[PATCH v2] drm/i915/gt: Protect against overflow in active_engine()
Andi Shyti
andi.shyti at linux.intel.com
Mon Aug 4 15:34:43 UTC 2025
On Mon, Aug 04, 2025 at 02:55:46PM +0000, Krzysztof Karas wrote:
> It is unlikely, but possible for the first call to
> intel_context_create() to fail with -ENOMEM, which would result
> in entering the following code block and decrementing "count",
> when it is set to 0 (initial condition in the for loop).
>
> Protect from overflowing the variable by replacing "while" with
> "do while" and using decrement as postfix to make sure
> intel_context_put() fires at least once.
>
> Signed-off-by: Krzysztof Karas <krzysztof.karas at intel.com>
> ---
>
> v2:
> * remove unlikely() - Jani
> * replace "while" with "do while" - Andi
>
> drivers/gpu/drm/i915/gt/selftest_hangcheck.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> index f057c16410e7..4ec97024665a 100644
> --- a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> +++ b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
> @@ -904,8 +904,9 @@ static void active_engine(struct kthread_work *work)
> arg->result = PTR_ERR(ce[count]);
> pr_err("[%s] Create context #%ld failed: %d!\n",
> engine->name, count, arg->result);
> - while (--count)
> + do {
> intel_context_put(ce[count]);
> + } while (count--);
you still need to decrease count, though, before entering the
loop. However you do it, it requires some check on count. You
should try out the different ways and choose one. Even a 'for'
loop needs to check for count.
Andi
> return;
> }
> }
> --
> 2.34.1
>
> --
> Best Regards,
> Krzysztof
More information about the Intel-gfx
mailing list