[PATCH next] drm/amdgpu: Fix double free in amdgpu_userq_fence_driver_alloc()

From: Dan Carpenter
Date: Thu Apr 10 2025 - 12:25:36 EST

Next message: Dan Carpenter: "[PATCH] drm/display: dp: delete some dead code"
Previous message: Josh Poimboeuf: "Re: [PATCH v4 04/36] x86/bugs: Restructure rfds mitigation"
Next in thread: Dan Carpenter: "Re: [PATCH next] drm/amdgpu: Fix double free in amdgpu_userq_fence_driver_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The goto frees "fence_drv" so this is a double free bug. There is no
need to call amdgpu_seq64_free(adev, fence_drv->va) since the seq64
allocation failed so change the goto to goto free_fence_drv. Also
propagate the error code from amdgpu_seq64_alloc() instead of hard coding
it to -ENOMEM.

Fixes: e7cf21fbb277 ("drm/amdgpu: Few optimization and fixes for userq fence driver")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
---
drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
index a4953d668972..b012fece91e8 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
@@ -84,11 +84,8 @@ int amdgpu_userq_fence_driver_alloc(struct amdgpu_device *adev,
/* Acquire seq64 memory */
r = amdgpu_seq64_alloc(adev, &fence_drv->va, &fence_drv->gpu_addr,
&fence_drv->cpu_addr);
- if (r) {
- kfree(fence_drv);
- r = -ENOMEM;
- goto free_seq64;
- }
+ if (r)
+ goto free_fence_drv;

memset(fence_drv->cpu_addr, 0, sizeof(u64));

--
2.47.2

Next message: Dan Carpenter: "[PATCH] drm/display: dp: delete some dead code"
Previous message: Josh Poimboeuf: "Re: [PATCH v4 04/36] x86/bugs: Restructure rfds mitigation"
Next in thread: Dan Carpenter: "Re: [PATCH next] drm/amdgpu: Fix double free in amdgpu_userq_fence_driver_alloc()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]