Skip to content

Commit

Permalink
drm/xe: Use local fence in error path of xe_migrate_clear
Browse files Browse the repository at this point in the history 
The intent of the error path in xe_migrate_clear is to wait on locally
generated fence and then return. The code is waiting on m->fence which
could be the local fence but this is only stable under the job mutex
leading to a possible UAF. Fix code to wait on local fence.

Fixes: dd08ebf ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Link: https://lore.kernel.org/r/20250311182915.3606291-1-matthew.brost@intel.com
  • Loading branch information
Matthew Brost committed Mar 27, 2025
1 parent 12468e5 commit 762b7e9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/gpu/drm/xe/xe_migrate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1177,7 +1177,7 @@ struct dma_fence *xe_migrate_clear(struct xe_migrate *m,
err_sync:
/* Sync partial copies if any. FIXME: job_mutex? */
if (fence) {
dma_fence_wait(m->fence, false);
dma_fence_wait(fence, false);
dma_fence_put(fence);
}

Expand Down

0 comments on commit 762b7e9

Please sign in to comment.