_work.c
drm_vblank.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_vma_manager.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
drm_writeback.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
Kconfig Partly revert "drm/hyperv: Remove reference to hyperv_fb driver" 2026-02-14 14:38:23 -08:00
Kconfig.debug
Makefile Kbuild/Kconfig updates for 7.0 2026-02-11 13:40:35 -08:00