Hello Dan Carpenter.
Thanks for the report.
On 4/13/22 13:11, Dan Carpenter wrote:
Hello Thomas Hellström,
The patch 3bf3710e3718: "drm/ttm: Add a generic TTM memcpy move for
page-based iomem" from Jun 2, 2021, leads to the following Smatch
static checker warning:
./include/drm/ttm/ttm_bo_driver.h:259 ttm_bo_move_sync_cleanup()
error: NULL dereference inside function 'ttm_bo_move_accel_cleanup()'
./include/drm/ttm/ttm_bo_driver.h
256 static inline void ttm_bo_move_sync_cleanup(struct ttm_buffer_object *bo,
257 struct ttm_resource *new_mem)
258 {
--> 259 int ret = ttm_bo_move_accel_cleanup(bo, NULL, true, false, new_mem);
^^^^
Passing a NULL for "fence" will crash. The first place where it will
crash is in dma_resv_add_fence() where it does:
Indeed, and this has been discussed thoroughly on dri-devel lately. The
bug was introduced in a recent patch that made NULL pointers here crash.
Not the patch indicated.
Thanks,
Thomas
WARN_ON(dma_fence_is_container(fence));
260
261 WARN_ON(ret);
262 }
regards,
dan carpenter
