[Intel-gfx] [PATCH] drm/i915/uc: Fix double free bug
Ceraolo Spurio, Daniele
daniele.ceraolospurio at intel.com
Tue Nov 29 16:11:51 UTC 2022
On 11/29/2022 1:45 AM, Dan Carpenter wrote:
> The "fw" pointer is freed again in the clean up code at the end of the
> function. Set it to NULL here to prevent a double free.
>
> Fixes: 016241168dc5 ("drm/i915/uc: use different ggtt pin offsets for uc loads")
> Signed-off-by: Dan Carpenter <error27 at gmail.com>
This should be an impossible error in normal behavior (the fallback code
should select a new valid FW file before we get to the cleanup), but a
user can shot themselves in the foot if they override the firmware path
to an invalid file, because that disables the fallback, so:
Reviewed-by: Daniele Ceraolo Spurio <daniele.ceraolospurio at intel.com>
Daniele
> ---
> drivers/gpu/drm/i915/gt/uc/intel_uc_fw.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.c b/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.c
> index 0c80ba51a4bd..8aa9bcae8e72 100644
> --- a/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.c
> +++ b/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.c
> @@ -585,6 +585,7 @@ int intel_uc_fw_fetch(struct intel_uc_fw *uc_fw)
>
> /* try to find another blob to load */
> release_firmware(fw);
> + fw = NULL;
> err = -ENOENT;
> }
>
More information about the Intel-gfx
mailing list