[bug report] 'drm/xe/hw_engine_group: Register hw engine group's exec queues
Dan Carpenter
dan.carpenter at linaro.org
Tue Aug 20 13:27:22 UTC 2024
Hello Francois Dugast,
Commit 7970cb36966c ("'drm/xe/hw_engine_group: Register hw engine
group's exec queues") from Aug 9, 2024 (linux-next), leads to the
following Smatch static checker warning:
drivers/gpu/drm/xe/xe_device.c:171 xe_file_close() error: we previously assumed 'q->vm' could be null (see line 169)
drivers/gpu/drm/xe/xe_exec_queue.c:649 xe_exec_queue_create_ioctl() error: we previously assumed 'q->vm' could be null (see line 630)
drivers/gpu/drm/xe/xe_exec_queue.c:829 xe_exec_queue_destroy_ioctl() error: we previously assumed 'q->vm' could be null (see line 826)
drivers/gpu/drm/xe/xe_device.c
152 static void xe_file_close(struct drm_device *dev, struct drm_file *file)
153 {
154 struct xe_device *xe = to_xe_device(dev);
155 struct xe_file *xef = file->driver_priv;
156 struct xe_vm *vm;
157 struct xe_exec_queue *q;
158 unsigned long idx;
159
160 xe_pm_runtime_get(xe);
161
162 /*
163 * No need for exec_queue.lock here as there is no contention for it
164 * when FD is closing as IOCTLs presumably can't be modifying the
165 * xarray. Taking exec_queue.lock here causes undue dependency on
166 * vm->lock taken during xe_exec_queue_kill().
167 */
168 xa_for_each(&xef->exec_queue.xa, idx, q) {
169 if (q->vm && q->hwe->hw_engine_group)
^^^^^
The commit adds a NULL check but if q->vm is NULL
170 xe_hw_engine_group_del_exec_queue(q->hwe->hw_engine_group, q);
--> 171 xe_exec_queue_kill(q);
^
Then this function call will lead to a crash. The other warnings are basically
the same.
172 xe_exec_queue_put(q);
173 }
174 mutex_lock(&xef->vm.lock);
175 xa_for_each(&xef->vm.xa, idx, vm)
176 xe_vm_close_and_put(vm);
177 mutex_unlock(&xef->vm.lock);
178
179 xe_file_put(xef);
180
181 xe_pm_runtime_put(xe);
182 }
regards,
dan carpenter
More information about the Intel-xe
mailing list