linux/drivers/dma-buf
Charan Teja Reddy 19a508bd1a dmabuf: fix NULL pointer dereference in dma_buf_release()
NULL pointer dereference is observed while exporting the dmabuf but
failed to allocate the 'struct file' which results into the dropping of
the allocated dentry corresponding to this file in the dmabuf fs, which
is ending up in dma_buf_release() and accessing the uninitialzed
dentry->d_fsdata.

Call stack on 5.4 is below:
 dma_buf_release+0x2c/0x254 drivers/dma-buf/dma-buf.c:88
 __dentry_kill+0x294/0x31c fs/dcache.c:584
 dentry_kill fs/dcache.c:673 [inline]
 dput+0x250/0x380 fs/dcache.c:859
 path_put+0x24/0x40 fs/namei.c:485
 alloc_file_pseudo+0x1a4/0x200 fs/file_table.c:235
 dma_buf_getfile drivers/dma-buf/dma-buf.c:473 [inline]
 dma_buf_export+0x25c/0x3ec drivers/dma-buf/dma-buf.c:585

Fix this by checking for the valid pointer in the dentry->d_fsdata.

Fixes: 4ab59c3c63 ("dma-buf: Move dma_buf_release() from fops to dentry_ops")
Cc: <stable@vger.kernel.org> [5.7+]
Signed-off-by: Charan Teja Reddy <charante@codeaurora.org>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/391319/
Signed-off-by: Christian König <christian.koenig@amd.com>
2020-09-21 11:17:06 +02:00
..
heaps dma-buf: heaps: Remove redundant heap identifier from system heap name 2019-12-17 21:37:40 +05:30
dma-buf.c dmabuf: fix NULL pointer dereference in dma_buf_release() 2020-09-21 11:17:06 +02:00
dma-fence-array.c dma-fence: Propagate errors to dma-fence-array container 2019-08-12 08:25:52 +01:00
dma-fence-chain.c dma-buf: fence-chain: Document missing dma_fence_chain_init() parameter in kerneldoc 2020-09-03 17:47:02 +05:30
dma-fence.c dma-fence: Make symbol 'dma_fence_lockdep_map' static 2020-07-23 14:33:12 +10:00
dma-heap.c dma-heap: Make the symbol 'dma_heap_ioctl_cmds' static 2019-12-18 00:41:29 +05:30
dma-resv.c A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile dma-buf: Exercise dma-fence-chain under selftests 2020-04-09 19:58:55 +01:00
selftest.c dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftest.h dma-buf: Introduce selftesting framework 2019-08-19 18:01:34 +01:00
selftests.h Merge drm/drm-next into drm-intel-next-queued 2020-06-25 18:05:03 +03:00
seqno-fence.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174 2019-05-30 11:26:41 -07:00
st-dma-fence-chain.c dma-buf: fix dma-fence-chain out of order test 2020-07-02 15:21:40 +02:00
st-dma-fence.c dmabuf: Mark up onstack timer for selftests 2019-08-20 13:49:15 +01:00
sw_sync.c compat_ioctl: move more drivers to compat_ptr_ioctl 2019-10-23 17:23:44 +02:00
sync_debug.c Linux 5.2-rc5 2019-06-19 12:07:29 +02:00
sync_debug.h dma-buf: Remove unused sync_dump() 2019-04-23 09:30:07 +01:00
sync_file.c - A fix for a memory leak in the dma-buf support 2019-12-09 17:13:19 +10:00
sync_trace.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udmabuf.c udmabuf: fix dma-buf cpu access 2019-12-18 09:11:38 +01:00