On 17/02/2022 07:50, Vivek Kasireddy wrote:
While looking for next holes suitable for an allocation, although, it is highly unlikely, make sure that the DECLARE_NEXT_HOLE_ADDR macro is using a valid node before it extracts the rb_node from it.
Was the need for this just a consequence of insufficient locking in the i915 patch?
Regards, Tvrtko
Cc: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxxxxxxxx> Cc: Christian König <christian.koenig@xxxxxxx> Signed-off-by: Vivek Kasireddy <vivek.kasireddy@xxxxxxxxx> --- drivers/gpu/drm/drm_mm.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_mm.c b/drivers/gpu/drm/drm_mm.c index 8257f9d4f619..499d8874e4ed 100644 --- a/drivers/gpu/drm/drm_mm.c +++ b/drivers/gpu/drm/drm_mm.c @@ -389,11 +389,12 @@ first_hole(struct drm_mm *mm, #define DECLARE_NEXT_HOLE_ADDR(name, first, last) \ static struct drm_mm_node *name(struct drm_mm_node *entry, u64 size) \ { \ - struct rb_node *parent, *node = &entry->rb_hole_addr; \ + struct rb_node *parent, *node; \ \ - if (!entry || RB_EMPTY_NODE(node)) \ + if (!entry || RB_EMPTY_NODE(&entry->rb_hole_addr)) \ return NULL; \ \ + node = &entry->rb_hole_addr; \ if (usable_hole_addr(node->first, size)) { \ node = node->first; \ while (usable_hole_addr(node->last, size)) \