drm/amdkfd: Fix potential deallocation of previously deallocated memory.

Pointer mqd_mem_obj can be deallocated in kfd_gtt_sa_allocate().
The function then returns non-zero value, which causes the second deallocation.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: d1f8f0d17d40 ("drm/amdkfd: Move non-sdma mqd allocation out of init_mqd")
Signed-off-by: Daniil Dulov <d.dulov@aladdin.ru>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
index fdbfd725841ffe60889f620c36b2f8c63fff10ab..51b53110341bb75eb399f95b99bafa95c47edd7a 100644 (file)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c
@@ -115,18 +115,19 @@ static struct kfd_mem_obj *allocate_mqd(struct kfd_dev *kfd,
                        &(mqd_mem_obj->gtt_mem),
                        &(mqd_mem_obj->gpu_addr),
                        (void *)&(mqd_mem_obj->cpu_ptr), true);
+
+               if (retval) {
+                       kfree(mqd_mem_obj);
+                       return NULL;
+               }
        } else {
                retval = kfd_gtt_sa_allocate(kfd, sizeof(struct v9_mqd),
                                &mqd_mem_obj);
-       }
-
-       if (retval) {
-               kfree(mqd_mem_obj);
-               return NULL;
+               if (retval)
+                       return NULL;
        }
 
        return mqd_mem_obj;
-
 }
 
 static void init_mqd(struct mqd_manager *mm, void **mqd,