[PATCH] drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
Christian König
ckoenig.leichtzumerken at gmail.com
Thu Aug 3 09:59:20 UTC 2023
Am 31.07.23 um 03:41 schrieb Chen, Guchun:
> [Public]
>
>> -----Original Message-----
>> From: amd-gfx <amd-gfx-bounces at lists.freedesktop.org> On Behalf Of Alex
>> Deucher
>> Sent: Friday, July 28, 2023 11:23 PM
>> To: amd-gfx at lists.freedesktop.org
>> Cc: Deucher, Alexander <Alexander.Deucher at amd.com>
>> Subject: [PATCH] drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
>>
>> Since the gang_size check is outside of chunk parsing loop, we need to reset i
>> before we free the chunk data.
>>
>> Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
> Reviewed-by: Guchun Chen <guchun.chen at amd.com>
Might have already been landed, but the patch is Reviewed-by: Christian
König <christian.koenig at amd.com>
Regards,
Christian.
>
> Regards,
> Guchun
>
>> ---
>> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> index 040f4cb6ab2d0..fb78a8f475879 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> @@ -295,7 +295,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser
>> *p,
>>
>> if (!p->gang_size) {
>> ret = -EINVAL;
>> - goto free_partial_kdata;
>> + goto free_all_kdata;
>> }
>>
>> for (i = 0; i < p->gang_size; ++i) {
>> --
>> 2.41.0
More information about the amd-gfx
mailing list