lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 1 Oct 2022 05:41:10 +0800 From: Zhang Boyang <zhangboyang.id@...il.com> To: Andrey Grodzovsky <andrey.grodzovsky@....com>, Christian König <christian.koenig@....com>, linux-kernel@...r.kernel.org, amd-gfx@...ts.freedesktop.org Cc: "David C . Rankin" <drankinatty@...denlinkmail.com>, Steven J Abner <pheonix.sja@....net>, Zhang Boyang <zhangboyang.id@...il.com> Subject: [RFC PATCH 1/1] drm/amdgpu: Fix null-ptr-deref in amdgpu_device_fini_sw() After amdgpu_device_init() failed, adev->reset_domain may be NULL. Thus subsequent call to amdgpu_device_fini_sw() may result in null-ptr-deref. This patch fixes the problem by adding a NULL pointer check around the code of releasing adev->reset_domain in amdgpu_device_fini_sw(). Fixes: cfbb6b004744 ("drm/amdgpu: Rework reset domain to be refcounted.") Signed-off-by: Zhang Boyang <zhangboyang.id@...il.com> Link: https://lore.kernel.org/lkml/a8bce489-8ccc-aa95-3de6-f854e03ad557@suddenlinkmail.com/ Link: https://lore.kernel.org/lkml/AT9WHR.3Z1T3VI9A2AQ3@att.net/ --- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c index be7aff2d4a57..204daad06b32 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c @@ -4021,8 +4021,10 @@ void amdgpu_device_fini_sw(struct amdgpu_device *adev) if (adev->mman.discovery_bin) amdgpu_discovery_fini(adev); - amdgpu_reset_put_reset_domain(adev->reset_domain); - adev->reset_domain = NULL; + if (adev->reset_domain) { + amdgpu_reset_put_reset_domain(adev->reset_domain); + adev->reset_domain = NULL; + } kfree(adev->pci_state); -- 2.30.2
Powered by blists - more mailing lists