Hello Vivek Kasireddy,
Commit 2885e575abc7 ("drm/virtio: Add helpers to initialize and free
the imported object") from Nov 25, 2024 (linux-next), leads to the
following Smatch static checker warning:
drivers/gpu/drm/virtio/virtgpu_prime.c:206 virtgpu_dma_buf_free_obj()
error: dereferencing freed memory 'attach' (line 205)
drivers/gpu/drm/virtio/virtgpu_prime.c
187 static void virtgpu_dma_buf_free_obj(struct drm_gem_object *obj)
188 {
189 struct virtio_gpu_object *bo = gem_to_virtio_gpu_obj(obj);
190 struct virtio_gpu_device *vgdev = obj->dev->dev_private;
191 struct dma_buf_attachment *attach = obj->import_attach;
192 struct dma_resv *resv = attach->dmabuf->resv;
193
194 if (attach) {
195 dma_resv_lock(resv, NULL);
196
197 virtio_gpu_detach_object_fenced(bo);
198
199 if (bo->sgt)
200 dma_buf_unmap_attachment(attach, bo->sgt,
201 DMA_BIDIRECTIONAL);
202
203 dma_resv_unlock(resv);
204
205 dma_buf_detach(attach->dmabuf, attach);
^^^^^^
attach is kfreed here
--> 206 dma_buf_put(attach->dmabuf);
^^^^^^
use after free
207 }
208
209 if (bo->created) {
210 virtio_gpu_cmd_unref_resource(vgdev, bo);
211 virtio_gpu_notify(vgdev);
212 return;
213 }
214 virtio_gpu_cleanup_object(bo);
215 }
regards,
dan carpenter
