[PATCH 2/2] dma-buf: handle empty dma_fence_arrays gracefully

Daniel Vetter daniel at ffwll.ch
Tue Mar 29 08:48:10 UTC 2022


On Tue, Mar 29, 2022 at 09:00:01AM +0200, Christian König wrote:
> A bug inside the new sync-file merge code created empty dma_fence_array instances.
> 
> Warn about that and handle those without crashing.
> 
> Signed-off-by: Christian König <christian.koenig at amd.com>

> ---
>  drivers/dma-buf/dma-fence-array.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/dma-buf/dma-fence-array.c b/drivers/dma-buf/dma-fence-array.c
> index 52b85d292383..5c8a7084577b 100644
> --- a/drivers/dma-buf/dma-fence-array.c
> +++ b/drivers/dma-buf/dma-fence-array.c
> @@ -159,6 +159,8 @@ struct dma_fence_array *dma_fence_array_create(int num_fences,
>  	struct dma_fence_array *array;
>  	size_t size = sizeof(*array);
>  
> +	WARN_ON(!num_fences || !fences);

WARN_ON and then dying randomly is kinda not nice, I'd wrap this in an

if (WARN_ON)
	return NULL;

with that: Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>

> +
>  	/* Allocate the callback structures behind the array. */
>  	size += num_fences * sizeof(struct dma_fence_array_cb);
>  	array = kzalloc(size, GFP_KERNEL);
> @@ -231,6 +233,9 @@ struct dma_fence *dma_fence_array_first(struct dma_fence *head)
>  	if (!array)
>  		return head;
>  
> +	if (!array->num_fences)
> +		return NULL;
> +
>  	return array->fences[0];
>  }
>  EXPORT_SYMBOL(dma_fence_array_first);
> -- 
> 2.25.1
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch


More information about the dri-devel mailing list