Unverified Commit 1bfd7575 authored by Shuicheng Lin's avatar Shuicheng Lin Committed by Rodrigo Vivi
Browse files

drm/xe/sync: Cleanup partially initialized sync on parse failure 



xe_sync_entry_parse() can allocate references (syncobj, fence, chain fence,
or user fence) before hitting a later failure path. Several of those paths
returned directly, leaving partially initialized state and leaking refs.

Route these error paths through a common free_sync label and call
xe_sync_entry_cleanup(sync) before returning the error.

Fixes: dd08ebf6 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Cc: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: default avatarShuicheng Lin <shuicheng.lin@intel.com>
Reviewed-by: default avatarMatthew Brost <matthew.brost@intel.com>
Signed-off-by: default avatarMatthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20260219233516.2938172-5-shuicheng.lin@intel.com


(cherry picked from commit f939bdd9)
Cc: stable@vger.kernel.org
Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
parent 43d37df6

drivers/gpu/drm/xe/xe_sync.c

+17 −7
Original line number Diff line number Diff line
@@ -146,8 +146,10 @@ int xe_sync_entry_parse(struct xe_device *xe, struct xe_file *xef, 


		if (!signal) {

			sync->fence = drm_syncobj_fence_get(sync->syncobj);

			if (XE_IOCTL_DBG(xe, !sync->fence))

				return -EINVAL;

			if (XE_IOCTL_DBG(xe, !sync->fence)) {

				err = -EINVAL;

				goto free_sync;

			}

		}

		break;
@@ -167,17 +169,21 @@ int xe_sync_entry_parse(struct xe_device *xe, struct xe_file *xef, 


		if (signal) {

			sync->chain_fence = dma_fence_chain_alloc();

			if (!sync->chain_fence)

				return -ENOMEM;

			if (!sync->chain_fence) {

				err = -ENOMEM;

				goto free_sync;

			}

		} else {

			sync->fence = drm_syncobj_fence_get(sync->syncobj);

			if (XE_IOCTL_DBG(xe, !sync->fence))

				return -EINVAL;

			if (XE_IOCTL_DBG(xe, !sync->fence)) {

				err = -EINVAL;

				goto free_sync;

			}



			err = dma_fence_chain_find_seqno(&sync->fence,

							 sync_in.timeline_value);

			if (err)

				return err;

				goto free_sync;

		}

		break;
@@ -216,6 +222,10 @@ int xe_sync_entry_parse(struct xe_device *xe, struct xe_file *xef, 
	sync->timeline_value = sync_in.timeline_value;



	return 0;



free_sync:

	xe_sync_entry_cleanup(sync);

	return err;

}

ALLOW_ERROR_INJECTION(xe_sync_entry_parse, ERRNO);