Patch "drm/sched: memset() 'job' in drm_sched_job_init()" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    drm/sched: memset() 'job' in drm_sched_job_init()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-sched-memset-job-in-drm_sched_job_init.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit d051caa97cc983fa6ee9c641d78f7a38d7020b27
Author: Philipp Stanner <pstanner@xxxxxxxxxx>
Date:   Mon Oct 21 12:50:28 2024 +0200

    drm/sched: memset() 'job' in drm_sched_job_init()
    
    [ Upstream commit 2320c9e6a768d135c7b0039995182bb1a4e4fd22 ]
    
    drm_sched_job_init() has no control over how users allocate struct
    drm_sched_job. Unfortunately, the function can also not set some struct
    members such as job->sched.
    
    This could theoretically lead to UB by users dereferencing the struct's
    pointer members too early.
    
    It is easier to debug such issues if these pointers are initialized to
    NULL, so dereferencing them causes a NULL pointer exception.
    Accordingly, drm_sched_entity_init() does precisely that and initializes
    its struct with memset().
    
    Initialize parameter "job" to 0 in drm_sched_job_init().
    
    Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241021105028.19794-2-pstanner@xxxxxxxxxx
    Reviewed-by: Christian König <christian.koenig@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c
index 5a3a622fc672f..fa4652f234718 100644
--- a/drivers/gpu/drm/scheduler/sched_main.c
+++ b/drivers/gpu/drm/scheduler/sched_main.c
@@ -635,6 +635,14 @@ int drm_sched_job_init(struct drm_sched_job *job,
 	if (!entity->rq)
 		return -ENOENT;
 
+	/*
+	 * We don't know for sure how the user has allocated. Thus, zero the
+	 * struct so that unallowed (i.e., too early) usage of pointers that
+	 * this function does not set is guaranteed to lead to a NULL pointer
+	 * exception instead of UB.
+	 */
+	memset(job, 0, sizeof(*job));
+
 	job->entity = entity;
 	job->s_fence = drm_sched_fence_alloc(entity, owner);
 	if (!job->s_fence)




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux