nv-tegra-mirror/linux-nv-oot
1
0
Fork 0
mirror of git://nv-tegra.nvidia.com/linux-nv-oot.git synced 2025-12-22 17:25:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

video: tegra: nvmap: Fix INT32-C overflow defects

Browse Source 
-dupes variable is decremented within the while loop after each call to nvmap_handle_put(ref->handle).

-This prevents an infinite loop scenario where dupes remains greater than 0.

JIRA: TMM-5724
Bug 4479044

Change-Id: Ideea8e05be4d175c5e78895eb5d76fed4b655968
Signed-off-by: Surbhi Singh <surbhis@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3258081
Reviewed-by: Ketan Patil <ketanp@nvidia.com>
Reviewed-by: Pritesh Raithatha <praithatha@nvidia.com>
GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com>
This commit is contained in:
Surbhi Singh
2024-11-27 09:19:18 +00:00
committed by Jon Hunter
parent ba177f2f7d
commit 1993b57947
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/video/tegra/nvmap/nvmap_dev.c
View File

@@ -276,11 +276,11 @@ static void destroy_client(struct nvmap_client *client)
dma_buf_put(ref->handle->dmabuf); dma_buf_put(ref->handle->dmabuf);
rb_erase(&ref->node, &client->handle_refs); rb_erase(&ref->node, &client->handle_refs);
atomic_dec(&ref->handle->share_count); atomic_dec(&ref->handle->share_count);
dupes = atomic_read(&ref->dupes); dupes = atomic_read(&ref->dupes);
while (dupes--) while (dupes > 0) {
nvmap_handle_put(ref->handle); nvmap_handle_put(ref->handle);
dupes--;
}
kfree(ref); kfree(ref);
} }