[PATCH] drm/xe: Protect devcoredump access after unbind
Nirmoy Das
nirmoy.das at intel.com
Wed Apr 3 21:09:25 UTC 2024
On 4/3/2024 9:50 PM, Rodrigo Vivi wrote:
> While we don't have the full flow protection when devcoredump
> is accessed after device unbind. Let's at least for now
> protect against null dereference:
>
> [ 422.766508] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
> [ 423.119584] RIP: 0010:xe_vm_snapshot_free+0x30/0x180 [xe]
>
> While at it, I also fixed a non-standard code-declaration block
> on the similar function of xe_guc_submit.
>
> v2: - Use IS_ERR_OR_NULL (Nirmoy)
> - Expand to other functions
>
> Cc: José Roberto de Souza<jose.souza at intel.com>
> Cc: Nirmoy Das<nirmoy.das at intel.com>
> Signed-off-by: Rodrigo Vivi<rodrigo.vivi at intel.com>
Reviewed-by: Nirmoy Das <nirmoy.das at intel.com>
> ---
> drivers/gpu/drm/xe/xe_guc_submit.c | 1 +
> drivers/gpu/drm/xe/xe_vm.c | 6 +++---
> 2 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c
> index f42f1b567067..6e32f9ce4eb5 100644
> --- a/drivers/gpu/drm/xe/xe_guc_submit.c
> +++ b/drivers/gpu/drm/xe/xe_guc_submit.c
> @@ -1961,6 +1961,7 @@ xe_guc_exec_queue_snapshot_print(struct xe_guc_submit_exec_queue_snapshot *snaps
> void xe_guc_exec_queue_snapshot_free(struct xe_guc_submit_exec_queue_snapshot *snapshot)
> {
> int i;
> +
> if (!snapshot)
> return;
>
> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c
> index f4bfb2705956..2a431690d245 100644
> --- a/drivers/gpu/drm/xe/xe_vm.c
> +++ b/drivers/gpu/drm/xe/xe_vm.c
> @@ -3426,7 +3426,7 @@ struct xe_vm_snapshot *xe_vm_snapshot_capture(struct xe_vm *vm)
>
> void xe_vm_snapshot_capture_delayed(struct xe_vm_snapshot *snap)
> {
> - if (IS_ERR(snap))
> + if (IS_ERR_OR_NULL(snap))
> return;
>
> for (int i = 0; i < snap->num_snaps; i++) {
> @@ -3483,7 +3483,7 @@ void xe_vm_snapshot_print(struct xe_vm_snapshot *snap, struct drm_printer *p)
> {
> unsigned long i, j;
>
> - if (IS_ERR(snap)) {
> + if (IS_ERR_OR_NULL(snap)) {
> drm_printf(p, "[0].error: %li\n", PTR_ERR(snap));
> return;
> }
> @@ -3514,7 +3514,7 @@ void xe_vm_snapshot_free(struct xe_vm_snapshot *snap)
> {
> unsigned long i;
>
> - if (IS_ERR(snap))
> + if (IS_ERR_OR_NULL(snap))
> return;
>
> for (i = 0; i < snap->num_snaps; i++) {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-xe/attachments/20240403/64881a1c/attachment.htm>
More information about the Intel-xe
mailing list