]> www.infradead.org Git - users/hch/misc.git/commitdiff
projects / users / hch / misc.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 00e0ae4)
drm/xe: Use local fence in error path of xe_migrate_clear
authorMatthew Brost <matthew.brost@intel.com>
Tue, 11 Mar 2025 18:29:15 +0000 (11:29 -0700)
committerLucas De Marchi <lucas.demarchi@intel.com>
Mon, 7 Apr 2025 20:16:07 +0000 (13:16 -0700)
The intent of the error path in xe_migrate_clear is to wait on locally
generated fence and then return. The code is waiting on m->fence which
could be the local fence but this is only stable under the job mutex
leading to a possible UAF. Fix code to wait on local fence.

Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Link: https://lore.kernel.org/r/20250311182915.3606291-1-matthew.brost@intel.com
(cherry picked from commit 762b7e95362170b3e13a8704f38d5e47eca4ba74)
Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
drivers/gpu/drm/xe/xe_migrate.c patch | blob | history

diff --git a/drivers/gpu/drm/xe/xe_migrate.c b/drivers/gpu/drm/xe/xe_migrate.c
index df4282c71bf0bfba133e44d9d616edd84b5e546b..a83bebef3780f79a1fe551688300b1e0556482df 100644 (file)
--- a/drivers/gpu/drm/xe/xe_migrate.c
+++ b/drivers/gpu/drm/xe/xe_migrate.c
@@ -1177,7 +1177,7 @@ err:
 err_sync:
                /* Sync partial copies if any. FIXME: job_mutex? */
                if (fence) {
-                       dma_fence_wait(m->fence, false);
+                       dma_fence_wait(fence, false);
                        dma_fence_put(fence);
                }
 
Unnamed repository; edit this file 'description' to name the repository.