dri-devel.lists.freedesktop.org archive mirror
 help / color / mirror / Atom feed
* [bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem
@ 2022-04-13 11:11 Dan Carpenter
  2022-04-13 11:42 ` Thomas Hellström
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2022-04-13 11:11 UTC (permalink / raw)
  To: thomas.hellstrom; +Cc: dri-devel

Hello Thomas Hellström,

The patch 3bf3710e3718: "drm/ttm: Add a generic TTM memcpy move for
page-based iomem" from Jun 2, 2021, leads to the following Smatch
static checker warning:

	./include/drm/ttm/ttm_bo_driver.h:259 ttm_bo_move_sync_cleanup()
	error: NULL dereference inside function 'ttm_bo_move_accel_cleanup()'

./include/drm/ttm/ttm_bo_driver.h
    256 static inline void ttm_bo_move_sync_cleanup(struct ttm_buffer_object *bo,
    257                                             struct ttm_resource *new_mem)
    258 {
--> 259         int ret = ttm_bo_move_accel_cleanup(bo, NULL, true, false, new_mem);
                                                        ^^^^
Passing a NULL for "fence" will crash.  The first place where it will
crash is in dma_resv_add_fence() where it does:

	WARN_ON(dma_fence_is_container(fence));

    260 
    261         WARN_ON(ret);
    262 }

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem
  2022-04-13 11:11 [bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem Dan Carpenter
@ 2022-04-13 11:42 ` Thomas Hellström
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Hellström @ 2022-04-13 11:42 UTC (permalink / raw)
  To: Dan Carpenter; +Cc: dri-devel

Hello Dan Carpenter.

Thanks for the report.

On 4/13/22 13:11, Dan Carpenter wrote:
> Hello Thomas Hellström,
>
> The patch 3bf3710e3718: "drm/ttm: Add a generic TTM memcpy move for
> page-based iomem" from Jun 2, 2021, leads to the following Smatch
> static checker warning:
>
> 	./include/drm/ttm/ttm_bo_driver.h:259 ttm_bo_move_sync_cleanup()
> 	error: NULL dereference inside function 'ttm_bo_move_accel_cleanup()'
>
> ./include/drm/ttm/ttm_bo_driver.h
>      256 static inline void ttm_bo_move_sync_cleanup(struct ttm_buffer_object *bo,
>      257                                             struct ttm_resource *new_mem)
>      258 {
> --> 259         int ret = ttm_bo_move_accel_cleanup(bo, NULL, true, false, new_mem);
>                                                          ^^^^
> Passing a NULL for "fence" will crash.  The first place where it will
> crash is in dma_resv_add_fence() where it does:

Indeed, and this has been discussed thoroughly on dri-devel lately. The 
bug was introduced in a recent patch that made NULL pointers here crash. 
Not the patch indicated.

Thanks,

Thomas



>
> 	WARN_ON(dma_fence_is_container(fence));
>
>      260
>      261         WARN_ON(ret);
>      262 }
>
> regards,
> dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-13 11:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-13 11:11 [bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem Dan Carpenter
2022-04-13 11:42 ` Thomas Hellström

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).