projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cfa1e7f) | patch
drm/amdgpu: Fix use-after-free in amdgpu_cs_ioctl
authorYuBiao Wang <YuBiao.Wang@amd.com>
Wed, 24 Aug 2022 07:56:04 +0000 (15:56 +0800)
committerAlex Deucher <alexander.deucher@amd.com>
Mon, 29 Aug 2022 21:45:36 +0000 (17:45 -0400)
commit2581c5d85e31c96dee352a751dbce17c1b71b417
tree6e86aee26b1cc3090e18173586ed372b2cb2b560tree | snapshot
parentcfa1e7f8a75927e55cce1300c8fbda2e1d1e0abecommit | diff
drm/amdgpu: Fix use-after-free in amdgpu_cs_ioctl

[Why]
In amdgpu_cs_ioctl, amdgpu_job_free could be performed ealier if there
is -ERESTARTSYS error. In this case, job->hw_fence could be not
initialized yet. Putting hw_fence during amdgpu_job_free could lead to a
use-after-free warning.

[How]
Check if drm_sched_job_init is performed before job_free by checking
s_fence.

v2: Check hw_fence.ops instead since it could be NULL if fence is not
initialized. Reverse the condition since !=NULL check is discouraged in
kernel.

Signed-off-by: YuBiao Wang <YuBiao.Wang@amd.com>
Reviewed-by: Andrey Grodzovsky <andrey.grodzovsky@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drivers/gpu/drm/amd/amdgpu/amdgpu_job.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)