[PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()

Julia Lawall julia.lawall at inria.fr
Mon Sep 30 16:16:04 UTC 2024



On Mon, 30 Sep 2024, Boris Brezillon wrote:

> The group variable can't be used to retrieve ptdev in our second loop,
> because it might be uninitialized or point to a group that's already
> gone. Get the ptdev object from the scheduler instead.

Won't it always be pointing to some random place above the list_head at
the start of the list in the last element of the array?

julia

>
> Fixes: d72f049087d4 ("drm/panthor: Allow driver compilation")
> Reported-by: kernel test robot <lkp at intel.com>
> Reported-by: Julia Lawall <julia.lawall at inria.fr>
> Closes: https://lore.kernel.org/r/202409302306.UDikqa03-lkp@intel.com/
> Signed-off-by: Boris Brezillon <boris.brezillon at collabora.com>
> ---
>  drivers/gpu/drm/panthor/panthor_sched.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c
> index 201d5e7a921e..24ff91c084e4 100644
> --- a/drivers/gpu/drm/panthor/panthor_sched.c
> +++ b/drivers/gpu/drm/panthor/panthor_sched.c
> @@ -2052,6 +2052,7 @@ static void
>  tick_ctx_cleanup(struct panthor_scheduler *sched,
>  		 struct panthor_sched_tick_ctx *ctx)
>  {
> +	struct panthor_device *ptdev = sched->ptdev;
>  	struct panthor_group *group, *tmp;
>  	u32 i;
>
> @@ -2060,7 +2061,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
>  			/* If everything went fine, we should only have groups
>  			 * to be terminated in the old_groups lists.
>  			 */
> -			drm_WARN_ON(&group->ptdev->base, !ctx->csg_upd_failed_mask &&
> +			drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask &&
>  				    group_can_run(group));
>
>  			if (!group_can_run(group)) {
> @@ -2083,7 +2084,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
>  		/* If everything went fine, the groups to schedule lists should
>  		 * be empty.
>  		 */
> -		drm_WARN_ON(&group->ptdev->base,
> +		drm_WARN_ON(&ptdev->base,
>  			    !ctx->csg_upd_failed_mask && !list_empty(&ctx->groups[i]));
>
>  		list_for_each_entry_safe(group, tmp, &ctx->groups[i], run_node) {
> --
> 2.46.0
>
>


More information about the dri-devel mailing list