lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f85bc3f9-c39e-e719-f94d-ac6924a27f84@amd.com>
Date: Mon, 14 Apr 2025 10:08:21 +0530
From: "Yadav, Arvind" <arvyadav@....com>
To: Dan Carpenter <dan.carpenter@...aro.org>,
 Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam@....com>
Cc: Alex Deucher <alexander.deucher@....com>,
 Christian König <christian.koenig@....com>,
 David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
 Arvind Yadav <Arvind.Yadav@....com>,
 Shashank Sharma <shashank.sharma@....com>, amd-gfx@...ts.freedesktop.org,
 dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 1/2] drm/amdgpu: Fix double free in
 amdgpu_userq_fence_driver_alloc()

Reviewed-by:Reviewed-by:Arvind Yadav <arvind.yadav@....com>

On 4/12/2025 8:09 PM, Dan Carpenter wrote:
> The goto frees "fence_drv" so this is a double free bug.  There is no
> need to call amdgpu_seq64_free(adev, fence_drv->va) since the seq64
> allocation failed so change the goto to goto free_fence_drv.  Also
> propagate the error code from amdgpu_seq64_alloc() instead of hard coding
> it to -ENOMEM.
>
> Fixes: e7cf21fbb277 ("drm/amdgpu: Few optimization and fixes for userq fence driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
> ---
> v2: No change.
>
>   drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 7 ++-----
>   1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> index a4953d668972..b012fece91e8 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> @@ -84,11 +84,8 @@ int amdgpu_userq_fence_driver_alloc(struct amdgpu_device *adev,
>   	/* Acquire seq64 memory */
>   	r = amdgpu_seq64_alloc(adev, &fence_drv->va, &fence_drv->gpu_addr,
>   			       &fence_drv->cpu_addr);
> -	if (r) {
> -		kfree(fence_drv);
> -		r = -ENOMEM;
> -		goto free_seq64;
> -	}
> +	if (r)
> +		goto free_fence_drv;
>   
>   	memset(fence_drv->cpu_addr, 0, sizeof(u64));
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ