[bug report] drm/ttm: Fix dummy res NULL ptr deref bug

Christian König christian.koenig at amd.com
Sun Aug 14 17:50:26 UTC 2022 

Am 14.08.22 um 08:00 schrieb Arunpravin Paneer Selvam:
> Hi Dan,
>
> On 8/11/2022 5:26 PM, Dan Carpenter wrote:
>> On Thu, Aug 11, 2022 at 04:36:33PM +0530, Arunpravin Paneer Selvam 
>> wrote:
>>> Hi Dan,
>>>
>>> drm-misc-fixes doesn't have the updated ttm_bo.c file, we have the 
>>> updated
>>> ttm_bo.c version in
>>> drm-misc-next branch. Please find below for the line number 907.
>>>
>>> On 8/11/2022 3:25 PM, Dan Carpenter wrote:
>>>> Hello Arunpravin Paneer Selvam,
>>>>
>>>> This is a semi-automatic email about new static checker warnings.
>>>>
>>>> The patch cf4b7387c0a8: "drm/ttm: Fix dummy res NULL ptr deref bug"
>>>> from Aug 9, 2022, leads to the following Smatch complaint:
>>>>
>>>>       drivers/gpu/drm/ttm/ttm_bo.c:915 ttm_bo_validate()
>>>>       warn: variable dereferenced before check 'bo->resource' (see 
>>>> line 907)
>>>>
>>>> drivers/gpu/drm/ttm/ttm_bo.c
>>>>      906         */
>>>>      907        if (!ttm_resource_compat(bo->resource, placement)) {
>>>>                                            ^^^^^^^^^^^^
>>>> Unchecked dereference here inside the function.
>>> |if (!bo->resource || !ttm_resource_compat(bo->resource, placement)) 
>>> { we
>>> have this version in drm-misc-next Regards, Arun |
>>>
>> Huh...  That's very interesting.  It appears there was a bug in
>> drm-misc-next, we applied the fix to the wrong tree, and now both trees
>> are wrong.  The drm-misc-next tree still has the bug and the other tree
>> has a static checker warning about nonsensical NULL checks.
>>
>> Eventually drm-misc-next will get merged and everything will work.  Is
>> it too late to remove the bogus "CC: stable at vger.kernel.org"?
> I will look into this problem.

Mhm, if I'm not completely mistaken the "CC: stable at vger.kernel.org" is 
actually correct, we just need to limit to which version it applies.

>> This could have been avoided if the NULL dereference fix had a Fixes 
>> tag.
> I should have added the below tag
> Fixes: 347987a2cf0d ("drm/ttm: rename and cleanup ttm_bo_init")

WAIT! That's not the correct one. This patch just made the problem more 
obvious.

The real one is bfa3357ef9ab drm/ttm: allocate resource object instead 
of embedding it v2

Regards,
Christian.

>
> I will check on this.
>
> Thanks,
> Arun
>>
>> regards,
>> dan carpenter
>>
>

More information about the dri-devel mailing list