2021-03-25 15:02:13

by Colin King

[permalink] [raw]
Subject: re: drm/ttm: switch to per device LRU lock

Hi,

Static analysis with Coverity in linux-next has detected an issue in
drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:

commit a1f091f8ef2b680a5184db065527612247cb4cae
Author: Christian König <[email protected]>
Date: Tue Oct 6 17:26:42 2020 +0200

drm/ttm: switch to per device LRU lock

Instead of having a global lock for potentially less contention.


The analysis is as follows:

617 int ttm_mem_evict_first(struct ttm_device *bdev,
618 struct ttm_resource_manager *man,
619 const struct ttm_place *place,
620 struct ttm_operation_ctx *ctx,
621 struct ww_acquire_ctx *ticket)
622 {
1. assign_zero: Assigning: bo = NULL.

623 struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
624 bool locked = false;
625 unsigned i;
626 int ret;
627

Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
Dereferencing null pointer bo.

628 spin_lock(&bo->bdev->lru_lock);
629 for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {

The spin_lock on bo is dereferencing a null bo pointer.

Colin


2021-03-25 15:19:29

by Christian König

[permalink] [raw]
Subject: Re: drm/ttm: switch to per device LRU lock

Thanks! Just a copy&paste issue.

Patch to fix this is on the mailing list.

Christian.

Am 25.03.21 um 16:00 schrieb Colin Ian King:
> Hi,
>
> Static analysis with Coverity in linux-next has detected an issue in
> drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:
>
> commit a1f091f8ef2b680a5184db065527612247cb4cae
> Author: Christian König <[email protected]>
> Date: Tue Oct 6 17:26:42 2020 +0200
>
> drm/ttm: switch to per device LRU lock
>
> Instead of having a global lock for potentially less contention.
>
>
> The analysis is as follows:
>
> 617 int ttm_mem_evict_first(struct ttm_device *bdev,
> 618 struct ttm_resource_manager *man,
> 619 const struct ttm_place *place,
> 620 struct ttm_operation_ctx *ctx,
> 621 struct ww_acquire_ctx *ticket)
> 622 {
> 1. assign_zero: Assigning: bo = NULL.
>
> 623 struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
> 624 bool locked = false;
> 625 unsigned i;
> 626 int ret;
> 627
>
> Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
> Dereferencing null pointer bo.
>
> 628 spin_lock(&bo->bdev->lru_lock);
> 629 for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {
>
> The spin_lock on bo is dereferencing a null bo pointer.
>
> Colin