From: John Harrison <[email protected]>
The i915_gem_record_rings() code was unconditionally querying and saving state
for the batch_obj of a request structure. This is not necessarily set. Thus a
null pointer dereference can occur.
---
drivers/gpu/drm/i915/i915_gpu_error.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c
b/drivers/gpu/drm/i915/i915_gpu_error.c
index 87ec60e..0738f21 100644
--- a/drivers/gpu/drm/i915/i915_gpu_error.c
+++ b/drivers/gpu/drm/i915/i915_gpu_error.c
@@ -902,12 +902,13 @@ static void i915_gem_record_rings(struct drm_device *dev,
* as the simplest method to avoid being overwritten
* by userspace.
*/
- error->ring[i].batchbuffer =
- i915_error_object_create(dev_priv,
- request->batch_obj,
- request->ctx ?
- request->ctx->vm :
- &dev_priv->gtt.base);
+ if(request->batch_obj)
+ error->ring[i].batchbuffer =
+ i915_error_object_create(dev_priv,
+
request->batch_obj,
+ request->ctx ?
+
request->ctx->vm :
+
&dev_priv->gtt.base);
if (HAS_BROKEN_CS_TLB(dev_priv->dev) &&
ring->scratch.obj)
--
1.7.9.5
_______________________________________________
Intel-gfx mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/intel-gfx
