Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2044926pxp;
        Mon, 21 Mar 2022 10:06:20 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyH8BqFXhwxnkuk4be3J6WzVRc4QrDNaefht6PhQYyPpUyjG23dto9o/zWRrbvBaEPt71+y
X-Received: by 2002:a05:6a02:18c:b0:382:cbe:1c7 with SMTP id bj12-20020a056a02018c00b003820cbe01c7mr16189974pgb.378.1647882380331;
        Mon, 21 Mar 2022 10:06:20 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1647882380; cv=pass;
        d=google.com; s=arc-20160816;
        b=GYrhhiina1NEc+JGxGo6b3PsCKyy+79qisKP6hpOG6kwBPgJWI5yz+QG89+jDXgTJa
         PPXmjPjMmWvJHkXOYQJtm2gGVkdrDw9/RWx4pJBqb/5G3A3ewugGmGq2ajlZU8iV3t7p
         Nsn9hZe+QgqkmjKZplzsCBu4SUM2BfSFhPtJKMh8Hn4cTJ3vM1M8vb739iYew/dEkpwk
         rPC6/K4mZS5Es9fTh2ZhfIpSZxXLerNoTUUsqviHKzkkknFrUhXpvABcKy6rUZlJglxy
         RZIL2bWhrXwklc/+2MONLFRoE+aUbOpMLkqe10ioHfKPEiRmvZH+Pk9Rs3ULyvK/aAtn
         HlBA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :in-reply-to:from:references:cc:to:content-language:subject
         :user-agent:date:message-id:dkim-signature;
        bh=SdM+8CraNUcODBZ+ejblVoCAp9BYZQ1XhAJVplxHj3k=;
        b=0f4wzw8LEmu4ibP+Ev/AB9HixKX5gMkosYTHlpyNu2qEqflolfjujxnK4EZDkp3hgl
         HSDXUbWrNgkQKE+pibHoVsqrAdbD3Ae9qHqBRTVGwhqE82ylepzGIjzUz0i7g+iZ3bWO
         0DWe9ucMyp1uDFgf24o38OJaU8wF8nLckRn/0Uw5TMm2dbSgvC8jzAGy+hDaTuH/N0z9
         Fvx5XqNnKuIEUShMWzG2Pc6h/JsGtnZaxcCU6I1SL/PaX4pjLCJrLOoQIe/E4PLqIw4I
         VRIdvz8A+ZTpMY8cPZ1plzMfUM0Dn7KBgMiex6D+/HjdFj/iPF+A/1XGnCbvQFKzorCI
         9xTw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=P8reFv0H;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id c20-20020a6566d4000000b003823f33adb2si10211118pgw.815.2022.03.21.10.06.00;
        Mon, 21 Mar 2022 10:06:20 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amd.com header.s=selector1 header.b=P8reFv0H;
       arc=pass (i=1 spf=pass spfdomain=amd.com dkim=pass dkdomain=amd.com dmarc=pass fromdomain=amd.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1346027AbiCUJxO (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Mon, 21 Mar 2022 05:53:14 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53884 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343803AbiCUJxK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 21 Mar 2022 05:53:10 -0400
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2054.outbound.protection.outlook.com [40.107.243.54])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E88839BAEE
        for <linux-kernel@vger.kernel.org>; Mon, 21 Mar 2022 02:51:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=jyBaXp2PIKW8Ruo8cRzG+zzget6yiobyB7Wjs3fkEW41bWAZSNSzEcCEwYE2AuS8D8J2IZ8+GyeQBrtJaSO79HqHWu7q00vgncRpgyK4GflWFNng/aXPDK1JvqSO1p6NlomHG2aUelBhoNovkZpCS5kc9Q/Ome/EhKHRgC0u+qh+tawScn1SQoaFIU6AdYHTi4Ng3gwFJVoBW1VZYRaRBtIvTKcDHjfEc2eyMbK/co1vVuT2LHcEbGRTfturl041/tCT+tzN+StrrMwjXqCRlMTNrnQnHvmHtHy3dAED1dQkIsy2JIk99wAESJuvy5y7Homh/3CVv01ZQ8Z55yrXGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=SdM+8CraNUcODBZ+ejblVoCAp9BYZQ1XhAJVplxHj3k=;
 b=do/s/5qau6+/FxIGdDUXG/9iGyGEAWlxKRn4LH6je8SDtbofk5kzg/2QCcN/O1ii+CF47HM0SqTcKZANJsukG5SDD172fR2/8G6O8dJY0mNjl62MRpLfLFl4o8p5Syz6e3L73ORZDki2s0/T6haj4LFp1CU/r9le6kAJhhlm+p9e8tPnLYOA+HHNtqp61glOhh2lEtLFm4tVYDC29lE8TNZdymB4VIdqzxWdjlJBYg9jcWJu5z4owKg44Fz1rzWXrHc5jLwjoz/Uu6PHtPk0L2Sq8f/YECxVf8ktMnRqX03t6aCFgfgm6qh6Y3UnvsxEwP3kRTa7r6ReZCAd1JhjNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass
 header.d=amd.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=SdM+8CraNUcODBZ+ejblVoCAp9BYZQ1XhAJVplxHj3k=;
 b=P8reFv0Hgl8blucNXaPhMCSX6Rc1tYmX+24kpvhBKg0NRKh327OvTvPHwLtxfkPF+M/eD5SxVcFBM9H4wfrkaE72TI6M3e4bnyqtlOYfOoBFMJovP+DCwckgL9LXCKoZm0gNP7x88p32b2SwUjkTPT473Swn7dSVxHaJHFhMF70=
Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=amd.com;
Received: from BN8PR12MB3587.namprd12.prod.outlook.com (2603:10b6:408:43::13)
 by DS7PR12MB5839.namprd12.prod.outlook.com (2603:10b6:8:7a::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Mon, 21 Mar
 2022 09:51:43 +0000
Received: from BN8PR12MB3587.namprd12.prod.outlook.com
 ([fe80::404f:1fc8:9f4c:f185]) by BN8PR12MB3587.namprd12.prod.outlook.com
 ([fe80::404f:1fc8:9f4c:f185%6]) with mapi id 15.20.5081.023; Mon, 21 Mar 2022
 09:51:43 +0000
Message-ID: <8688c626-5858-18ba-593b-cdf179ca5201@amd.com>
Date:   Mon, 21 Mar 2022 10:51:38 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.0
Subject: Re: [PATCH] drm/ttm: fix potential null ptr deref in when mem space
 alloc fails
Content-Language: en-US
To:     Robert Beckett <bob.beckett@collabora.com>,
        dri-devel@lists.freedesktop.org, Huang Rui <ray.huang@amd.com>,
        David Airlie <airlied@linux.ie>,
        Daniel Vetter <daniel@ffwll.ch>,
        Matthew Auld <matthew.auld@intel.com>
Cc:     linux-kernel@vger.kernel.org
References: <20220318195004.416539-1-bob.beckett@collabora.com>
From:   =?UTF-8?Q?Christian_K=c3=b6nig?= <christian.koenig@amd.com>
In-Reply-To: <20220318195004.416539-1-bob.beckett@collabora.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: AM6P195CA0043.EURP195.PROD.OUTLOOK.COM
 (2603:10a6:209:87::20) To BN8PR12MB3587.namprd12.prod.outlook.com
 (2603:10b6:408:43::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e10c3bbf-73a1-45d5-88c2-08da0b20678b
X-MS-TrafficTypeDiagnostic: DS7PR12MB5839:EE_
X-Microsoft-Antispam-PRVS: <DS7PR12MB5839D6A8932A8E10BBB70A9E83169@DS7PR12MB5839.namprd12.prod.outlook.com>
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: RviQt0aEJRsyfpHgGI/inldeniE4c6dmLgF+i9IDTfQbkHC+YGBU1O0hsZ9VSwqho0CMKwfPxWOXAY/3ThPP+MRFK+O8GfyACOKJOydT4aOEL2ALFcQZrjVkcOL+Dl/wUJrp25By4P9KBfs2gR3zVS8vpt+959qp2naxVU8CK1uu8Q8amUvPhwn8sVXRih2JVrZCOQr84xtsTnLZuT4CLqazhp1cHKeE6bLtWvrRhqhSc0tchSmYXho1S4UmPVZXbi9+tPi8x+2o9xKaLZp7gXtREcxOOQBZeg5755AsybdLlu7YhSVee/gWJ5yUtpB5sJEHltZNlJ4UGKeCeWoAGO6xorWCSYxuv2/clnlNXAef/8o5z+l8W5pewJzx0tzvmiEmh7zm8Pw25S+4jzrO0uCUmHeQr4yK2vcQvwTmAm9N8dofZA2WUdCzlBTbuxWwW/fT0JlubU9sNJUCUgPc8aYXVW1YSEwkbMltXRLgOK1q6SLOR03kdzH0groWCjH6wRZC0JdpXZAqaUzL+UCrq/0V72b86HJz1u/J2WCi/pKCA/Qco1bXJZWlwig7vQkh+b05gXLgY12OZWJp92ds7Gp2wFB3drxsyV0kd0Gz2VhY9Mq6JM4nBnabMCGvbG1weV0vFYPm3xyE/H4SCj9XnLTEfbvTSiminNgEmDujfBg0DX0wFNBrFWKF3JT9Hsngl8OlrDVaR0Ru3tcVuh41t7PG7XrF4FWDVom5wSEjb4YwRYPahow0HzUfNjxiT8MN
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN8PR12MB3587.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(83380400001)(8676002)(4326008)(66946007)(66556008)(66476007)(508600001)(6666004)(6486002)(8936002)(2616005)(6512007)(2906002)(316002)(38100700002)(186003)(36756003)(5660300002)(6506007)(31686004)(86362001)(110136005)(31696002)(43740500002)(45980500001);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WHA1NktQTkxLQldNVS9JY3dqT1dwUGFZdmZpMkFpeHFKZTlMb1JPN1NMRFZx?=
 =?utf-8?B?aCsvUTZVVGl0N0JaK2haelROR05IZjZvUWUvSzZwckNOa2xuWWJJOWVzaTFH?=
 =?utf-8?B?WEVYSVIvWjVjSW9NQVNYenFjRFR1cjFKNlloSTV1SXkxbXIxaE8vc0ZLclhs?=
 =?utf-8?B?aUtNc2RnOTlaNXBSNS9FSUg4WG1WMDYwWlpVTDRqVlVOZnpHYW5oL3NRWDFD?=
 =?utf-8?B?bE1kLzB6MnVGVnVLYXEvekZpamxqaXFkblEyZFV0bXppbkl4OVFUdXg3ZTA3?=
 =?utf-8?B?OGg5ajg4V3JQU1hMVW00d0M1dlJXY3V3N3pzQ3NlMVEwQTVIV0dOeHA4WUV0?=
 =?utf-8?B?ZVNLTXBxTFppWFRwRDg3ZUFpTjN0RkF4V3NXVDA2SEFHWXc3UUJCNzRpREVn?=
 =?utf-8?B?YUtXQWZNeHNWQzRpTk9xMkM2MmRJaWo5cXQ4WVVyOFBDemNHYWxSS1lNQzlm?=
 =?utf-8?B?OThTY2QvejFDam04NDRwZll1a1o1eWduMGxobkN1RU1aUFp6NktVK3FNRm14?=
 =?utf-8?B?emdzbVJrSXk0Zmhqc0I0Skk1REFhMXROYjlLUTFIWXJMT08vdjlhaEw1Y3A0?=
 =?utf-8?B?UnA3Q1ZIU2FmeGt3T0ZPdjF5b3UyZDVEeHBQdUF0N0N2YlJ1YkhMK3RwM3dM?=
 =?utf-8?B?VVJJYytjdDFCYzBKU2ZveGI2anBac3U1SE1VcG91cmRpSmpDTHVPdGw0N0du?=
 =?utf-8?B?dEZacThUTnJ2UUV4UlFWd0huV3M3VUlkeitBRU9ZZUFpVXpaNGRVTDFFU3dX?=
 =?utf-8?B?N0JOSEtVcXI2eHBUWVBKQUNCYVVNWWVoeXg4b2RFN1VxL3JWbGdZZTk5aEkz?=
 =?utf-8?B?NDVtVzNjZzhUQVNaT2ZYVkM1KzFaVzYwTVdPbENRVWk2M2MxQ3hXclpOazlW?=
 =?utf-8?B?YktQTEpPeTR1dlhaT294eXhxeWY3SVNLcVpPcTNhcWN3WWhJNCtRc1ZFZm50?=
 =?utf-8?B?cjVEWmJqaVJGU3BJaFFzV1NaWTdxRThSdFZQWHRrSERuMDhsUGQzMGcvbzFQ?=
 =?utf-8?B?UklvWGtUczV2bU15c08zUXIzemUvbjVEckRZemFUSXRVUHAxYjcrVVRJaDVq?=
 =?utf-8?B?bkdRZjRaMDVQU255MmF6NGM4b3h0b0h5a0hObWZHMHVpSVZoZWRiYWpINlF6?=
 =?utf-8?B?dkJFZGtIYlM3QW05UWNETTEzYnc5cjBHeDNOd3pIeEVGVFZJWEgxb2hUZG9G?=
 =?utf-8?B?cGhOdi81dlVNN2V0clhTS3lNRVNFSERhSGtnUS9MQmZWQ2pTNzhOb2laMk4y?=
 =?utf-8?B?NFVKd2txNCtCeTh1MFlHMmVMaXFhWWpEQVBZNlRCOEw2OThyWjJUTytWZk56?=
 =?utf-8?B?NXcrR2RTWDE3bHZvMTMxNmRHZWZ0Q09EOWdoalVoN2VISFpoWVJiMEI2dDhl?=
 =?utf-8?B?UHl2LzBOekVCT3lENktmMHZRTTlKM04rNlpnbnU2a1Nib0ZLNUZRNEVuYndD?=
 =?utf-8?B?M1hqcHA0N2RybmtDYWFHcWtEcFhkTTJHZWJ6VlVHN3pQQXVDaVVKRS96TUlj?=
 =?utf-8?B?bjNpYVc1TEhCbUlZbmlwd2h2dkdPMEVyZGxhL1ZpUVRjUU00NGllOElmUjAz?=
 =?utf-8?B?WGpLb3BBNXZXMUtzT2Qyd3RBc2tYZHZtZDVtMVFsZiszWXUreU8rNHZVUzhk?=
 =?utf-8?B?VkdWN3pOU3Q2SE5Ja0dDTytHZVkreXBXZmNPTG9wNHMrSXpUUHhhL2RqTW9J?=
 =?utf-8?B?QzkxeUV4dld5VVhWTHUvVksxY0E2Wkw0bzM4UmJVMW9QYkpkR2R2RTdmS0NH?=
 =?utf-8?B?cHZSVUw2NVg3RXJFSzhCcm5wYzJFRXBpd3R0ZDJWYWUrVlJUN0xSRTIwNUdH?=
 =?utf-8?B?UHdJQ2t5dnN6YjRpUWxwMmI3N3ZRTFpVKzlPY2NML2hjcWUvWEFHc3AzM1dw?=
 =?utf-8?B?ZjFMRkVaWUtxTjgvU1FyQkhQK3l0aDlVVlc5UFNzUEUwdkN5V2U5aTlSbWFp?=
 =?utf-8?B?czVLeUVSMmRRSFJRaHhsRzZQZTVEMnRINE1FMyt2YStuZ0I3amN1N3lRbExh?=
 =?utf-8?B?dmV4QlkwMkVWYWJYZTcxanpRaFk1Yi8zdFZkQzNWK2c3M1R0a3NoVk5YaEUy?=
 =?utf-8?Q?ZZwVlH?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e10c3bbf-73a1-45d5-88c2-08da0b20678b
X-MS-Exchange-CrossTenant-AuthSource: BN8PR12MB3587.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Mar 2022 09:51:43.2278
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Z3ebCxAGl6Uw4QrDJ2Ywnc9sdti8+xcHxl9jt51CiTkEa0S95CB1ef4jmCyd+Lzv
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5839
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,
        RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Am 18.03.22 um 20:50 schrieb Robert Beckett:
> when allocating a resource in place it is common to free the buffer's
> resource, then allocate a new resource in a different placement.
>
> e.g. amdgpu_bo_create_kernel_at calls ttm_resource_free, then calls
> ttm_bo_mem_space.

Well yes I'm working the drivers towards this, but NAK at the moment. 
Currently bo->resource is never expected to be NULL.

And yes I'm searching for this bug in amdgpu for quite a while. Where 
exactly does that happen?

Amdgpu is supposed to allocate a new resource first, then do a swap and 
the free the old one.

Thanks,
Christian.

>
> In this situation, bo->resource will be null as it is cleared during
> the initial freeing of the previous resource.
> This leads to a null deref.
>
> Fixes: d3116756a710 (drm/ttm: rename bo->mem and make it a pointer)
>
> Signed-off-by: Robert Beckett <bob.beckett@collabora.com>
> ---
>   drivers/gpu/drm/ttm/ttm_bo.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
> index db3dc7ef5382..62b29ee7d040 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
> @@ -875,7 +875,7 @@ int ttm_bo_mem_space(struct ttm_buffer_object *bo,
>   	}
>   
>   error:
> -	if (bo->resource->mem_type == TTM_PL_SYSTEM && !bo->pin_count)
> +	if (bo->resource && bo->resource->mem_type == TTM_PL_SYSTEM && !bo->pin_count)
>   		ttm_bo_move_to_lru_tail_unlocked(bo);
>   
>   	return ret;