From: Krzysztof Karas <krzysztof.karas@intel.com>
Date: Tue, 5 Aug 2025 11:41:42 +0000 (+0000)
Subject: drm/i915/gt: Protect against overflow in active_engine()
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=317be9c64215f264740c6dffb0a44216960875b2;p=users%2Fhch%2Fmisc.git

drm/i915/gt: Protect against overflow in active_engine()

It is unlikely, but possible for the first call to
intel_context_create() to fail with -ENOMEM, which would result
in entering the following code block and decrementing "count",
when it is set to 0 (initial condition in the for loop).

Protect from overflowing the variable by checking for 0 value
of "count" before entering the loop.

Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com>
Reviewed-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://lore.kernel.org/r/pogr74jktdqehrfap4tjky23ees4x7erh5dwgg5jb2n522cfkw@kpnxe4qzx4pj
---

diff --git a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
index f057c16410e7..619c70c54ef9 100644
--- a/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
+++ b/drivers/gpu/drm/i915/gt/selftest_hangcheck.c
@@ -904,6 +904,8 @@ static void active_engine(struct kthread_work *work)
 			arg->result = PTR_ERR(ce[count]);
 			pr_err("[%s] Create context #%ld failed: %d!\n",
 			       engine->name, count, arg->result);
+			if (!count)
+				return;
 			while (--count)
 				intel_context_put(ce[count]);
 			return;