[PATCH] drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
Chen, Guchun
Guchun.Chen at amd.com
Mon Jul 31 01:41:38 UTC 2023
[Public]
> -----Original Message-----
> From: amd-gfx <amd-gfx-bounces at lists.freedesktop.org> On Behalf Of Alex
> Deucher
> Sent: Friday, July 28, 2023 11:23 PM
> To: amd-gfx at lists.freedesktop.org
> Cc: Deucher, Alexander <Alexander.Deucher at amd.com>
> Subject: [PATCH] drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
>
> Since the gang_size check is outside of chunk parsing loop, we need to reset i
> before we free the chunk data.
>
> Signed-off-by: Alex Deucher <alexander.deucher at amd.com>
Reviewed-by: Guchun Chen <guchun.chen at amd.com>
Regards,
Guchun
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index 040f4cb6ab2d0..fb78a8f475879 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -295,7 +295,7 @@ static int amdgpu_cs_pass1(struct amdgpu_cs_parser
> *p,
>
> if (!p->gang_size) {
> ret = -EINVAL;
> - goto free_partial_kdata;
> + goto free_all_kdata;
> }
>
> for (i = 0; i < p->gang_size; ++i) {
> --
> 2.41.0
More information about the amd-gfx
mailing list