__sg_next() returns NULL if the input sg entry is the last entry in the list. Check the return pointer from __sg_next() to prevent NULL pointer dereference.
Cc: Matthew Auld <[email protected]> Cc: Thomas Hellström <[email protected]> Signed-off-by: Harish Chegondi <[email protected]> --- drivers/gpu/drm/i915/i915_scatterlist.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/gpu/drm/i915/i915_scatterlist.c b/drivers/gpu/drm/i915/i915_scatterlist.c index 41f2adb6a583..da9322c5d5f7 100644 --- a/drivers/gpu/drm/i915/i915_scatterlist.c +++ b/drivers/gpu/drm/i915/i915_scatterlist.c @@ -112,6 +112,11 @@ struct i915_refct_sgt *i915_rsgt_from_mm_node(const struct drm_mm_node *node, if (st->nents) sg = __sg_next(sg); + if (!sg) { + sg_free_table(st); + i915_refct_sgt_put(rsgt); + return ERR_PTR(-EFAULT); + } sg_dma_address(sg) = region_start + offset; sg_dma_len(sg) = 0; sg->length = 0; @@ -191,6 +196,11 @@ struct i915_refct_sgt *i915_rsgt_from_buddy_resource(struct ttm_resource *res, if (st->nents) sg = __sg_next(sg); + if (!sg) { + sg_free_table(st); + i915_refct_sgt_put(rsgt); + return ERR_PTR(-EFAULT); + } sg_dma_address(sg) = region_start + offset; sg_dma_len(sg) = 0; sg->length = 0; -- 2.31.1
