[bug report] drm/xe: Perform dma_map when moving system buffer objects to TT

Dan Carpenter dan.carpenter at linaro.org
Sat Jun 8 14:21:50 UTC 2024


Hello Thomas Hellström,

Commit 75521e8b56e8 ("drm/xe: Perform dma_map when moving system
buffer objects to TT") from May 2, 2024 (linux-next), leads to the
following Smatch static checker warning:

	drivers/gpu/drm/xe/xe_bo.c:672 xe_bo_move()
	error: we previously assumed 'ttm' could be null (see line 669)

drivers/gpu/drm/xe/xe_bo.c
    627 static int xe_bo_move(struct ttm_buffer_object *ttm_bo, bool evict,
    628                       struct ttm_operation_ctx *ctx,
    629                       struct ttm_resource *new_mem,
    630                       struct ttm_place *hop)
    631 {
    632         struct xe_device *xe = ttm_to_xe_device(ttm_bo->bdev);
    633         struct xe_bo *bo = ttm_to_xe_bo(ttm_bo);
    634         struct ttm_resource *old_mem = ttm_bo->resource;
    635         u32 old_mem_type = old_mem ? old_mem->mem_type : XE_PL_SYSTEM;
    636         struct ttm_tt *ttm = ttm_bo->ttm;
    637         struct xe_migrate *migrate = NULL;
    638         struct dma_fence *fence;
    639         bool move_lacks_source;
    640         bool tt_has_data;
    641         bool needs_clear;
    642         bool handle_system_ccs = (!IS_DGFX(xe) && xe_bo_needs_ccs_pages(bo) &&
    643                                   ttm && ttm_tt_is_populated(ttm)) ? true : false;
    644         int ret = 0;
    645 
    646         /* Bo creation path, moving to system or TT. */
    647         if ((!old_mem && ttm) && !handle_system_ccs) {
    648                 if (new_mem->mem_type == XE_PL_TT)
    649                         ret = xe_tt_map_sg(ttm);
    650                 if (!ret)
    651                         ttm_bo_move_null(ttm_bo, new_mem);
    652                 goto out;
    653         }
    654 
    655         if (ttm_bo->type == ttm_bo_type_sg) {
    656                 ret = xe_bo_move_notify(bo, ctx);
    657                 if (!ret)
    658                         ret = xe_bo_move_dmabuf(ttm_bo, new_mem);
    659                 return ret;
    660         }
    661 
    662         tt_has_data = ttm && (ttm_tt_is_populated(ttm) ||
    663                               (ttm->page_flags & TTM_TT_FLAG_SWAPPED));
    664 
    665         move_lacks_source = handle_system_ccs ? (!bo->ccs_cleared)  :
    666                                                 (!mem_type_is_vram(old_mem_type) && !tt_has_data);
    667 
    668         needs_clear = (ttm && ttm->page_flags & TTM_TT_FLAG_ZERO_ALLOC) ||
    669                 (!ttm && ttm_bo->type == ttm_bo_type_device);
                         ^^^^
Can ttm be NULL?

    670 
    671         if (new_mem->mem_type == XE_PL_TT) {
--> 672                 ret = xe_tt_map_sg(ttm);
                                           ^^^
The patch adds an unchecked dereference.  I suspect the NULL check can
be removed but I don't know.

    673                 if (ret)
    674                         goto out;
    675         }
    676 
    677         if ((move_lacks_source && !needs_clear)) {
    678                 ttm_bo_move_null(ttm_bo, new_mem);
    679                 goto out;
    680         }
    681 
    682         if (old_mem_type == XE_PL_SYSTEM && new_mem->mem_type == XE_PL_TT && !handle_system_ccs) {
    683                 ttm_bo_move_null(ttm_bo, new_mem);
    684                 goto out;
    685         }
    686 
    687         /*

regards,
dan carpenter


More information about the Intel-xe mailing list