[PATCH AUTOSEL 4.14 9/9] drm/amdgpu: Fix potential fence use-after-free v2
Sasha Levin
sashal at kernel.org
Mon Jul 24 01:35:51 UTC 2023
From: shanzhulig <shanzhulig at gmail.com>
[ Upstream commit 2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 ]
fence Decrements the reference count before exiting.
Avoid Race Vulnerabilities for fence use-after-free.
v2 (chk): actually fix the use after free and not just move it.
Signed-off-by: shanzhulig <shanzhulig at gmail.com>
Signed-off-by: Christian König <christian.koenig at amd.com>
Reviewed-by: Alex Deucher <alexander.deucher at amd.com>
Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
Signed-off-by: Sasha Levin <sashal at kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index 8a8b65b1b5a9a..7bad519aaae08 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -1343,6 +1343,9 @@ static int amdgpu_cs_wait_all_fences(struct amdgpu_device *adev,
continue;
r = dma_fence_wait_timeout(fence, true, timeout);
+ if (r > 0 && fence->error)
+ r = fence->error;
+
dma_fence_put(fence);
if (r < 0)
return r;
--
2.39.2
More information about the dri-devel
mailing list