* [android-common:android-4.14-stable 22/22] drivers/gpu/drm/virtio/virtgpu_ioctl.c:647 virtio_gpu_resource_create_blob_ioctl() error: potential null dereference 'ents'. (kzalloc returns null)
@ 2020-08-26 4:49 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2020-08-26 4:49 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 10383 bytes --]
tree: https://android.googlesource.com/kernel/common android-4.14-stable
head: 4d701a3899580b291122ab7b147bc20981afd349
commit: 4d701a3899580b291122ab7b147bc20981afd349 [22/22] CHROMIUM: drm/virtio: rebase zero-copy patches to virgl/drm-misc-next
config: x86_64-randconfig-m001-20200826 (attached as .config)
compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
New smatch warnings:
drivers/gpu/drm/virtio/virtgpu_ioctl.c:647 virtio_gpu_resource_create_blob_ioctl() error: potential null dereference 'ents'. (kzalloc returns null)
drivers/gpu/drm/virtio/virtgpu_ioctl.c:694 virtio_gpu_resource_create_blob_ioctl() warn: possible memory leak of 'ents'
Old smatch warnings:
drivers/gpu/drm/virtio/virtgpu_ioctl.c:636 virtio_gpu_resource_create_blob_ioctl() error: we previously assumed 'obj->pages' could be null (see line 627)
drivers/gpu/drm/virtio/virtgpu_ioctl.c:661 virtio_gpu_resource_create_blob_ioctl() error: we previously assumed 'vfpriv' could be null (see line 606)
drivers/gpu/drm/virtio/virtgpu_ioctl.c:691 virtio_gpu_resource_create_blob_ioctl() error: uninitialized symbol 'buf'.
git remote add android-common https://android.googlesource.com/kernel/common
git fetch --no-tags android-common android-4.14-stable
git checkout 4d701a3899580b291122ab7b147bc20981afd349
vim +/ents +647 drivers/gpu/drm/virtio/virtgpu_ioctl.c
62fb7a5e10962ac Gerd Hoffmann 2014-10-28 583
4d701a3899580b2 Lingfeng Yang 2020-04-16 584 static int virtio_gpu_resource_create_blob_ioctl(struct drm_device *dev,
73738beaa7074cf Lingfeng Yang 2020-04-16 585 void *data, struct drm_file *file)
73738beaa7074cf Lingfeng Yang 2020-04-16 586 {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 587 void *buf;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 588 int ret, si, nents;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 589 uint32_t handle = 0;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 590 struct scatterlist *sg;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 591 struct virtio_gpu_object *obj;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 592 struct virtio_gpu_fence *fence;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 593 struct virtio_gpu_mem_entry *ents;
4d701a3899580b2 Lingfeng Yang 2020-04-16 594 struct drm_virtgpu_resource_create_blob *rc_blob = data;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 595 struct virtio_gpu_object_params params = { 0 };
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 596 struct virtio_gpu_device *vgdev = dev->dev_private;
4d701a3899580b2 Lingfeng Yang 2020-04-16 597 struct virtio_gpu_fpriv *vfpriv = file->driver_priv;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 598 bool use_dma_api = !virtio_has_iommu_quirk(vgdev->vdev);
4d701a3899580b2 Lingfeng Yang 2020-04-16 599 bool mappable = rc_blob->flags & VIRTGPU_RES_BLOB_USE_MAPPABLE;
4d701a3899580b2 Lingfeng Yang 2020-04-16 600 bool guest = rc_blob->flags & VIRTGPU_RES_BLOB_GUEST_MASK;
4d701a3899580b2 Lingfeng Yang 2020-04-16 601
4d701a3899580b2 Lingfeng Yang 2020-04-16 602 params.size = rc_blob->size;
4d701a3899580b2 Lingfeng Yang 2020-04-16 603 params.blob_flags = rc_blob->flags;
4d701a3899580b2 Lingfeng Yang 2020-04-16 604 params.blob = true;
4d701a3899580b2 Lingfeng Yang 2020-04-16 605
4d701a3899580b2 Lingfeng Yang 2020-04-16 606 if (rc_blob->cmd_size && vfpriv) {
4d701a3899580b2 Lingfeng Yang 2020-04-16 607 void *buf;
4d701a3899580b2 Lingfeng Yang 2020-04-16 608 void __user *cmd = u64_to_user_ptr(rc_blob->cmd);
4d701a3899580b2 Lingfeng Yang 2020-04-16 609
4d701a3899580b2 Lingfeng Yang 2020-04-16 610 buf = kzalloc(rc_blob->cmd_size, GFP_KERNEL);
4d701a3899580b2 Lingfeng Yang 2020-04-16 611 if (!buf)
4d701a3899580b2 Lingfeng Yang 2020-04-16 612 return -ENOMEM;
4d701a3899580b2 Lingfeng Yang 2020-04-16 613
4d701a3899580b2 Lingfeng Yang 2020-04-16 614 if (copy_from_user(buf, cmd, rc_blob->cmd_size)) {
4d701a3899580b2 Lingfeng Yang 2020-04-16 615 kfree(buf);
4d701a3899580b2 Lingfeng Yang 2020-04-16 616 return -EFAULT;
4d701a3899580b2 Lingfeng Yang 2020-04-16 617 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 618
4d701a3899580b2 Lingfeng Yang 2020-04-16 619 virtio_gpu_cmd_submit(vgdev, buf, rc_blob->cmd_size,
4d701a3899580b2 Lingfeng Yang 2020-04-16 620 vfpriv->ctx_id, NULL);
4d701a3899580b2 Lingfeng Yang 2020-04-16 621 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 622
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 623 obj = virtio_gpu_alloc_object(dev, ¶ms, NULL);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 624 if (IS_ERR(obj))
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 625 return PTR_ERR(obj);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 626
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 627 if (!obj->pages) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 628 ret = virtio_gpu_object_get_sg_table(vgdev, obj);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 629 if (ret)
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 630 goto err_free_obj;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 631 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 632
4d701a3899580b2 Lingfeng Yang 2020-04-16 633 if (!guest) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 634 nents = 0;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 635 } else if (use_dma_api) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 636 obj->mapped = dma_map_sg(vgdev->vdev->dev.parent,
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 637 obj->pages->sgl, obj->pages->nents,
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 638 DMA_TO_DEVICE);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 639 nents = obj->mapped;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 640 } else {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 641 nents = obj->pages->nents;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 642 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 643
4d701a3899580b2 Lingfeng Yang 2020-04-16 644 ents = kzalloc(nents * sizeof(struct virtio_gpu_mem_entry), GFP_KERNEL);
4d701a3899580b2 Lingfeng Yang 2020-04-16 645 if (guest) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 646 for_each_sg(obj->pages->sgl, sg, nents, si) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 @647 ents[si].addr = cpu_to_le64(use_dma_api
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 648 ? sg_dma_address(sg)
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 649 : sg_phys(sg));
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 650 ents[si].length = cpu_to_le32(sg->length);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 651 ents[si].padding = 0;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 652 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 653 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 654
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 655 fence = virtio_gpu_fence_alloc(vgdev);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 656 if (!fence) {
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 657 ret = -ENOMEM;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 658 goto err_free_buf;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 659 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 660
4d701a3899580b2 Lingfeng Yang 2020-04-16 661 virtio_gpu_cmd_resource_create_blob(vgdev, obj, vfpriv->ctx_id,
4d701a3899580b2 Lingfeng Yang 2020-04-16 662 rc_blob->flags, rc_blob->size,
4d701a3899580b2 Lingfeng Yang 2020-04-16 663 rc_blob->memory_id, nents,
4d701a3899580b2 Lingfeng Yang 2020-04-16 664 ents);
4d701a3899580b2 Lingfeng Yang 2020-04-16 665
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 666 ret = drm_gem_handle_create(file, &obj->gem_base, &handle);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 667 if (ret)
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 668 goto err_fence_put;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 669
4d701a3899580b2 Lingfeng Yang 2020-04-16 670 if (!guest && mappable) {
4d701a3899580b2 Lingfeng Yang 2020-04-16 671 virtio_gpu_cmd_map(vgdev, obj, obj->tbo.offset, fence);
4d701a3899580b2 Lingfeng Yang 2020-04-16 672 }
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 673
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 674 /*
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 675 * No need to call virtio_gpu_object_reserve since the buffer is not
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 676 * being used for ttm validation and no other processes can access
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 677 * the reservation object at this point.
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 678 */
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 679 reservation_object_add_excl_fence(obj->tbo.resv, &fence->f);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 680
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 681 dma_fence_put(&fence->f);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 682 drm_gem_object_put_unlocked(&obj->gem_base);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 683
4d701a3899580b2 Lingfeng Yang 2020-04-16 684 rc_blob->res_handle = obj->hw_res_handle;
4d701a3899580b2 Lingfeng Yang 2020-04-16 685 rc_blob->bo_handle = handle;
73738beaa7074cf Lingfeng Yang 2020-04-16 686 return 0;
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 687
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 688 err_fence_put:
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 689 dma_fence_put(&fence->f);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 690 err_free_buf:
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 691 kfree(buf);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 692 err_free_obj:
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 693 drm_gem_object_release(&obj->gem_base);
dc92d4ac179f5e6 Lingfeng Yang 2020-04-16 @694 return ret;
73738beaa7074cf Lingfeng Yang 2020-04-16 695 }
73738beaa7074cf Lingfeng Yang 2020-04-16 696
:::::: The code at line 647 was first introduced by commit
:::::: dc92d4ac179f5e6a766616af82827e6c0a17d276 CHROMIUM: drm/virtgpu: implement DRM_VIRTGPU_RESOURCE_CREATE_V2
:::::: TO: Lingfeng Yang <lfy@google.com>
:::::: CC: Alistair Delva <adelva@google.com>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 34902 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-08-26 4:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-26 4:49 [android-common:android-4.14-stable 22/22] drivers/gpu/drm/virtio/virtgpu_ioctl.c:647 virtio_gpu_resource_create_blob_ioctl() error: potential null dereference 'ents'. (kzalloc returns null) kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.