linux.git - Linux kernel source tree

diff options

author	Andi Shyti <andi.shyti@kernel.org>	2026-04-08 14:39:15 +0200
committer	Christian König <christian.koenig@amd.com>	2026-04-13 15:59:22 +0200
commit	2d76319c4cbb19eccfca71fa05d40a6b4ce7fc3d (patch)
tree	a1d3e1b417133b779b71b820017b69af88228450 /include/linux/timerqueue.h
parent	eecdd4bd6e47bf0c8ff1e049771fa5bab7074c7c (diff)

dma-buf: fix UAF in dma_buf_put() tracepoint

dma_buf_put() may drop the final file reference via fput(), which can free the dma-buf. The new tracepoint invocation was added after fput(), and DMA_BUF_TRACE() dereferences dmabuf and takes dmabuf->name_lock. This leads to a use-after-free on the final put, visible for example as a spinlock bad magic fault on a poisoned 0x6b6b6b... lock. Move the dma_buf_put tracepoint before fput(). Reported-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com> Fixes: 281a22631423 ("dma-buf: add some tracepoints to debug.") Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Christian König <christian.koenig@amd.com> Link: https://lore.kernel.org/r/20260408123916.2604101-1-andi.shyti@kernel.org

Diffstat (limited to 'include/linux/timerqueue.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: