From 4acabfe3793eb9bf89f71cc0cef23dfb2a812916 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Christian=20K=C3=B6nig?= Date: Sun, 31 Jan 2016 11:32:04 +0100 Subject: [PATCH] drm/amdgpu: fix num_ibs check MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Specifying no IBs on command submission is invalid, stop crashing badly when somebody tries it. Signed-off-by: Christian König Reviewed-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c index e7e384264202..55179efccfcf 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -211,6 +211,10 @@ int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, void *data) } } + if (p->num_ibs == 0) { + ret = -EINVAL; + goto free_all_kdata; + } p->ibs = kcalloc(p->num_ibs, sizeof(struct amdgpu_ib), GFP_KERNEL); if (!p->ibs) { @@ -551,9 +555,6 @@ static int amdgpu_cs_ib_vm_chunk(struct amdgpu_device *adev, struct amdgpu_ring *ring; int i, r; - if (parser->num_ibs == 0) - return 0; - /* Only for UVD/VCE VM emulation */ for (i = 0; i < parser->num_ibs; i++) { ring = parser->ibs[i].ring; @@ -660,9 +661,6 @@ static int amdgpu_cs_ib_fill(struct amdgpu_device *adev, j++; } - if (!parser->num_ibs) - return 0; - /* add GDS resources to first IB */ if (parser->bo_list) { struct amdgpu_bo *gds = parser->bo_list->gds_obj; @@ -705,9 +703,6 @@ static int amdgpu_cs_dependencies(struct amdgpu_device *adev, struct amdgpu_ib *ib; int i, j, r; - if (!p->num_ibs) - return 0; - /* Add dependencies to first IB */ ib = &p->ibs[0]; for (i = 0; i < p->nchunks; ++i) { @@ -866,8 +861,7 @@ int amdgpu_cs_ioctl(struct drm_device *dev, void *data, struct drm_file *filp) if (r) goto out; - if (parser.num_ibs) - r = amdgpu_cs_submit(&parser, cs); + r = amdgpu_cs_submit(&parser, cs); out: amdgpu_cs_parser_fini(&parser, r, reserved_buffers); -- 2.20.1