Commit 56e2b4e9 authored by Eugene Kobyak's avatar Eugene Kobyak Committed by Heyuan Wang
Browse files

drm/i915: Fix NULL pointer dereference in capture_engine 

stable inclusion
from stable-v6.6.67
commit e07f9c92bd127f8835ac669d83b5e7ff59bbb40f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBEANL
CVE: CVE-2024-56667

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e07f9c92bd127f8835ac669d83b5e7ff59bbb40f

--------------------------------

commit da0b986256ae9a78b0215214ff44f271bfe237c1 upstream.

When the intel_context structure contains NULL,
it raises a NULL pointer dereference error in drm_info().

Fixes: e8a3319c ("drm/i915: Allow error capture without a request")
Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/12309


Reviewed-by: default avatarAndi Shyti <andi.shyti@linux.intel.com>
Cc: John Harrison <John.C.Harrison@Intel.com>
Cc: <stable@vger.kernel.org> # v6.3+
Signed-off-by: default avatarEugene Kobyak <eugene.kobyak@intel.com>
Signed-off-by: default avatarAndi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/xmsgfynkhycw3cf56akp4he2ffg44vuratocsysaowbsnhutzi@augnqbm777at


(cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d)
Signed-off-by: default avatarTvrtko Ursulin <tursulin@ursulin.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarHeyuan Wang <wangheyuan2@h-partners.com>
parent 31b452f6

drivers/gpu/drm/i915/i915_gpu_error.c

+15 −3
Original line number Diff line number Diff line
@@ -1638,9 +1638,21 @@ capture_engine(struct intel_engine_cs *engine, 
		return NULL;



	intel_engine_get_hung_entity(engine, &ce, &rq);

	if (rq && !i915_request_started(rq))

		drm_info(&engine->gt->i915->drm, "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n",

	if (rq && !i915_request_started(rq)) {

		/*

		 * We want to know also what is the guc_id of the context,

		 * but if we don't have the context reference, then skip

		 * printing it.

		 */

		if (ce)

			drm_info(&engine->gt->i915->drm,

				 "Got hung context on %s with active request %lld:%lld [0x%04X] not yet started\n",

				 engine->name, rq->fence.context, rq->fence.seqno, ce->guc_id.id);

		else

			drm_info(&engine->gt->i915->drm,

				 "Got hung context on %s with active request %lld:%lld not yet started\n",

				 engine->name, rq->fence.context, rq->fence.seqno);

	}



	if (rq) {

		capture = intel_engine_coredump_add_request(ee, rq, ATOMIC_MAYFAIL);