[PATCH] drm/xe: Protect devcoredump_free
Souza, Jose
jose.souza at intel.com
Wed Apr 3 15:23:51 UTC 2024
On Wed, 2024-04-03 at 10:50 -0400, Rodrigo Vivi wrote:
> While we don't have the full flow protection when devcoredump
> is accessed after device unbind. Let's at least for now
> protect against null dereference:
>
> [ 422.766508] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
> [ 423.119584] RIP: 0010:xe_vm_snapshot_free+0x30/0x180 [xe]
>
> While at it, I also fixed a non-standard code-declaration block
> on the similar function of xe_guc_submit.
>
Reviewed-by: José Roberto de Souza <jose.souza at intel.com>
> Fixes: e5f661bb56d4 ("drm/xe/devcoredump: Print errno if VM snapshot was not captured")
> Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
> Cc: José Roberto de Souza <jose.souza at intel.com>
> Signed-off-by: Rodrigo Vivi <rodrigo.vivi at intel.com>
> ---
> drivers/gpu/drm/xe/xe_guc_submit.c | 1 +
> drivers/gpu/drm/xe/xe_vm.c | 2 +-
> 2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c
> index f42f1b567067..6e32f9ce4eb5 100644
> --- a/drivers/gpu/drm/xe/xe_guc_submit.c
> +++ b/drivers/gpu/drm/xe/xe_guc_submit.c
> @@ -1961,6 +1961,7 @@ xe_guc_exec_queue_snapshot_print(struct xe_guc_submit_exec_queue_snapshot *snaps
> void xe_guc_exec_queue_snapshot_free(struct xe_guc_submit_exec_queue_snapshot *snapshot)
> {
> int i;
> +
> if (!snapshot)
> return;
>
> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c
> index f4bfb2705956..ccb2e1c67c2c 100644
> --- a/drivers/gpu/drm/xe/xe_vm.c
> +++ b/drivers/gpu/drm/xe/xe_vm.c
> @@ -3514,7 +3514,7 @@ void xe_vm_snapshot_free(struct xe_vm_snapshot *snap)
> {
> unsigned long i;
>
> - if (IS_ERR(snap))
> + if (!snap || IS_ERR(snap))
> return;
>
> for (i = 0; i < snap->num_snaps; i++) {
More information about the Intel-xe
mailing list