| Message ID | 1652806601-88104-1-git-send-email-lyz_cs@pku.edu.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/i915: check fence to avoid null pointer dereference | expand |
Hi, On 17/05/2022 17:56, Yongzhi Liu wrote: > if drm_syncobj_fence_get return null, we will get a > null pointer. Fix this by adding the null pointer check > on fence. > > Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn> > --- > drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > index fd0e15d..3a82a62 100644 > --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c > @@ -3184,6 +3184,10 @@ eb_fences_add(struct i915_execbuffer *eb, struct i915_request *rq, > struct dma_fence *fence; > > fence = drm_syncobj_fence_get(eb->gem_context->syncobj); > + if (!fence) { > + DRM_DEBUG("Syncobj has no fence\n"); > + return ERR_PTR(-EINVAL); Lookup can't fail here since reference to context is held and syncobj can't get replaced during that time. You could make it a single GEM_BUG_ON(!fence) instead if you really wanted but I am not convinced it would be useful. Regards, Tvrtko > + } > err = i915_request_await_dma_fence(rq, fence); > dma_fence_put(fence); > if (err)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index fd0e15d..3a82a62 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -3184,6 +3184,10 @@ eb_fences_add(struct i915_execbuffer *eb, struct i915_request *rq, struct dma_fence *fence; fence = drm_syncobj_fence_get(eb->gem_context->syncobj); + if (!fence) { + DRM_DEBUG("Syncobj has no fence\n"); + return ERR_PTR(-EINVAL); + } err = i915_request_await_dma_fence(rq, fence); dma_fence_put(fence); if (err)
if drm_syncobj_fence_get return null, we will get a null pointer. Fix this by adding the null pointer check on fence. Signed-off-by: Yongzhi Liu <lyz_cs@pku.edu.cn> --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 4 ++++ 1 file changed, 4 insertions(+)