projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3a89f3b)
drm/amdgpu: Fix potential fence use-after-free v2
authorshanzhulig <shanzhulig@gmail.com>
Wed, 28 Jun 2023 01:10:47 +0000 (18:10 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 23 Aug 2023 15:52:25 +0000 (17:52 +0200)
[ Upstream commit 2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 ]

fence Decrements the reference count before exiting.
Avoid Race Vulnerabilities for fence use-after-free.

v2 (chk): actually fix the use after free and not just move it.

Signed-off-by: shanzhulig <shanzhulig@gmail.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c patch | blob | history

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index 6d3d01c..02a112d 100644 (file)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -1607,15 +1607,15 @@ static int amdgpu_cs_wait_all_fences(struct amdgpu_device *adev,
                        continue;
 
                r = dma_fence_wait_timeout(fence, true, timeout);
+               if (r > 0 && fence->error)
+                       r = fence->error;
+
                dma_fence_put(fence);
                if (r < 0)
                        return r;
 
                if (r == 0)
                        break;
-
-               if (fence->error)
-                       return fence->error;
        }
 
        memset(wait, 0, sizeof(*wait));
Domain: System / Kernel;