[PATCH v2] drm/i915/gt: Protect against overflow in active_engine()
Jani Nikula
jani.nikula at linux.intel.com
Mon Aug 4 15:04:18 UTC 2025
On Mon, 04 Aug 2025, Krzysztof Karas <krzysztof.karas at intel.com> wrote:
> It is unlikely, but possible for the first call to
> intel_context_create() to fail with -ENOMEM, which would result
> in entering the following code block and decrementing "count",
> when it is set to 0 (initial condition in the for loop).
>
> Protect from overflowing the variable by replacing "while" with
> "do while" and using decrement as postfix to make sure
> intel_context_put() fires at least once.
>
> Signed-off-by: Krzysztof Karas <krzysztof.karas at intel.com>
> ---
>
> v2:
> * remove unlikely() - Jani
> * replace "while" with "do while" - Andi
>
> drivers/gpu/drm/i915/gt/selftest_hangcheck.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> index f057c16410e7..4ec97024665a 100644
> --- a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> +++ b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> @@ -904,8 +904,9 @@ static void active_engine(struct kthread_work *work)
> arg->result = PTR_ERR(ce[count]);
> pr_err("[%s] Create context #%ld failed: %d!\n",
> engine->name, count, arg->result);
> - while (--count)
> + do {
> intel_context_put(ce[count]);
This passes an error pointer to intel_context_put().
BR,
Jani.
> + } while (count--);
> return;
> }
> }
> --
> 2.34.1
--
Jani Nikula, Intel
More information about the Intel-gfx
mailing list