All of lore.kernel.org
 help / color / mirror / Atom feed
* [bug report] drm/ttm: TTM fault handler helpers
@ 2019-06-27  7:51 Dan Carpenter
  0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2019-06-27  7:51 UTC (permalink / raw)
  To: thellstrom; +Cc: dri-devel

Hello Thomas Hellstrom,

This is a semi-automatic email about new static checker warnings.

The patch 7a39f35ce43f: "drm/ttm: TTM fault handler helpers" from Feb 
6, 2019, leads to the following Smatch complaint:

    drivers/gpu/drm/ttm/ttm_bo_vm.c:266 ttm_bo_vm_fault_reserved()
    error: we previously assumed 'bo->ttm' could be null (see line 204)

drivers/gpu/drm/ttm/ttm_bo_vm.c
   203		 */
   204		if (bo->ttm && (bo->ttm->page_flags & TTM_PAGE_FLAG_SG))
                    ^^^^^^^
Check for NULL.

   205			return VM_FAULT_SIGBUS;
   206	
   207		if (bdev->driver->fault_reserve_notify) {
   208			struct dma_fence *moving = dma_fence_get(bo->moving);
   209	
   210			err = bdev->driver->fault_reserve_notify(bo);
   211			switch (err) {
   212			case 0:
   213				break;
   214			case -EBUSY:
   215			case -ERESTARTSYS:
   216				return VM_FAULT_NOPAGE;
   217			default:
   218				return VM_FAULT_SIGBUS;
   219			}
   220	
   221			if (bo->moving != moving) {
   222				spin_lock(&bdev->glob->lru_lock);
   223				ttm_bo_move_to_lru_tail(bo, NULL);
   224				spin_unlock(&bdev->glob->lru_lock);
   225			}
   226			dma_fence_put(moving);
   227		}
   228	
   229		/*
   230		 * Wait for buffer data in transit, due to a pipelined
   231		 * move.
   232		 */
   233		ret = ttm_bo_vm_fault_idle(bo, vmf);
   234		if (unlikely(ret != 0))
   235			return ret;
   236	
   237		err = ttm_mem_io_lock(man, true);
   238		if (unlikely(err != 0))
   239			return VM_FAULT_NOPAGE;
   240		err = ttm_mem_io_reserve_vm(bo);
   241		if (unlikely(err != 0)) {
   242			ret = VM_FAULT_SIGBUS;
   243			goto out_io_unlock;
   244		}
   245	
   246		page_offset = ((address - vma->vm_start) >> PAGE_SHIFT) +
   247			vma->vm_pgoff - drm_vma_node_start(&bo->vma_node);
   248		page_last = vma_pages(vma) + vma->vm_pgoff -
   249			drm_vma_node_start(&bo->vma_node);
   250	
   251		if (unlikely(page_offset >= bo->num_pages)) {
   252			ret = VM_FAULT_SIGBUS;
   253			goto out_io_unlock;
   254		}
   255	
   256		cvma.vm_page_prot = ttm_io_prot(bo->mem.placement, prot);
   257		if (!bo->mem.bus.is_iomem) {
   258			struct ttm_operation_ctx ctx = {
   259				.interruptible = false,
   260				.no_wait_gpu = false,
   261				.flags = TTM_OPT_FLAG_FORCE_ALLOC
   262	
   263			};
   264	
   265			ttm = bo->ttm;
   266			if (ttm_tt_populate(bo->ttm, &ctx)) {
                                            ^^^^^^^
Unchecked dereference inside ttm_tt_populate() function.

   267				ret = VM_FAULT_OOM;
   268				goto out_io_unlock;

regards,
dan carpenter
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-06-27  7:51 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-27  7:51 [bug report] drm/ttm: TTM fault handler helpers Dan Carpenter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.