dma-buf: Fix NULL pointer dereference in sanitycheck()

[ Upstream commit 2295bd8467 ] If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there. Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: d62c43a953 ("dma-buf: Enable signaling on fence for selftests") Signed-off-by: Pavel Sakharov <p.sakharov@ispras.ru> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Christian König <christian.koenig@amd.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240319231527.1821372-1-p.sakharov@ispras.ru Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-06 13:16:22 +00:00 · 2024-03-20 04:15:23 +05:00 · 2024-03-20 04:15:23 +05:00 · 0336995512
commit 0336995512
parent 8333aae9bb
1 changed files with 3 additions and 3 deletions
--- a/drivers/dma-buf/st-dma-fence-chain.c
+++ b/drivers/dma-buf/st-dma-fence-chain.c
@ -84,11 +84,11 @@ static int sanitycheck(void *arg)
 		return -ENOMEM;

 	chain = mock_chain(NULL, f, 1);
-	if (!chain)
+	if (chain)
+		dma_fence_enable_sw_signaling(chain);
+	else
 		err = -ENOMEM;

-	dma_fence_enable_sw_signaling(chain);
-
 	dma_fence_signal(f);
 	dma_fence_put(f);