| Message ID | 20220316195034.3821108-1-bob.beckett@collabora.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/ttm: fix uninit ptr deref in range manager alloc error path | expand |
Am 16.03.22 um 20:50 schrieb Robert Beckett: > ttm_range_man_alloc would try to ttm_resource_fini the res pointer > before it is allocated. > > Fixes: de3688e469b0 (drm/ttm: add ttm_resource_fini v2) > > Signed-off-by: Robert Beckett <bob.beckett@collabora.com> Reviewed-by: Christian König <christian.koenig@amd.com> Good catch, going to push that to drm-misc-fixes. > --- > drivers/gpu/drm/ttm/ttm_range_manager.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/ttm/ttm_range_manager.c b/drivers/gpu/drm/ttm/ttm_range_manager.c > index 5662627bb933..1b4d8ca52f68 100644 > --- a/drivers/gpu/drm/ttm/ttm_range_manager.c > +++ b/drivers/gpu/drm/ttm/ttm_range_manager.c > @@ -89,7 +89,7 @@ static int ttm_range_man_alloc(struct ttm_resource_manager *man, > spin_unlock(&rman->lock); > > if (unlikely(ret)) { > - ttm_resource_fini(man, *res); > + ttm_resource_fini(man, &node->base); > kfree(node); > return ret; > }
diff --git a/drivers/gpu/drm/ttm/ttm_range_manager.c b/drivers/gpu/drm/ttm/ttm_range_manager.c index 5662627bb933..1b4d8ca52f68 100644 --- a/drivers/gpu/drm/ttm/ttm_range_manager.c +++ b/drivers/gpu/drm/ttm/ttm_range_manager.c @@ -89,7 +89,7 @@ static int ttm_range_man_alloc(struct ttm_resource_manager *man, spin_unlock(&rman->lock); if (unlikely(ret)) { - ttm_resource_fini(man, *res); + ttm_resource_fini(man, &node->base); kfree(node); return ret; }
ttm_range_man_alloc would try to ttm_resource_fini the res pointer before it is allocated. Fixes: de3688e469b0 (drm/ttm: add ttm_resource_fini v2) Signed-off-by: Robert Beckett <bob.beckett@collabora.com> --- drivers/gpu/drm/ttm/ttm_range_manager.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)