On 2/24/26 09:24, Sunil Khatri wrote:
> In case num_read_bo_handles or num_write_bo_handles is zero the ptrs
> remain uninitialized and during free cause a fault. So to handle such
> cases we better set the gobj_read and gobj_write to NULL.
Mhm, that doesn't sounds correct to me.
When count is zero drm_gem_objects_lookup() sets the resulting pointer to NULL:
int drm_gem_objects_lookup(struct drm_file *filp, void __user *bo_handles,
int count, struct drm_gem_object ***objs_out)
{
struct drm_gem_object **objs;
u32 *handles;
int ret;
*objs_out = NULL;
if (!count)
return 0;
But could be that this was only added by Srinis patch and previously we didn't
do that correctly.
Regards,
Christian.
>
> Fixes: 3cf117572294 ("drm/amdgpu/userq: Use drm_gem_objects_lookup in
> amdgpu_userq_signal_ioctl")
> Signed-off-by: Sunil Khatri <[email protected]>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> index 18e77b61b201..e53e14e3bf2d 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
> @@ -465,7 +465,7 @@ int amdgpu_userq_signal_ioctl(struct drm_device *dev,
> void *data,
> const unsigned int num_read_bo_handles = args->num_bo_read_handles;
> struct amdgpu_fpriv *fpriv = filp->driver_priv;
> struct amdgpu_userq_mgr *userq_mgr = &fpriv->userq_mgr;
> - struct drm_gem_object **gobj_write, **gobj_read;
> + struct drm_gem_object **gobj_write = NULL, **gobj_read = NULL;
> u32 *syncobj_handles, num_syncobj_handles;
> struct amdgpu_userq_fence *userq_fence;
> struct amdgpu_usermode_queue *queue;
