[PATCH v3] drm/i915: Fixed NULL pointer dereference in capture_engine
Andi Shyti
andi.shyti at linux.intel.com
Thu Nov 28 11:00:04 UTC 2024
Hi,
On Mon, Nov 25, 2024 at 03:27:11PM +0000, Eugene Kobyak wrote:
> When the intel_context structure contains NULL,
> it raises a NULL pointer dereference error in drm_info().
>
> Fixes: e8a3319c31a1 ("drm/i915: Allow error capture without a request")
> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12309
>
> Signed-off-by: Eugene Kobyak <eugene.kobyak at intel.com>
> ---
> drivers/gpu/drm/i915/i915_gpu_error.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c
> index 135ded17334e..1c614c74c2cf 100644
> --- a/drivers/gpu/drm/i915/i915_gpu_error.c
> +++ b/drivers/gpu/drm/i915/i915_gpu_error.c
> @@ -1643,9 +1643,16 @@ capture_engine(struct intel_engine_cs *engine,
> return NULL;
>
> intel_engine_get_hung_entity(engine, &ce, &rq);
> - if (rq && !i915_request_started(rq))
> - drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n",
> - engine->name, rq->fence.context, rq->fence.seqno, ce->guc_id.id);
> + if (rq && !i915_request_started(rq)) {
> + char guc_id[9];
> + if (ce)
> + scnprintf(guc_id, sizeof(guc_id), "[0x%04X]", ce->guc_id.id);
> + else
> + scnprintf(guc_id, sizeof(guc_id), " ");
> +
> + drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld%s not yet started\n",
> + engine->name, rq->fence.context, rq->fence.seqno, guc_id);
> + }
I've discussed offline with Eugene this scenario and we tested
the cases when ce is NULL. I'm looking forward to your v4.
Thanks,
Andi
More information about the Intel-gfx
mailing list