drm/amdgpu: Fix potential double free and null pointer dereference

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

In amdgpu_get_xgmi_hive(), we should not call kfree() after
kobject_put() as the PUT will call kfree().

In amdgpu_device_ip_init(), we need to check the returned *hive*
which can be NULL before we dereference it.

Signed-off-by: Liang He <windhl@126.com>
Reviewed-by: Luben Tuikov <luben.tuikov@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>

authored by

Liang He and committed by

Alex Deucher 3 years ago dfd0287b 2c83e3fd

+5 -2

2 changed files

expand all

drivers

gpu

drm

amd

amdgpu

amdgpu_device.c

amdgpu_xgmi.c

drivers/gpu/drm/amd/amdgpu/amdgpu_device.c

··· 2473 2473 if (!amdgpu_sriov_vf(adev)) { 2474 2474 struct amdgpu_hive_info *hive = amdgpu_get_xgmi_hive(adev); 2475 2475 2476 + if (WARN_ON(!hive)) { 2477 + r = -ENOENT; 2478 + goto init_failed; 2479 + } 2480 + 2476 2481 if (!hive->reset_domain || 2477 2482 !amdgpu_reset_get_reset_domain(hive->reset_domain)) { 2478 2483 r = -ENOENT;

-2

drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c

··· 386 386 if (ret) { 387 387 dev_err(adev->dev, "XGMI: failed initializing kobject for xgmi hive\n"); 388 388 kobject_put(&hive->kobj); 389 - kfree(hive); 390 389 hive = NULL; 391 390 goto pro_end; 392 391 } ··· 409 410 dev_err(adev->dev, "XGMI: failed initializing reset domain for xgmi hive\n"); 410 411 ret = -ENOMEM; 411 412 kobject_put(&hive->kobj); 412 - kfree(hive); 413 413 hive = NULL; 414 414 goto pro_end; 415 415 }