On Tue, Mar 29, 2022 at 09:00:01AM +0200, Christian König wrote: > A bug inside the new sync-file merge code created empty dma_fence_array instances. > > Warn about that and handle those without crashing. > > Signed-off-by: Christian König <christian.koenig@xxxxxxx> > --- > drivers/dma-buf/dma-fence-array.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/drivers/dma-buf/dma-fence-array.c b/drivers/dma-buf/dma-fence-array.c > index 52b85d292383..5c8a7084577b 100644 > --- a/drivers/dma-buf/dma-fence-array.c > +++ b/drivers/dma-buf/dma-fence-array.c > @@ -159,6 +159,8 @@ struct dma_fence_array *dma_fence_array_create(int num_fences, > struct dma_fence_array *array; > size_t size = sizeof(*array); > > + WARN_ON(!num_fences || !fences); WARN_ON and then dying randomly is kinda not nice, I'd wrap this in an if (WARN_ON) return NULL; with that: Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> > + > /* Allocate the callback structures behind the array. */ > size += num_fences * sizeof(struct dma_fence_array_cb); > array = kzalloc(size, GFP_KERNEL); > @@ -231,6 +233,9 @@ struct dma_fence *dma_fence_array_first(struct dma_fence *head) > if (!array) > return head; > > + if (!array->num_fences) > + return NULL; > + > return array->fences[0]; > } > EXPORT_SYMBOL(dma_fence_array_first); > -- > 2.25.1 > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch
