]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7748ce5) | patch
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
authorAlex Deucher <alexander.deucher@amd.com>
Fri, 28 Jul 2023 15:14:05 +0000 (11:14 -0400)
committerAlex Deucher <alexander.deucher@amd.com>
Wed, 9 Aug 2023 13:39:40 +0000 (09:39 -0400)
commit73b0648179c51659bb5a7b063f2a3ccb6ea936ce
tree10e5233bdf4cbf171541cbca29c4f2e2587145fatree | snapshot
parent7748ce5b69581325cae40c2134088820f0957902commit | diff
drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()

Since the gang_size check is outside of chunk parsing
loop, we need to reset i before we free the chunk data.

Suggested by Ye Zhang (@VAR10CK) of Baidu Security.

Reviewed-by: Guchun Chen <guchun.chen@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.