[bug report] drm/ttm: fix re-init of global structures
Dan Carpenter
dan.carpenter at oracle.com
Tue Feb 4 14:24:58 UTC 2020
On Tue, Feb 04, 2020 at 03:03:43PM +0100, Christian König wrote:
> Am 04.02.20 um 13:57 schrieb Dan Carpenter:
> > Hello Christian König,
> >
> > The patch bd4264112f93: "drm/ttm: fix re-init of global structures"
> > from Apr 16, 2019, leads to the following static checker warning:
> >
> > drivers/gpu/drm/ttm/ttm_bo.c:1610 ttm_bo_global_release()
> > warn: passing freed memory 'glob'
> >
> > drivers/gpu/drm/ttm/ttm_bo.c
> > 1591 static void ttm_bo_global_kobj_release(struct kobject *kobj)
> > 1592 {
> > 1593 struct ttm_bo_global *glob =
> > 1594 container_of(kobj, struct ttm_bo_global, kobj);
> > 1595
> > 1596 __free_page(glob->dummy_read_page);
> > 1597 }
> > 1598
> > 1599 static void ttm_bo_global_release(void)
> > 1600 {
> > 1601 struct ttm_bo_global *glob = &ttm_bo_glob;
> > 1602
> > 1603 mutex_lock(&ttm_global_mutex);
> > 1604 if (--ttm_bo_glob_use_count > 0)
> > 1605 goto out;
> > 1606
> > 1607 kobject_del(&glob->kobj);
> > 1608 kobject_put(&glob->kobj);
> > 1609 ttm_mem_global_release(&ttm_mem_glob);
> > 1610 memset(glob, 0, sizeof(*glob));
> > ^^^^^^^^^^^^^^^^^^^^^^
> > Depending on the config kobject_release() might call ttm_bo_global_kobj_release()
> > a few seconds after this memset. Maybe put the memset into
> > ttm_bo_global_kobj_release()?
>
> That's not possible. The object might be re-used directly after we drop the
> ttm_global_mutex.
>
Hm... That sucks. If we reallocate glob->dummy_read_page before the
ttm_bo_global_kobj_release() gets called then we're toasted.
> How can we wait for the ttm_mem_global_release() to have finished?
>
A bunch of these release functions use a completion. But you probably
don't want a four second delay before we can re-use the struct.
regards,
dan carpenter
More information about the dri-devel
mailing list