On Tue, 2024-12-10 at 15:41 -0500, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/sched: memset() 'job' in drm_sched_job_init() > > to the 6.12-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > The filename of the patch is: > drm-sched-memset-job-in-drm_sched_job_init.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, > please let <stable@xxxxxxxxxxxxxxx> know about it. Hi, you can add it, it does improve things a bit. But I'd like to use this opportunity to understand by what criteria you found and selected this patch? Stable was not on CC, neither does the patch contain a Fixes tag. Regards, P. > > > > commit d0a6c893de0172427064e39be400a23b0ba5ffec > Author: Philipp Stanner <pstanner@xxxxxxxxxx> > Date: Mon Oct 21 12:50:28 2024 +0200 > > drm/sched: memset() 'job' in drm_sched_job_init() > > [ Upstream commit 2320c9e6a768d135c7b0039995182bb1a4e4fd22 ] > > drm_sched_job_init() has no control over how users allocate > struct > drm_sched_job. Unfortunately, the function can also not set some > struct > members such as job->sched. > > This could theoretically lead to UB by users dereferencing the > struct's > pointer members too early. > > It is easier to debug such issues if these pointers are > initialized to > NULL, so dereferencing them causes a NULL pointer exception. > Accordingly, drm_sched_entity_init() does precisely that and > initializes > its struct with memset(). > > Initialize parameter "job" to 0 in drm_sched_job_init(). > > Signed-off-by: Philipp Stanner <pstanner@xxxxxxxxxx> > Link: > https://patchwork.freedesktop.org/patch/msgid/20241021105028.19794-2-pstanner@xxxxxxxxxx > Reviewed-by: Christian König <christian.koenig@xxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > > diff --git a/drivers/gpu/drm/scheduler/sched_main.c > b/drivers/gpu/drm/scheduler/sched_main.c > index e97c6c60bc96e..416590ea0dc3d 100644 > --- a/drivers/gpu/drm/scheduler/sched_main.c > +++ b/drivers/gpu/drm/scheduler/sched_main.c > @@ -803,6 +803,14 @@ int drm_sched_job_init(struct drm_sched_job > *job, > return -EINVAL; > } > > + /* > + * We don't know for sure how the user has allocated. Thus, > zero the > + * struct so that unallowed (i.e., too early) usage of > pointers that > + * this function does not set is guaranteed to lead to a > NULL pointer > + * exception instead of UB. > + */ > + memset(job, 0, sizeof(*job)); > + > job->entity = entity; > job->credits = credits; > job->s_fence = drm_sched_fence_alloc(entity, owner); >
