idr_for_each_entry() is fine, but will prematurely terminate on
transient NULL entries. It should be switched over to idr_for_each,
which allows you to handle this explicitly.
Note that transient NULL pointers in drm_file.object_idr have been a
thing since f6cd7daecff5 ("drm: Release driver references to handle
before making it available again"), this is a really old issue.
Since it's just a premature loop terminate the impact should be fairly
benign, at least for any debugfs or fdinfo code.
Signed-off-by: Simona Vetter <simona.vet...@intel.com>
Signed-off-by: Simona Vetter <simona.vet...@ffwll.ch>
Cc: Zack Rusin <zack.ru...@broadcom.com>
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-l...@broadcom.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
index c55382167c1b..438e40b92281 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_gem.c
@@ -323,6 +323,7 @@ static int vmw_debugfs_gem_info_show(struct seq_file *m,
void *unused)
rcu_read_unlock();
spin_lock(&file->table_lock);
+ /* FIXME: Use idr_for_each to handle transient NULL pointers */
idr_for_each_entry(&file->object_idr, gobj, id) {
struct vmw_bo *bo = to_vmw_bo(gobj);
--
2.49.0
