mali_kbase: MIDCET-4220 Patch for GPUSWERRATA-1350

This patch is a fix for: - SW Errata: 2619157 - CVE: CVE-2022-28350 It fixes UAF issue with enqueue of FENCE_SIGNAL kcpu command. Bug: 251397485 Provenance: https://code.ipdelivery.arm.com/c/GPU/mali-ddk/+/4605/1 Signed-off-by: Jesse Hall <jessehall@google.com> Change-Id: Ibf2e760dee56190759c5bee047071644798f1aaa
author: Suzanne Candanedo <suzanne.candanedo@arm.com> 2022-10-06 11:36:58 +0100
committer: Jesse Hall <jessehall@google.com> 2022-10-06 16:02:14 -0700
commit: bc304db0cec36bcd040f0c265845c7bf6151245c (patch)
tree: 84313230baf4b4215c77803f35b580e44511b9ca
parent: 2a266f07e9903e9d1d3959e49dbb8e8aea820070 (diff)
download: gpu-bc304db0cec36bcd040f0c265845c7bf6151245c.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/mali_kbase/csf/mali_kbase_csf_kcpu.c b/mali_kbase/csf/mali_kbase_csf_kcpu.c
index 4acd333..2991060 100644
--- a/mali_kbase/csf/mali_kbase_csf_kcpu.c
+++ b/mali_kbase/csf/mali_kbase_csf_kcpu.c
@@ -1412,8 +1412,6 @@ static int kbase_kcpu_fence_signal_prepare(
 		goto fd_flags_fail;
 	}
 
-	fd_install(fd, sync_file->file);
-
 	fence.basep.fd = fd;
 
 	current_command->type = BASE_KCPU_COMMAND_TYPE_FENCE_SIGNAL;
@@ -1425,6 +1423,11 @@ static int kbase_kcpu_fence_signal_prepare(
 		goto fd_flags_fail;
 	}
 
+	/* 'sync_file' pointer can't be safely dereferenced once 'fd' is
+	 * installed, so the install step needs to be done at the last
+	 * before returning success.
+	 */
+	fd_install(fd, sync_file->file);
 	return 0;
 
 fd_flags_fail:
author	Suzanne Candanedo <suzanne.candanedo@arm.com>	2022-10-06 11:36:58 +0100
committer	Jesse Hall <jessehall@google.com>	2022-10-06 16:02:14 -0700
commit	bc304db0cec36bcd040f0c265845c7bf6151245c (patch)
tree	84313230baf4b4215c77803f35b580e44511b9ca
parent	2a266f07e9903e9d1d3959e49dbb8e8aea820070 (diff)
download	gpu-bc304db0cec36bcd040f0c265845c7bf6151245c.tar.gz