Commit 2f9405aa authored Dec 17, 2025 by Tapani Pälli Committed by Matthew Brost Dec 17, 2025

drm/xe: Fix NULL pointer dereference in xe_exec_ioctl



Helper function xe_sync_needs_wait expects sync->fence when accessing
flags, patch makes sure we call only when sync->fence exists.

v2: move null checking to xe_sync_needs_wait and make
    xe_sync_entry_wait utilize this helper (Matthew Auld)
v3: further simplify code (Matthew Auld)

Fixes NULL pointer dereference seen with Vulkan workloads:

[  118.410401] RIP: 0010:xe_sync_needs_wait+0x27/0x50 [xe]

Fixes: 4ac9048d ("drm/xe: Wait on in-syncs when swicthing to dma-fence mode")
Signed-off-by: Tapani Pälli <tapani.palli@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20251217132412.435755-1-tapani.palli@intel.com

parent 7b800ab1

drivers/gpu/drm/xe/xe_sync.c

+4 −6

Original line number	Diff line number	Diff line
		@@ -238,10 +238,8 @@ int xe_sync_entry_add_deps(struct xe_sync_entry sync, struct xe_sched_job job)
		*/
		int xe_sync_entry_wait(struct xe_sync_entry *sync)
		{
		if (sync->flags & DRM_XE_SYNC_FLAG_SIGNAL)
		return 0;

		return dma_fence_wait(sync->fence, true);
		return xe_sync_needs_wait(sync) ?
		dma_fence_wait(sync->fence, true) : 0;
		}

		/**
		@@ -252,7 +250,7 @@ int xe_sync_entry_wait(struct xe_sync_entry *sync)
		*/
		bool xe_sync_needs_wait(struct xe_sync_entry *sync)
		{
		return !(sync->flags & DRM_XE_SYNC_FLAG_SIGNAL) &&
		return sync->fence &&
		!test_bit(DMA_FENCE_FLAG_SIGNALED_BIT, &sync->fence->flags);
		}