Hi Nirmoy and Dmitry,
> Subject: Re: [PATCH v4 2/3] drm/virtio: Add support for saving and restoring
> virtio_gpu_objects
>
> On 10/1/25 16:13, Nirmoy Das wrote:
> ...
> >> struct virtio_gpu_vbuffer;
> >> struct virtio_gpu_device;
> >> @@ -265,6 +271,7 @@ struct virtio_gpu_device {
> >> struct work_struct obj_free_work;
> >> spinlock_t obj_free_lock;
> >> struct list_head obj_free_list;
> >> + struct list_head obj_restore;
> >
> > I am not very familiar with the code but I am curious do we not a lock
> > to keep the list same?
>
> There should be a lock to protect list
[Kim, Dongwon] Ok, I will take a look and make a proper change there.
>
> ...
> >> void virtio_gpu_cleanup_object(struct virtio_gpu_object *bo)
> >> {
> >> struct virtio_gpu_device *vgdev =
> >> bo->base.base.dev->dev_private; @@ -84,6 +116,7 @@ void
> >> virtio_gpu_cleanup_object(struct virtio_gpu_object *bo)
> >> drm_gem_object_release(&bo->base.base);
> >> kfree(bo);
> >> }
> >> + virtio_gpu_object_del_restore_list(vgdev, bo);
> >
> > Is there a possibility to hitting use after free here ? I see
> > kfree(bo) before this.
>
> It's UAF bug here. Thanks for the review.
[Kim, Dongwon] Same here. I will take care of it. Thanks for looking into this.
>
> --
> Best regards,
> Dmitry
