Linux 6.6.26

[thirdparty/kernel/stable-queue.git] / releases / 6.6.26 / dma-buf-fix-null-pointer-dereference-in-sanitycheck.patch

From 5926e9c05d611bdbc57686f05f37f0ba9591f831 Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Wed, 20 Mar 2024 04:15:23 +0500
Subject: dma-buf: Fix NULL pointer dereference in sanitycheck()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

From: Pavel Sakharov <p.sakharov@ispras.ru>

[ Upstream commit 2295bd846765c766701e666ed2e4b35396be25e6 ]

If due to a memory allocation failure mock_chain() returns NULL, it is
passed to dma_fence_enable_sw_signaling() resulting in NULL pointer
dereference there.

Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: d62c43a953ce ("dma-buf: Enable signaling on fence for selftests")
Signed-off-by: Pavel Sakharov <p.sakharov@ispras.ru>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240319231527.1821372-1-p.sakharov@ispras.ru
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/dma-buf/st-dma-fence-chain.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/dma-buf/st-dma-fence-chain.c b/drivers/dma-buf/st-dma-fence-chain.c
index c0979c8049b5a..661de4add4c72 100644
--- a/drivers/dma-buf/st-dma-fence-chain.c
+++ b/drivers/dma-buf/st-dma-fence-chain.c
@@ -84,11 +84,11 @@ static int sanitycheck(void *arg)
                return -ENOMEM;
 
        chain = mock_chain(NULL, f, 1);
-       if (!chain)
+       if (chain)
+               dma_fence_enable_sw_signaling(chain);
+       else
                err = -ENOMEM;
 
-       dma_fence_enable_sw_signaling(chain);
-
        dma_fence_signal(f);
        dma_fence_put(f);
 
-- 
2.43.0