[Intel-gfx] [PATCH] drm/i915/ppgtt: Prevent NULL deref in reset ioctl

Fri Dec 20 00:22:40 CET 2013

If we look up an invalid context ID, the idr will return NULL. The ptr
is unconditionally dereferenced afterwards causing a problem.

Note that if the context does not exist, we still return success. This
appears to be the behavior desired by gem_reset_stats --subtest ban

Introduced in v3 of
commit 41bde5535a7d48876095926bb55b1aed5ccd6b2c
Author: Ben Widawsky <ben at bwidawsk.net>
Date:   Fri Dec 6 14:11:21 2013 -0800

    drm/i915: Get context early in execbuf

Cc: Mika Kuoppala <mika.kuoppala at linux.intel.com>
Signed-off-by: Ben Widawsky <ben at bwidawsk.net>
---
 drivers/gpu/drm/i915/intel_uncore.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/intel_uncore.c b/drivers/gpu/drm/i915/intel_uncore.c
index e52fcce..aa4c55a 100644
--- a/drivers/gpu/drm/i915/intel_uncore.c
+++ b/drivers/gpu/drm/i915/intel_uncore.c
@@ -850,7 +850,7 @@ int i915_get_reset_stats_ioctl(struct drm_device *dev,
 		return ret;
 
 	ctx = i915_gem_context_get(file->driver_priv, args->ctx_id);
-	if (IS_ERR(ctx)) {
+	if (IS_ERR_OR_NULL(ctx)) {
 		mutex_unlock(&dev->struct_mutex);
 		return PTR_ERR(ctx);
 	}
-- 
1.8.5.1


