Reviewed-by: Maarten Lankhorst <[email protected]>
On 7/1/26 09:55, Joonas Lahtinen wrote:
> Setting context engine slot N into I915_ENGINE_CLASS_INVALID /
> I915_ENGINE_CLASS_INVALID_NONE and attempting to apply
> I915_CONTEXT_PARAM_SSEU to the same slot N will deref NULL.
> Fix that.
>
> Discovered using AI-assisted static analysis confirmed by
> Intel Product Security.
>
> Reported-by: Martin Hodo <[email protected]>
> Fixes: d4433c7600f7 ("drm/i915/gem: Use the proto-context to handle create
> parameters (v5)")
> Cc: Faith Ekstrand <[email protected]>
> Cc: Simona Vetter <[email protected]>
> Cc: Tvrtko Ursulin <[email protected]>
> Cc: Maarten Lankhorst <[email protected]>
> Cc: <[email protected]> # v5.15+
> Signed-off-by: Joonas Lahtinen <[email protected]>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_context.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_context.c
> b/drivers/gpu/drm/i915/gem/i915_gem_context.c
> index aeafe1742d30..347d1f2c05f5 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_context.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_context.c
> @@ -850,7 +850,7 @@ static int set_proto_ctx_sseu(struct
> drm_i915_file_private *fpriv,
> pe = &pc->user_engines[idx];
>
> /* Only render engine supports RPCS configuration. */
> - if (pe->engine->class != RENDER_CLASS)
> + if (!pe->engine || pe->engine->class != RENDER_CLASS)
> return -EINVAL;
>
> sseu = &pe->sseu;