From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id D58EEC7618A for ; Mon, 20 Mar 2023 09:26:15 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 29C9F10E2B2; Mon, 20 Mar 2023 09:26:15 +0000 (UTC) Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by gabe.freedesktop.org (Postfix) with ESMTPS id 78ABF10E2B2 for ; Mon, 20 Mar 2023 09:26:12 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EAF1CB80D5F; Mon, 20 Mar 2023 09:26:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 461F2C433EF; Mon, 20 Mar 2023 09:26:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1679304369; bh=ppcFMj3bgdIj43dRADP4UG6fFiX/LYz2G2VeP56xK+g=; h=Subject:To:Cc:From:Date:From; b=QTW1oMcP+dy0EA5BXSiHledKmN/uHo3YVMOBygrFPw3mX2LNlHI4D/qScrzbGXfNL AE/gCvFyhJj1Y3velcryGnh/FpQgxEleEhFwkdL42oKwaJhhtK+8ugw/3Jt6Ol2txO pctZdil2QjUsWPnmev419vmknHzKPdLkd64amw9Q= Subject: Patch "drm/ttm: Fix a NULL pointer dereference" has been added to the 6.2-stable tree To: Arunpravin.PaneerSelvam@amd.com, Felix.Kuehling@amd.com, Philip.Yang@amd.com, alexander.deucher@amd.com, anshuman.gupta@intel.com, christian.koenig@amd.com, daniel.vetter@ffwll.ch, dri-devel@lists.freedesktop.org, gregkh@linuxfoundation.org, matthew.auld@intel.com, nirmoy.das@intel.com, qiang.yu@amd.com, ray.huang@amd.com, thomas.hellstrom@linux.intel.com, tvrtko.ursulin@intel.com From: Date: Mon, 20 Mar 2023 10:25:59 +0100 Message-ID: <167930435953182@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: stable-commits@vger.kernel.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" This is a note to let you know that I've just added the patch titled drm/ttm: Fix a NULL pointer dereference to the 6.2-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-ttm-fix-a-null-pointer-dereference.patch and it can be found in the queue-6.2 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 9a9a8fe26751334b7739193a94eba741073b8a55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Hellstr=C3=B6m?= Date: Tue, 7 Mar 2023 15:46:15 +0100 Subject: drm/ttm: Fix a NULL pointer dereference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Thomas Hellström commit 9a9a8fe26751334b7739193a94eba741073b8a55 upstream. The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res->bo assignment is protected by the LRU lock, whereas bo->resource is protected by the object lock, while *clearing* of bo->resource is also protected by the LRU lock. This means that if we check that bo->resource points to the LRU resource under the LRU lock we should be safe. So perform that check before deciding to swap out a bo. That avoids dereferencing a NULL bo->resource in ttm_bo_swapout(). Fixes: 6a9b02899402 ("drm/ttm: move the LRU into resource handling v4") Cc: Christian König Cc: Daniel Vetter Cc: Christian Koenig Cc: Huang Rui Cc: Alex Deucher Cc: Felix Kuehling Cc: Philip Yang Cc: Qiang Yu Cc: Matthew Auld Cc: Nirmoy Das Cc: Tvrtko Ursulin Cc: "Thomas Hellström" Cc: Anshuman Gupta Cc: Arunpravin Paneer Selvam Cc: dri-devel@lists.freedesktop.org Cc: # v5.19+ Signed-off-by: Thomas Hellström Reviewed-by: Christian König Link: https://patchwork.freedesktop.org/patch/msgid/20230307144621.10748-2-thomas.hellstrom@linux.intel.com Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/ttm/ttm_device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/gpu/drm/ttm/ttm_device.c +++ b/drivers/gpu/drm/ttm/ttm_device.c @@ -158,7 +158,7 @@ int ttm_device_swapout(struct ttm_device struct ttm_buffer_object *bo = res->bo; uint32_t num_pages; - if (!bo) + if (!bo || bo->resource != res) continue; num_pages = PFN_UP(bo->base.size); Patches currently in stable-queue which might be from thomas.hellstrom@linux.intel.com are queue-6.2/drm-ttm-fix-a-null-pointer-dereference.patch