diff options
author | Suzanne Candanedo <suzanne.candanedo@arm.com> | 2022-10-06 11:36:58 +0100 |
---|---|---|
committer | Jesse Hall <jessehall@google.com> | 2022-10-06 16:02:14 -0700 |
commit | bc304db0cec36bcd040f0c265845c7bf6151245c (patch) | |
tree | 84313230baf4b4215c77803f35b580e44511b9ca | |
parent | 2a266f07e9903e9d1d3959e49dbb8e8aea820070 (diff) | |
download | gpu-bc304db0cec36bcd040f0c265845c7bf6151245c.tar.gz |
mali_kbase: MIDCET-4220 Patch for GPUSWERRATA-1350
This patch is a fix for:
- SW Errata: 2619157
- CVE: CVE-2022-28350
It fixes UAF issue with enqueue of
FENCE_SIGNAL kcpu command.
Bug: 251397485
Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4605/1
Signed-off-by: Jesse Hall <jessehall@google.com>
Change-Id: Ibf2e760dee56190759c5bee047071644798f1aaa
-rw-r--r-- | mali_kbase/csf/mali_kbase_csf_kcpu.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/mali_kbase/csf/mali_kbase_csf_kcpu.c b/mali_kbase/csf/mali_kbase_csf_kcpu.c index 4acd333..2991060 100644 --- a/mali_kbase/csf/mali_kbase_csf_kcpu.c +++ b/mali_kbase/csf/mali_kbase_csf_kcpu.c @@ -1412,8 +1412,6 @@ static int kbase_kcpu_fence_signal_prepare( goto fd_flags_fail; } - fd_install(fd, sync_file->file); - fence.basep.fd = fd; current_command->type = BASE_KCPU_COMMAND_TYPE_FENCE_SIGNAL; @@ -1425,6 +1423,11 @@ static int kbase_kcpu_fence_signal_prepare( goto fd_flags_fail; } + /* 'sync_file' pointer can't be safely dereferenced once 'fd' is + * installed, so the install step needs to be done at the last + * before returning success. + */ + fd_install(fd, sync_file->file); return 0; fd_flags_fail: |