[bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem
Thomas Hellström
thomas.hellstrom at linux.intel.com
Wed Apr 13 11:42:19 UTC 2022
Hello Dan Carpenter.
Thanks for the report.
On 4/13/22 13:11, Dan Carpenter wrote:
> Hello Thomas Hellström,
>
> The patch 3bf3710e3718: "drm/ttm: Add a generic TTM memcpy move for
> page-based iomem" from Jun 2, 2021, leads to the following Smatch
> static checker warning:
>
> ./include/drm/ttm/ttm_bo_driver.h:259 ttm_bo_move_sync_cleanup()
> error: NULL dereference inside function 'ttm_bo_move_accel_cleanup()'
>
> ./include/drm/ttm/ttm_bo_driver.h
> 256 static inline void ttm_bo_move_sync_cleanup(struct ttm_buffer_object *bo,
> 257 struct ttm_resource *new_mem)
> 258 {
> --> 259 int ret = ttm_bo_move_accel_cleanup(bo, NULL, true, false, new_mem);
> ^^^^
> Passing a NULL for "fence" will crash. The first place where it will
> crash is in dma_resv_add_fence() where it does:
Indeed, and this has been discussed thoroughly on dri-devel lately. The
bug was introduced in a recent patch that made NULL pointers here crash.
Not the patch indicated.
Thanks,
Thomas
>
> WARN_ON(dma_fence_is_container(fence));
>
> 260
> 261 WARN_ON(ret);
> 262 }
>
> regards,
> dan carpenter
More information about the dri-devel
mailing list