From: Christian König <christian.koenig@amd.com>
Date: Fri, 25 Mar 2022 15:38:54 +0000 (+0100)
Subject: dma-buf: handle empty dma_fence_arrays gracefully
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=c42ee39c1e78224d3a81bdbe0600abe4581226ed;p=linux.git

dma-buf: handle empty dma_fence_arrays gracefully

A bug inside the new sync-file merge code created empty dma_fence_array instances.

Warn about that and handle those without crashing.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220329070001.134180-2-christian.koenig@amd.com
---

diff --git a/drivers/dma-buf/dma-fence-array.c b/drivers/dma-buf/dma-fence-array.c
index 52b85d2923839..5c8a7084577b5 100644
--- a/drivers/dma-buf/dma-fence-array.c
+++ b/drivers/dma-buf/dma-fence-array.c
@@ -159,6 +159,8 @@ struct dma_fence_array *dma_fence_array_create(int num_fences,
 	struct dma_fence_array *array;
 	size_t size = sizeof(*array);
 
+	WARN_ON(!num_fences || !fences);
+
 	/* Allocate the callback structures behind the array. */
 	size += num_fences * sizeof(struct dma_fence_array_cb);
 	array = kzalloc(size, GFP_KERNEL);
@@ -231,6 +233,9 @@ struct dma_fence *dma_fence_array_first(struct dma_fence *head)
 	if (!array)
 		return head;
 
+	if (!array->num_fences)
+		return NULL;
+
 	return array->fences[0];
 }
 EXPORT_SYMBOL(dma_fence_array_first);