-----Original Message-----
From: Intel-xe <intel-xe-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Dheeraj Reddy Jonnalagadda
Sent: Thursday, February 6, 2025 5:47 AM
To: De Marchi, Lucas <lucas.demarchi@xxxxxxxxx>; thomas.hellstrom@xxxxxxxxxxxxxxx; Vivi, Rodrigo <rodrigo.vivi@xxxxxxxxx>
Cc: airlied@xxxxxxxxx; simona@xxxxxxxx; intel-xe@xxxxxxxxxxxxxxxxxxxxx; dri-devel@xxxxxxxxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@xxxxxxxxx>
Subject: [PATCH] drm/xe: Fix uninitialized pointer read in xe_vm_bind_kernel_bo
>
> xe_vm_bind_kernel_bo() declares the variable fence without initializing
> it. If an error occurs before fence is assigned a valid value, the
> function may return an uninitialized pointer.
>
> Specifically, this can happen if:
>
> - vm_bind_ioctl_ops_create() fails, leading to release_vm_lock error
> path
>
> Initialize fence to NULL at declaration.
>
> Fixes: dcdd6b84d9ac ("drm/xe/pxp: Allocate PXP execution resources")
> Signed-off-by: Dheeraj Reddy Jonnalagadda <dheeraj.linuxdev@xxxxxxxxx>
Fair enough.
Reviewed-by: Jonathan Cavitt <jonathan.cavitt@xxxxxxxxx>
-Jonathan Cavitt
> ---
> drivers/gpu/drm/xe/xe_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c
> index d664f2e418b2..b6ca53ede904 100644
> --- a/drivers/gpu/drm/xe/xe_vm.c
> +++ b/drivers/gpu/drm/xe/xe_vm.c
> @@ -3184,7 +3184,7 @@ struct dma_fence *xe_vm_bind_kernel_bo(struct xe_vm *vm, struct xe_bo *bo,
> {
> struct xe_vma_ops vops;
> struct drm_gpuva_ops *ops = NULL;
> - struct dma_fence *fence;
> + struct dma_fence *fence = NULL;
> int err;
>
> xe_bo_get(bo);
> --
> 2.34.1
>
>
