drm/amdgpu: fix potential double drop fence reference

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The object fence is not set to NULL after its reference is dropped. As a
result, its reference may be dropped again if error occurs after that,
which may lead to a use after free bug. To avoid the issue, fence is
explicitly set to NULL after dropping its reference.

Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Pan Bian and committed by

Alex Deucher 6 years ago 946ab8db f88e2d1f

1 changed file

expand all

drivers

gpu

drm

amd

amdgpu

amdgpu_test.c

drivers/gpu/drm/amd/amdgpu/amdgpu_test.c

··· 138 138 } 139 139 140 140 dma_fence_put(fence); 141 + fence = NULL; 141 142 142 143 r = amdgpu_bo_kmap(vram_obj, &vram_map); 143 144 if (r) { ··· 184 183 } 185 184 186 185 dma_fence_put(fence); 186 + fence = NULL; 187 187 188 188 r = amdgpu_bo_kmap(gtt_obj[i], &gtt_map); 189 189 if (r) {