From: Tapani Pälli Date: Wed, 17 Dec 2025 13:24:12 +0000 (+0200) Subject: drm/xe: Fix NULL pointer dereference in xe_exec_ioctl X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f9405aaa4297f95b42c39779e24f74587a0b6bc;p=thirdparty%2Fkernel%2Flinux.git drm/xe: Fix NULL pointer dereference in xe_exec_ioctl Helper function xe_sync_needs_wait expects sync->fence when accessing flags, patch makes sure we call only when sync->fence exists. v2: move null checking to xe_sync_needs_wait and make xe_sync_entry_wait utilize this helper (Matthew Auld) v3: further simplify code (Matthew Auld) Fixes NULL pointer dereference seen with Vulkan workloads: [ 118.410401] RIP: 0010:xe_sync_needs_wait+0x27/0x50 [xe] Fixes: 4ac9048d0501 ("drm/xe: Wait on in-syncs when swicthing to dma-fence mode") Signed-off-by: Tapani Pälli Reviewed-by: Matthew Auld Reviewed-by: Matthew Brost Signed-off-by: Matthew Brost Link: https://patch.msgid.link/20251217132412.435755-1-tapani.palli@intel.com --- diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c index ee1344a880b9..c8fdcdbd6ae7 100644 --- a/drivers/gpu/drm/xe/xe_sync.c +++ b/drivers/gpu/drm/xe/xe_sync.c @@ -238,10 +238,8 @@ int xe_sync_entry_add_deps(struct xe_sync_entry *sync, struct xe_sched_job *job) */ int xe_sync_entry_wait(struct xe_sync_entry *sync) { - if (sync->flags & DRM_XE_SYNC_FLAG_SIGNAL) - return 0; - - return dma_fence_wait(sync->fence, true); + return xe_sync_needs_wait(sync) ? + dma_fence_wait(sync->fence, true) : 0; } /** @@ -252,8 +250,8 @@ int xe_sync_entry_wait(struct xe_sync_entry *sync) */ bool xe_sync_needs_wait(struct xe_sync_entry *sync) { - return !(sync->flags & DRM_XE_SYNC_FLAG_SIGNAL) && - !test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &sync->fence->flags); + return sync->fence && + !test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &sync->fence->flags); } void xe_sync_entry_signal(struct xe_sync_entry *sync, struct dma_fence *fence)