* [PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()
@ 2024-09-30 16:11 Boris Brezillon
2024-09-30 16:16 ` Julia Lawall
0 siblings, 1 reply; 3+ messages in thread
From: Boris Brezillon @ 2024-09-30 16:11 UTC (permalink / raw)
To: Boris Brezillon, Steven Price, Liviu Dudau, Adrián Larumbe
Cc: dri-devel, Julia Lawall, kernel, kernel test robot
The group variable can't be used to retrieve ptdev in our second loop,
because it might be uninitialized or point to a group that's already
gone. Get the ptdev object from the scheduler instead.
Fixes: d72f049087d4 ("drm/panthor: Allow driver compilation")
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@inria.fr>
Closes: https://lore.kernel.org/r/202409302306.UDikqa03-lkp@intel.com/
Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
---
drivers/gpu/drm/panthor/panthor_sched.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c
index 201d5e7a921e..24ff91c084e4 100644
--- a/drivers/gpu/drm/panthor/panthor_sched.c
+++ b/drivers/gpu/drm/panthor/panthor_sched.c
@@ -2052,6 +2052,7 @@ static void
tick_ctx_cleanup(struct panthor_scheduler *sched,
struct panthor_sched_tick_ctx *ctx)
{
+ struct panthor_device *ptdev = sched->ptdev;
struct panthor_group *group, *tmp;
u32 i;
@@ -2060,7 +2061,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
/* If everything went fine, we should only have groups
* to be terminated in the old_groups lists.
*/
- drm_WARN_ON(&group->ptdev->base, !ctx->csg_upd_failed_mask &&
+ drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask &&
group_can_run(group));
if (!group_can_run(group)) {
@@ -2083,7 +2084,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
/* If everything went fine, the groups to schedule lists should
* be empty.
*/
- drm_WARN_ON(&group->ptdev->base,
+ drm_WARN_ON(&ptdev->base,
!ctx->csg_upd_failed_mask && !list_empty(&ctx->groups[i]));
list_for_each_entry_safe(group, tmp, &ctx->groups[i], run_node) {
--
2.46.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()
2024-09-30 16:11 [PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() Boris Brezillon
@ 2024-09-30 16:16 ` Julia Lawall
2024-09-30 16:31 ` Boris Brezillon
0 siblings, 1 reply; 3+ messages in thread
From: Julia Lawall @ 2024-09-30 16:16 UTC (permalink / raw)
To: Boris Brezillon
Cc: Steven Price, Liviu Dudau, Adrián Larumbe, dri-devel, kernel,
kernel test robot
On Mon, 30 Sep 2024, Boris Brezillon wrote:
> The group variable can't be used to retrieve ptdev in our second loop,
> because it might be uninitialized or point to a group that's already
> gone. Get the ptdev object from the scheduler instead.
Won't it always be pointing to some random place above the list_head at
the start of the list in the last element of the array?
julia
>
> Fixes: d72f049087d4 ("drm/panthor: Allow driver compilation")
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Julia Lawall <julia.lawall@inria.fr>
> Closes: https://lore.kernel.org/r/202409302306.UDikqa03-lkp@intel.com/
> Signed-off-by: Boris Brezillon <boris.brezillon@collabora.com>
> ---
> drivers/gpu/drm/panthor/panthor_sched.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c
> index 201d5e7a921e..24ff91c084e4 100644
> --- a/drivers/gpu/drm/panthor/panthor_sched.c
> +++ b/drivers/gpu/drm/panthor/panthor_sched.c
> @@ -2052,6 +2052,7 @@ static void
> tick_ctx_cleanup(struct panthor_scheduler *sched,
> struct panthor_sched_tick_ctx *ctx)
> {
> + struct panthor_device *ptdev = sched->ptdev;
> struct panthor_group *group, *tmp;
> u32 i;
>
> @@ -2060,7 +2061,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
> /* If everything went fine, we should only have groups
> * to be terminated in the old_groups lists.
> */
> - drm_WARN_ON(&group->ptdev->base, !ctx->csg_upd_failed_mask &&
> + drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask &&
> group_can_run(group));
>
> if (!group_can_run(group)) {
> @@ -2083,7 +2084,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched,
> /* If everything went fine, the groups to schedule lists should
> * be empty.
> */
> - drm_WARN_ON(&group->ptdev->base,
> + drm_WARN_ON(&ptdev->base,
> !ctx->csg_upd_failed_mask && !list_empty(&ctx->groups[i]));
>
> list_for_each_entry_safe(group, tmp, &ctx->groups[i], run_node) {
> --
> 2.46.0
>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()
2024-09-30 16:16 ` Julia Lawall
@ 2024-09-30 16:31 ` Boris Brezillon
0 siblings, 0 replies; 3+ messages in thread
From: Boris Brezillon @ 2024-09-30 16:31 UTC (permalink / raw)
To: Julia Lawall
Cc: Steven Price, Liviu Dudau, Adrián Larumbe, dri-devel, kernel,
kernel test robot
On Mon, 30 Sep 2024 18:16:04 +0200 (CEST)
Julia Lawall <julia.lawall@inria.fr> wrote:
> On Mon, 30 Sep 2024, Boris Brezillon wrote:
>
> > The group variable can't be used to retrieve ptdev in our second loop,
> > because it might be uninitialized or point to a group that's already
> > gone. Get the ptdev object from the scheduler instead.
>
> Won't it always be pointing to some random place above the list_head at
> the start of the list in the last element of the array?
Oh, absolutely. I'll fix the commit message and send a v2 shortly.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-09-30 16:31 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-30 16:11 [PATCH] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() Boris Brezillon
2024-09-30 16:16 ` Julia Lawall
2024-09-30 16:31 ` Boris Brezillon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.