Patch "dma-buf: Fix NULL pointer dereference in sanitycheck()" has been added to the 6.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    dma-buf: Fix NULL pointer dereference in sanitycheck()

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     dma-buf-fix-null-pointer-dereference-in-sanitycheck.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 7b1e2551ddaab8cff0996c5150877afa866f9f50
Author: Pavel Sakharov <p.sakharov@xxxxxxxxx>
Date:   Wed Mar 20 04:15:23 2024 +0500

    dma-buf: Fix NULL pointer dereference in sanitycheck()
    
    [ Upstream commit 2295bd846765c766701e666ed2e4b35396be25e6 ]
    
    If due to a memory allocation failure mock_chain() returns NULL, it is
    passed to dma_fence_enable_sw_signaling() resulting in NULL pointer
    dereference there.
    
    Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds.
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    Fixes: d62c43a953ce ("dma-buf: Enable signaling on fence for selftests")
    Signed-off-by: Pavel Sakharov <p.sakharov@xxxxxxxxx>
    Reviewed-by: Christian König <christian.koenig@xxxxxxx>
    Signed-off-by: Christian König <christian.koenig@xxxxxxx>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240319231527.1821372-1-p.sakharov@xxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/dma-buf/st-dma-fence-chain.c b/drivers/dma-buf/st-dma-fence-chain.c
index 9c2a0c082a768..ed4b323886e43 100644
--- a/drivers/dma-buf/st-dma-fence-chain.c
+++ b/drivers/dma-buf/st-dma-fence-chain.c
@@ -84,11 +84,11 @@ static int sanitycheck(void *arg)
 		return -ENOMEM;
 
 	chain = mock_chain(NULL, f, 1);
-	if (!chain)
+	if (chain)
+		dma_fence_enable_sw_signaling(chain);
+	else
 		err = -ENOMEM;
 
-	dma_fence_enable_sw_signaling(chain);
-
 	dma_fence_signal(f);
 	dma_fence_put(f);
 




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux