accel/qaic: Add overflow check to remap_pfn_range during mmap - linux - Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/

diff options

author	Zack McKevitt <zachary.mckevitt@oss.qualcomm.com>	2026-04-30 12:39:01 -0700
committer	Jeff Hugo <jeff.hugo@oss.qualcomm.com>	2026-05-12 10:58:18 -0600
commit	aa16b2bc0f02709919e2435f531406531e5bcc69 (patch)
tree	fb46615e7e592cdcce6726f46c5e6a78c0c0c01c /tools/perf/scripts/python
parent	53597deca0e38c30e6cd4ba2114fa42d2bcd85bb (diff)
download	linux-aa16b2bc0f02709919e2435f531406531e5bcc69.tar.gz linux-aa16b2bc0f02709919e2435f531406531e5bcc69.zip

accel/qaic: Add overflow check to remap_pfn_range during mmap

The call to remap_pfn_range in qaic_gem_object_mmap is susceptible to (re)mapping beyond the VMA if the BO is too large. This can cause use after free issues when munmap() unmaps only the VMA region and not the additional mappings. To prevent this, check the remaining size of the VMA before remapping and truncate the remapped length if sg->length is too large. Reported-by: Lukas Maar <lukas.maar@tugraz.at> Fixes: ff13be830333 ("accel/qaic: Add datapath") Reviewed-by: Karol Wachowski <karol.wachowski@linux.intel.com> Signed-off-by: Zack McKevitt <zachary.mckevitt@oss.qualcomm.com> Reviewed-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> [jhugo: fix braces from checkpatch --strict] Signed-off-by: Jeff Hugo <jeff.hugo@oss.qualcomm.com> Link: https://patch.msgid.link/20260430193858.1178641-1-zachary.mckevitt@oss.qualcomm.com

Diffstat (limited to 'tools/perf/scripts/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: