From: Matthew Auld <matthew.auld@xxxxxxxxx> commit 816b186ce2e87df7c7ead4ad44f70f3b10a04c91 upstream. We can incorrectly think that the fence has signalled, if we get a non-zero value here from the kmalloc, which is quite plausible. Just use kzalloc to prevent stuff like this. Fixes: 977e5b82e090 ("drm/xe: Expose user fence from xe_sync_entry") Signed-off-by: Matthew Auld <matthew.auld@xxxxxxxxx> Cc: Mika Kuoppala <mika.kuoppala@xxxxxxxxxxxxxxx> Cc: Matthew Brost <matthew.brost@xxxxxxxxx> Cc: Nirmoy Das <nirmoy.das@xxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> # v6.10+ Reviewed-by: Nirmoy Das <nirmoy.das@xxxxxxxxx> Reviewed-by: Matthew Brost <matthew.brost@xxxxxxxxx> Link: https://patchwork.freedesktop.org/patch/msgid/20241011133633.388008-2-matthew.auld@xxxxxxxxx (cherry picked from commit 26f69e88dcc95fffc62ed2aea30ad7b1fdf31fdb) Signed-off-by: Lucas De Marchi <lucas.demarchi@xxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/xe/xe_sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c index bb3c2a830362..c6cf227ead40 100644 --- a/drivers/gpu/drm/xe/xe_sync.c +++ b/drivers/gpu/drm/xe/xe_sync.c @@ -58,7 +58,7 @@ static struct xe_user_fence *user_fence_create(struct xe_device *xe, u64 addr, if (!access_ok(ptr, sizeof(*ptr))) return ERR_PTR(-EFAULT); - ufence = kmalloc(sizeof(*ufence), GFP_KERNEL); + ufence = kzalloc(sizeof(*ufence), GFP_KERNEL); if (!ufence) return ERR_PTR(-ENOMEM); -- 2.47.0 Patches currently in stable-queue which might be from matthew.auld@xxxxxxxxx are queue-6.11/drm-xe-ufence-ufence-can-be-signaled-right-after-wait_woken.patch queue-6.11/drm-xe-xe_sync-initialise-ufence.signalled.patch