On 2024-05-29 23:47, Jesse Zhang wrote:
When copying the information from the user fails, it will goto exit.
But the variable i remains at 0, and do i-- will overflow.
i-- may underflow, but the loop will still exit. Why is the underflow a
problem?
Signed-off-by: Jesse Zhang <[email protected]>
---
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
index fdf171ad4a3c..dac8fdc49e3b 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
@@ -2480,10 +2480,11 @@ static int criu_restore_bos(struct kfd_process *p,
ret = -EFAULT;
exit:
- while (ret && i--) {
+ while (ret && i) {
if (bo_buckets[i].alloc_flags
& (KFD_IOC_ALLOC_MEM_FLAGS_VRAM |
KFD_IOC_ALLOC_MEM_FLAGS_GTT))
close_fd(bo_buckets[i].dmabuf_fd);
+ i--;
This changes the value of i in the loop body. To get the same behaviour
you'd need to decrement i at the start of the loop body.
Regards,
Felix
}
kvfree(bo_buckets);
kvfree(bo_privs);
