From: sashiko-bot@kernel.org
To: "Boris Brezillon" <boris.brezillon@collabora.com>
Cc: dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v5 04/16] drm/panthor: Drop a needless check in panthor_fw_unplug()
Date: Thu, 25 Jun 2026 10:00:27 +0000 [thread overview]
Message-ID: <20260625100027.A62261F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260625-panthor-signal-from-irq-v5-4-8836a74e0ef9@collabora.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] The reset work `panthor_device_reset_work` can execute before device initialization completes, leading to a NULL pointer dereference.
--
commit b7f6d51a0860da42553b0a2ac207a7c13c51cd47
Author: Boris Brezillon <boris.brezillon@collabora.com>
drm/panthor: Drop a needless check in panthor_fw_unplug()
panthor_fw_unplug() is only called if we at least managed to initialize
the IRQ, so it's safe to drop the "is IRQ initialized" check.
> diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
> index 986151681b246..4fbddb9e18c8b 100644
> --- a/drivers/gpu/drm/panthor/panthor_fw.c
> +++ b/drivers/gpu/drm/panthor/panthor_fw.c
> @@ -1279,9 +1279,7 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
>
> if (!IS_ENABLED(CONFIG_PM) || pm_runtime_active(ptdev->base.dev)) {
> /* Make sure the IRQ handler cannot be called after that point. */
> - if (ptdev->fw->irq.irq)
> - panthor_job_irq_suspend(&ptdev->fw->irq);
> -
> + panthor_job_irq_suspend(&ptdev->fw->irq);
> panthor_fw_stop(ptdev);
> }
>
[Severity: High]
This is a pre-existing issue, but can the reset work panthor_device_reset_work
execute before device initialization completes?
During device initialization in panthor_device_init(), panthor_fw_init() is
called, which invokes panthor_vm_active(). This in turn calls
panthor_mmu_as_enable() and as_send_cmd_and_wait().
If the MMU AS_ACTIVE bit gets stuck and times out,
panthor_device_schedule_reset() is called. Because the device PM state has
already been transitioned to ACTIVE earlier via pm_runtime_resume_and_get(),
the reset work is queued and executes asynchronously.
The reset worker unconditionally calls panthor_sched_pre_reset(), which
immediately dereferences ptdev->scheduler:
drivers/gpu/drm/panthor/panthor_sched.c:panthor_sched_pre_reset() {
struct panthor_scheduler *sched = ptdev->scheduler;
u32 i;
mutex_lock(&sched->reset.lock);
...
}
Since ptdev->scheduler is only allocated later in the probe sequence by
panthor_sched_init(), could this result in a NULL pointer dereference if the
reset happens during the probe window?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260625-panthor-signal-from-irq-v5-0-8836a74e0ef9@collabora.com?part=4
next prev parent reply other threads:[~2026-06-25 10:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 9:36 [PATCH v5 00/16] drm/panthor: Reduce dma_fence signalling latency Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 01/16] drm/panthor: Fix theoretical IOMEM access in suspended state Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 02/16] drm/panthor: Don't overrule pending immediate ticks in sched_resume_tick() Boris Brezillon
2026-06-25 10:04 ` sashiko-bot
2026-06-25 9:36 ` [PATCH v5 03/16] drm/panthor: Fix panthor_pwr_unplug() Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 04/16] drm/panthor: Drop a needless check in panthor_fw_unplug() Boris Brezillon
2026-06-25 10:00 ` sashiko-bot [this message]
2026-06-25 9:36 ` [PATCH v5 05/16] drm/panthor: Fix a leak when a group is evicted before the tiler OOM is serviced Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 06/16] drm/panthor: Interrupt group start/resumption if group_bind_locked() fails Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 07/16] drm/panthor: Keep interrupts masked until they are needed Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 08/16] drm/panthor: Make panthor_irq::state a non-atomic field Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 09/16] drm/panthor: Move the register accessors before the IRQ helpers Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 10/16] drm/panthor: Replace the panthor_irq macro machinery by inline helpers Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 11/16] drm/panthor: Don't update might_have_idle_groups in process_idle_event_locked() Boris Brezillon
2026-06-25 10:06 ` sashiko-bot
2026-06-25 9:36 ` [PATCH v5 12/16] drm/panthor: Get rid of panthor_group::fatal_lock Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 13/16] drm/panthor: Protect events processing with a separate spinlock Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 14/16] drm/panthor: Don't defer job completion checks Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 15/16] drm/panthor: Don't defer FW event processing Boris Brezillon
2026-06-25 9:36 ` [PATCH v5 16/16] drm/panthor: Automate CSG IRQ processing at group unbind time Boris Brezillon
2026-06-25 12:43 ` [PATCH v5 00/16] drm/panthor: Reduce dma_fence signalling latency Boris Brezillon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260625100027.A62261F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=boris.brezillon@collabora.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.