From: Michel Dänzer <michel.daenzer@amd.com>
Date: Tue, 16 Jan 2018 15:55:53 +0000 (+0100)
Subject: amdgpu: Don't dereference device_handle after amdgpu_device_deinitialize
X-Git-Tag: libdrm-2.4.90~54
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6fe93b8000757e77c3d94f8d8f1b7a22f928de73;p=platform%2Fupstream%2Flibdrm.git

amdgpu: Don't dereference device_handle after amdgpu_device_deinitialize

Fixes use after free:

==2537== Invalid read of size 4
==2537==    at 0x1162C9: suite_deadlock_tests_enable (deadlock_tests.c:101)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)
==2537==  Address 0x5e44f24 is 452 bytes inside a block of size 1,016 free'd
==2537==    at 0x4C2BE1B: free (vg_replace_malloc.c:530)
==2537==    by 0x504CD8B: amdgpu_device_reference (amdgpu_device.c:164)
==2537==    by 0x504CD8B: amdgpu_device_deinitialize (amdgpu_device.c:307)
==2537==    by 0x1162BB: suite_deadlock_tests_enable (deadlock_tests.c:97)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)
==2537==  Block was alloc'd at
==2537==    at 0x4C2CC05: calloc (vg_replace_malloc.c:711)
==2537==    by 0x504CA5E: amdgpu_device_initialize (amdgpu_device.c:212)
==2537==    by 0x116298: suite_deadlock_tests_enable (deadlock_tests.c:93)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)

Reviewed-by: Christian König <christian.koenig@amd.com>
---

diff --git a/tests/amdgpu/deadlock_tests.c b/tests/amdgpu/deadlock_tests.c
index 84f4debe..cd34cdf6 100644
--- a/tests/amdgpu/deadlock_tests.c
+++ b/tests/amdgpu/deadlock_tests.c
@@ -90,20 +90,21 @@ static void amdgpu_deadlock_compute(void);
 
 CU_BOOL suite_deadlock_tests_enable(void)
 {
+	CU_BOOL enable = CU_TRUE;
+
 	if (amdgpu_device_initialize(drm_amdgpu[0], &major_version,
 					     &minor_version, &device_handle))
 		return CU_FALSE;
 
-	if (amdgpu_device_deinitialize(device_handle))
-		return CU_FALSE;
-
-
 	if (device_handle->info.family_id == AMDGPU_FAMILY_AI) {
 		printf("\n\nCurrently hangs the CP on this ASIC, deadlock suite disabled\n");
-		return CU_FALSE;
+		enable = CU_FALSE;
 	}
 
-	return CU_TRUE;
+	if (amdgpu_device_deinitialize(device_handle))
+		return CU_FALSE;
+
+	return enable;
 }
 
 int suite_deadlock_tests_init(void)