[PATCH next] drm/amdgpu: Fix double free in amdgpu_userq_fence_driver_alloc()
Yadav, Arvind
arvyadav at amd.com
Thu Apr 10 16:59:31 UTC 2025
Please change this also instead of 'goto free_fence_drv' just return err.
fence_drv = kzalloc(sizeof(*fence_drv), GFP_KERNEL);
if (!fence_drv) {
DRM_ERROR("Failed to allocate memory for fence driver\n");
r = -ENOMEM;
goto free_fence_drv; // this should be replace by return.
}
~arvind
On 4/10/2025 9:54 PM, Dan Carpenter wrote:
> The goto frees "fence_drv" so this is a double free bug. There is no
> need to call amdgpu_seq64_free(adev, fence_drv->va) since the seq64
> allocation failed so change the goto to goto free_fence_drv. Also
> propagate the error code from amdgpu_seq64_alloc() instead of hard coding
> it to -ENOMEM.
>
> Fixes: e7cf21fbb277 ("drm/amdgpu: Few optimization and fixes for userq fence driver")
> Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
> ---
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> index a4953d668972..b012fece91e8 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> @@ -84,11 +84,8 @@ int amdgpu_userq_fence_driver_alloc(struct amdgpu_device *adev,
> /* Acquire seq64 memory */
> r = amdgpu_seq64_alloc(adev, &fence_drv->va, &fence_drv->gpu_addr,
> &fence_drv->cpu_addr);
> - if (r) {
> - kfree(fence_drv);
> - r = -ENOMEM;
> - goto free_seq64;
> - }
> + if (r)
> + goto free_fence_drv;
>
> memset(fence_drv->cpu_addr, 0, sizeof(u64));
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20250410/bff36095/attachment-0001.htm>
More information about the dri-devel
mailing list