[PATCH 1/1] drm/xe/eustall: Fix a possible pointer dereference after free
Dixit, Ashutosh
ashutosh.dixit at intel.com
Wed Mar 12 22:09:40 UTC 2025
On Wed, 12 Mar 2025 10:31:20 -0700, Harish Chegondi wrote:
>
> If devm_add_action_or_reset() isn't successful, xe_eu_stall_fini()
> is invoked. So, unsuccessful return from devm_add_action_or_reset()
> shouldn't dereference gt->eu_stall as xe_eu_stall_fini() already
> frees it. Fix this issue.
Needs a Fixes tag. No need to resend the patch, I will add the tag when
merging this. With that this is:
Reviewed-by: Ashutosh Dixit <ashutosh.dixit at intel.com>
>
> Signed-off-by: Harish Chegondi <harish.chegondi at intel.com>
> ---
> drivers/gpu/drm/xe/xe_eu_stall.c | 8 +-------
> 1 file changed, 1 insertion(+), 7 deletions(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_eu_stall.c b/drivers/gpu/drm/xe/xe_eu_stall.c
> index 88a92baf5c95..f2bb9168967c 100644
> --- a/drivers/gpu/drm/xe/xe_eu_stall.c
> +++ b/drivers/gpu/drm/xe/xe_eu_stall.c
> @@ -222,13 +222,7 @@ int xe_eu_stall_init(struct xe_gt *gt)
> goto exit_free;
> }
>
> - ret = devm_add_action_or_reset(xe->drm.dev, xe_eu_stall_fini, gt);
> - if (ret)
> - goto exit_destroy;
> -
> - return 0;
> -exit_destroy:
> - destroy_workqueue(gt->eu_stall->buf_ptr_poll_wq);
> + return devm_add_action_or_reset(xe->drm.dev, xe_eu_stall_fini, gt);
> exit_free:
> mutex_destroy(>->eu_stall->stream_lock);
> kfree(gt->eu_stall);
> --
> 2.48.1
>
More information about the Intel-xe
mailing list