dma-buf: handle empty dma_fence_arrays gracefully

A bug inside the new sync-file merge code created empty dma_fence_array instances.

Warn about that and handle those without crashing.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20220329070001.134180-2-christian.koenig@amd.com

diff --git a/drivers/dma-buf/dma-fence-array.c b/drivers/dma-buf/dma-fence-array.c
index 52b85d29238392e4b00ca4f2b6e113f4857fb173..5c8a7084577b547799890b8b75905d27e8622f96 100644 (file)
--- a/drivers/dma-buf/dma-fence-array.c
+++ b/drivers/dma-buf/dma-fence-array.c
@@ -159,6 +159,8 @@ struct dma_fence_array *dma_fence_array_create(int num_fences,
        struct dma_fence_array *array;
        size_t size = sizeof(*array);
 
+       WARN_ON(!num_fences || !fences);
+
        /* Allocate the callback structures behind the array. */
        size += num_fences * sizeof(struct dma_fence_array_cb);
        array = kzalloc(size, GFP_KERNEL);
@@ -231,6 +233,9 @@ struct dma_fence *dma_fence_array_first(struct dma_fence *head)
        if (!array)
                return head;
 
+       if (!array->num_fences)
+               return NULL;
+
        return array->fences[0];
 }
 EXPORT_SYMBOL(dma_fence_array_first);