Skip to content

Commit

Permalink
dma-buf: Fix NULL pointer dereference in sanitycheck()
Browse files Browse the repository at this point in the history
If due to a memory allocation failure mock_chain() returns NULL, it is
passed to dma_fence_enable_sw_signaling() resulting in NULL pointer
dereference there.

Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: d62c43a ("dma-buf: Enable signaling on fence for selftests")
Signed-off-by: Pavel Sakharov <[email protected]>
Reviewed-by: Christian König <[email protected]>
Signed-off-by: Christian König <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Pave154 authored and ChristianKoenigAMD committed Mar 20, 2024
1 parent 9cbd1da commit 2295bd8
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions drivers/dma-buf/st-dma-fence-chain.c
Original file line number Diff line number Diff line change
@@ -84,11 +84,11 @@ static int sanitycheck(void *arg)
return -ENOMEM;

chain = mock_chain(NULL, f, 1);
if (!chain)
if (chain)
dma_fence_enable_sw_signaling(chain);
else
err = -ENOMEM;

dma_fence_enable_sw_signaling(chain);

dma_fence_signal(f);
dma_fence_put(f);

0 comments on commit 2295bd8

Please sign in to comment.