[PATCH libdrm 1/3] amdgpu: Don't dereference device_handle after amdgpu_device_deinitialize

ckoenig.leichtzumerken@xxxxxxxxx (Christian König) · Wed, 17 Jan 2018 13:10:38 +0100

Am 17.01.2018 um 12:24 schrieb Michel DÃ¤nzer:
> From: Michel DÃ¤nzer <michel.daenzer at amd.com>
>
> Fixes use after free:
>
> ==2537== Invalid read of size 4
> ==2537==    at 0x1162C9: suite_deadlock_tests_enable (deadlock_tests.c:101)
> ==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
> ==2537==    by 0x10B157: main (amdgpu_test.c:560)
> ==2537==  Address 0x5e44f24 is 452 bytes inside a block of size 1,016 free'd
> ==2537==    at 0x4C2BE1B: free (vg_replace_malloc.c:530)
> ==2537==    by 0x504CD8B: amdgpu_device_reference (amdgpu_device.c:164)
> ==2537==    by 0x504CD8B: amdgpu_device_deinitialize (amdgpu_device.c:307)
> ==2537==    by 0x1162BB: suite_deadlock_tests_enable (deadlock_tests.c:97)
> ==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
> ==2537==    by 0x10B157: main (amdgpu_test.c:560)
> ==2537==  Block was alloc'd at
> ==2537==    at 0x4C2CC05: calloc (vg_replace_malloc.c:711)
> ==2537==    by 0x504CA5E: amdgpu_device_initialize (amdgpu_device.c:212)
> ==2537==    by 0x116298: suite_deadlock_tests_enable (deadlock_tests.c:93)
> ==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
> ==2537==    by 0x10B157: main (amdgpu_test.c:560)
>
> Signed-off-by: Michel DÃ¤nzer <michel.daenzer at amd.com>

Reviewed-by: Christian KÃ¶nig <christian.koenig at amd.com> for this one.

And Acked-by: Christian KÃ¶nig <christian.koenig at amd.com> for the other 
two in the series.

Regards,
Christian.

> ---
>   tests/amdgpu/deadlock_tests.c | 13 +++++++------
>   1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/tests/amdgpu/deadlock_tests.c b/tests/amdgpu/deadlock_tests.c
> index 84f4debe..cd34cdf6 100644
> --- a/tests/amdgpu/deadlock_tests.c
> +++ b/tests/amdgpu/deadlock_tests.c
> @@ -90,20 +90,21 @@ static void amdgpu_deadlock_compute(void);
>   
>   CU_BOOL suite_deadlock_tests_enable(void)
>   {
> +	CU_BOOL enable = CU_TRUE;
> +
>   	if (amdgpu_device_initialize(drm_amdgpu[0], &major_version,
>   					     &minor_version, &device_handle))
>   		return CU_FALSE;
>   
> -	if (amdgpu_device_deinitialize(device_handle))
> -		return CU_FALSE;
> -
> -
>   	if (device_handle->info.family_id == AMDGPU_FAMILY_AI) {
>   		printf("\n\nCurrently hangs the CP on this ASIC, deadlock suite disabled\n");
> -		return CU_FALSE;
> +		enable = CU_FALSE;
>   	}
>   
> -	return CU_TRUE;
> +	if (amdgpu_device_deinitialize(device_handle))
> +		return CU_FALSE;
> +
> +	return enable;
>   }
>   
>   int suite_deadlock_tests_init(void)