On Tue, Mar 29, 2022 at 09:00:01AM +0200, Christian König wrote:
> A bug inside the new sync-file merge code created empty dma_fence_array
> instances.
>
> Warn about that and handle those without crashing.
>
> Signed-off-by: Christian König <christian.koe...@amd.com>
> ---
> drivers/dma-buf/dma-fence-array.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/dma-buf/dma-fence-array.c
> b/drivers/dma-buf/dma-fence-array.c
> index 52b85d292383..5c8a7084577b 100644
> --- a/drivers/dma-buf/dma-fence-array.c
> +++ b/drivers/dma-buf/dma-fence-array.c
> @@ -159,6 +159,8 @@ struct dma_fence_array *dma_fence_array_create(int
> num_fences,
> struct dma_fence_array *array;
> size_t size = sizeof(*array);
>
> + WARN_ON(!num_fences || !fences);
WARN_ON and then dying randomly is kinda not nice, I'd wrap this in an
if (WARN_ON)
return NULL;
with that: Reviewed-by: Daniel Vetter <daniel.vet...@ffwll.ch>
> +
> /* Allocate the callback structures behind the array. */
> size += num_fences * sizeof(struct dma_fence_array_cb);
> array = kzalloc(size, GFP_KERNEL);
> @@ -231,6 +233,9 @@ struct dma_fence *dma_fence_array_first(struct dma_fence
> *head)
> if (!array)
> return head;
>
> + if (!array->num_fences)
> + return NULL;
> +
> return array->fences[0];
> }
> EXPORT_SYMBOL(dma_fence_array_first);
> --
> 2.25.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
