| Message ID | 20240319231527.1821372-1-p.sakharov@ispras.ru (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | dma-buf: Fix NULL pointer dereference in sanitycheck() | expand |
Am 20.03.24 um 00:15 schrieb Pavel Sakharov: > If due to a memory allocation failure mock_chain() returns NULL, it is > passed to dma_fence_enable_sw_signaling() resulting in NULL pointer > dereference there. > > Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: d62c43a953ce ("dma-buf: Enable signaling on fence for selftests") > Signed-off-by: Pavel Sakharov <p.sakharov@ispras.ru> Reviewed-by: Christian König <christian.koenig@amd.com> Going to push it to drm-misc-fixes in a minute. Thanks, Christian. > > --- > drivers/dma-buf/st-dma-fence-chain.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/dma-buf/st-dma-fence-chain.c b/drivers/dma-buf/st-dma-fence-chain.c > index 9c2a0c082a76..ed4b323886e4 100644 > --- a/drivers/dma-buf/st-dma-fence-chain.c > +++ b/drivers/dma-buf/st-dma-fence-chain.c > @@ -84,11 +84,11 @@ static int sanitycheck(void *arg) > return -ENOMEM; > > chain = mock_chain(NULL, f, 1); > - if (!chain) > + if (chain) > + dma_fence_enable_sw_signaling(chain); > + else > err = -ENOMEM; > > - dma_fence_enable_sw_signaling(chain); > - > dma_fence_signal(f); > dma_fence_put(f); > > -- > 2.44.0 > > _______________________________________________ > Linaro-mm-sig mailing list -- linaro-mm-sig@lists.linaro.org > To unsubscribe send an email to linaro-mm-sig-leave@lists.linaro.org
diff --git a/drivers/dma-buf/st-dma-fence-chain.c b/drivers/dma-buf/st-dma-fence-chain.c index 9c2a0c082a76..ed4b323886e4 100644 --- a/drivers/dma-buf/st-dma-fence-chain.c +++ b/drivers/dma-buf/st-dma-fence-chain.c @@ -84,11 +84,11 @@ static int sanitycheck(void *arg) return -ENOMEM; chain = mock_chain(NULL, f, 1); - if (!chain) + if (chain) + dma_fence_enable_sw_signaling(chain); + else err = -ENOMEM; - dma_fence_enable_sw_signaling(chain); - dma_fence_signal(f); dma_fence_put(f);
If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there. Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: d62c43a953ce ("dma-buf: Enable signaling on fence for selftests") Signed-off-by: Pavel Sakharov <p.sakharov@ispras.ru> --- drivers/dma-buf/st-dma-fence-chain.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.44.0