Testing running out of file descriptors shows a NULL pointer
dereference in i915_gem_alloc_object() because base.filp ends up being
NULL. So the line
mapping = file_inode(obj->base.filp)->i_mapping;
will cause an oops. The call chain is
SyS_ioctl ->
do_vfs_ioctl ->
drm_ioctl ->
i915_gem_create_ioctl ->
i915_gem_create ->
i915_gem_alloc_object
Now, some functions do test "base.filp" for NULL (see for example
i915_gem_pread_ioctl()) so clearly people know that the filp may not
exist. But that path does not.
Comments? Patches even?
Linus
_______________________________________________
Intel-gfx mailing list
Intel-gfx@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
