[PATCH] drm/i915/gt: Prevent error pointer dereference

Andi Shyti andi.shyti at kernel.org
Wed Sep 13 09:01:35 UTC 2023


Hi Dan,

On Wed, Sep 13, 2023 at 11:17:41AM +0300, Dan Carpenter wrote:
> Move the check for "if (IS_ERR(obj))" in front of the call to
> i915_gem_object_set_cache_coherency() which dereferences "obj".
> Otherwise it will lead to a crash.
> 
> Fixes: 43aa755eae2c ("drm/i915/mtl: Update cache coherency setting for context structure")
> Signed-off-by: Dan Carpenter <dan.carpenter at linaro.org>
> ---
>  drivers/gpu/drm/i915/gt/intel_lrc.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/gt/intel_lrc.c b/drivers/gpu/drm/i915/gt/intel_lrc.c
> index 957d0aeb0c02..c378cc7c953c 100644
> --- a/drivers/gpu/drm/i915/gt/intel_lrc.c
> +++ b/drivers/gpu/drm/i915/gt/intel_lrc.c
> @@ -1094,6 +1094,9 @@ __lrc_alloc_state(struct intel_context *ce, struct intel_engine_cs *engine)
>  					  I915_BO_ALLOC_PM_VOLATILE);
>  	if (IS_ERR(obj)) {
>  		obj = i915_gem_object_create_shmem(engine->i915, context_size);
> +		if (IS_ERR(obj))
> +			return ERR_CAST(obj);
> +

that's correct! When the workaround was added later it wasn't
checking whether obj had a valid value or not, leading to a
potential segfault.

Thanks for fixing it!

Reviewed-by: Andi Shyti <andi.shyti at linux.intel.com> 

Andi

>  		/*
>  		 * Wa_22016122933: For Media version 13.0, all Media GT shared
>  		 * memory needs to be mapped as WC on CPU side and UC (PAT
> @@ -1102,8 +1105,6 @@ __lrc_alloc_state(struct intel_context *ce, struct intel_engine_cs *engine)
>  		if (intel_gt_needs_wa_22016122933(engine->gt))
>  			i915_gem_object_set_cache_coherency(obj, I915_CACHE_NONE);
>  	}
> -	if (IS_ERR(obj))
> -		return ERR_CAST(obj);
>  
>  	vma = i915_vma_instance(obj, &engine->gt->ggtt->vm, NULL);
>  	if (IS_ERR(vma)) {


More information about the dri-devel mailing list