[Intel-gfx] [PATCH] drm/i915: check fence to avoid null pointer dereference
Tvrtko Ursulin
tvrtko.ursulin at linux.intel.com
Wed May 18 09:18:38 UTC 2022
Hi,
On 17/05/2022 17:56, Yongzhi Liu wrote:
> if drm_syncobj_fence_get return null, we will get a
> null pointer. Fix this by adding the null pointer check
> on fence.
>
> Signed-off-by: Yongzhi Liu <lyz_cs at pku.edu.cn>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> index fd0e15d..3a82a62 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c
> @@ -3184,6 +3184,10 @@ eb_fences_add(struct i915_execbuffer *eb, struct i915_request *rq,
> struct dma_fence *fence;
>
> fence = drm_syncobj_fence_get(eb->gem_context->syncobj);
> + if (!fence) {
> + DRM_DEBUG("Syncobj has no fence\n");
> + return ERR_PTR(-EINVAL);
Lookup can't fail here since reference to context is held and syncobj
can't get replaced during that time. You could make it a single
GEM_BUG_ON(!fence) instead if you really wanted but I am not convinced
it would be useful.
Regards,
Tvrtko
> + }
> err = i915_request_await_dma_fence(rq, fence);
> dma_fence_put(fence);
> if (err)
More information about the Intel-gfx
mailing list