diff mbox series

[v2,1/2] drm/amdgpu: Fix double free in amdgpu_userq_fence_driver_alloc()

Message ID d4583e103f65e850f886babcf1b290b0855ba04c.1744468610.git.dan.carpenter@linaro.org (mailing list archive)
State New
Headers show
Series drm/amdgpu: Fixes to amdgpu_userq_fence_driver_alloc() | expand

Commit Message

Dan Carpenter April 12, 2025, 2:39 p.m. UTC 
The goto frees "fence_drv" so this is a double free bug.  There is no
need to call amdgpu_seq64_free(adev, fence_drv->va) since the seq64
allocation failed so change the goto to goto free_fence_drv.  Also
propagate the error code from amdgpu_seq64_alloc() instead of hard coding
it to -ENOMEM.

Fixes: e7cf21fbb277 ("drm/amdgpu: Few optimization and fixes for userq fence driver")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
v2: No change.

 drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

Comments

Yadav, Arvind April 14, 2025, 4:38 a.m. UTC | #1 
Reviewed-by:Reviewed-by:Arvind Yadav <arvind.yadav@amd.com>

On 4/12/2025 8:09 PM, Dan Carpenter wrote:
> The goto frees "fence_drv" so this is a double free bug.  There is no
> need to call amdgpu_seq64_free(adev, fence_drv->va) since the seq64
> allocation failed so change the goto to goto free_fence_drv.  Also
> propagate the error code from amdgpu_seq64_alloc() instead of hard coding
> it to -ENOMEM.
>
> Fixes: e7cf21fbb277 ("drm/amdgpu: Few optimization and fixes for userq fence driver")
> Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
> ---
> v2: No change.
>
>   drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 7 ++-----
>   1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> index a4953d668972..b012fece91e8 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> @@ -84,11 +84,8 @@ int amdgpu_userq_fence_driver_alloc(struct amdgpu_device *adev,
>   	/* Acquire seq64 memory */
>   	r = amdgpu_seq64_alloc(adev, &fence_drv->va, &fence_drv->gpu_addr,
>   			       &fence_drv->cpu_addr);
> -	if (r) {
> -		kfree(fence_drv);
> -		r = -ENOMEM;
> -		goto free_seq64;
> -	}
> +	if (r)
> +		goto free_fence_drv;
>   
>   	memset(fence_drv->cpu_addr, 0, sizeof(u64));
>
diff mbox series

Patch

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
index a4953d668972..b012fece91e8 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
@@ -84,11 +84,8 @@  int amdgpu_userq_fence_driver_alloc(struct amdgpu_device *adev,
 	/* Acquire seq64 memory */
 	r = amdgpu_seq64_alloc(adev, &fence_drv->va, &fence_drv->gpu_addr,
 			       &fence_drv->cpu_addr);
-	if (r) {
-		kfree(fence_drv);
-		r = -ENOMEM;
-		goto free_seq64;
-	}
+	if (r)
+		goto free_fence_drv;
 
 	memset(fence_drv->cpu_addr, 0, sizeof(u64));