Re: [PATCH] drm/ttm: fix uninit ptr deref in range manager alloc error path
From: Christian König
Date: Thu Mar 17 2022 - 03:10:10 EST
Am 16.03.22 um 20:50 schrieb Robert Beckett:
ttm_range_man_alloc would try to ttm_resource_fini the res pointer
before it is allocated.
Fixes: de3688e469b0 (drm/ttm: add ttm_resource_fini v2)
Signed-off-by: Robert Beckett <bob.beckett@xxxxxxxxxxxxx>
Reviewed-by: Christian König <christian.koenig@xxxxxxx>
Good catch, going to push that to drm-misc-fixes.
---
drivers/gpu/drm/ttm/ttm_range_manager.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/ttm/ttm_range_manager.c b/drivers/gpu/drm/ttm/ttm_range_manager.c
index 5662627bb933..1b4d8ca52f68 100644
--- a/drivers/gpu/drm/ttm/ttm_range_manager.c
+++ b/drivers/gpu/drm/ttm/ttm_range_manager.c
@@ -89,7 +89,7 @@ static int ttm_range_man_alloc(struct ttm_resource_manager *man,
spin_unlock(&rman->lock);
if (unlikely(ret)) {
- ttm_resource_fini(man, *res);
+ ttm_resource_fini(man, &node->base);
kfree(node);
return ret;
}