[BUG, regression] Dereferencing of NULL pointer in radeon_mn_unregister()
Petr Cvek
petrcvekcz at gmail.com
Sun Sep 1 15:48:36 UTC 2019
Dne 01. 09. 19 v 16:04 Jason Gunthorpe napsal(a):
> On Sun, Sep 01, 2019 at 11:38:10AM +0200, Petr Cvek wrote:
>
>> The code is:
>>
>> struct radeon_mn *rmn = bo->mn;
>> ...
>> mutex_lock(&rmn->lock); //<-crash
>>
>> A quick assert proves the bo->mn returns NULL. The code worked in
>> 4.19-rc and it seems the problematic patch is
>
> Hum, the code went away because the locking protecting that variable
> went away.. It means the caller is not careful to pair register and
> unregister.
>
>> drm/radeon: use mmu_notifier_get/put for struct radeon_mn
>>
>> as it removes the NULL check.
>>
>> Forcing -ENODEV in the register funtion (and immediate return in
>> unregister as without CONFIG_MMU_NOTIFIER) works.
>
> Is just adding a
>
> if (!rmn)
> retrun
>
> To the top of radeon_mn_unregister enough to fix it?
Yeah it seems to work. A further test with minetest works too.
Petr
>
> Jason
>
More information about the amd-gfx
mailing list