| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <22ad0b20-b879-bcad-5c94-80c162a9da74@canonical.com>
Date: Thu, 25 Mar 2021 15:00:07 +0000
From: Colin Ian King <colin.king@...onical.com>
To: Christian König <christian.koenig@....com>
Cc: David Airlie <airlied@...ux.ie>, Daniel Vetter <daniel@...ll.ch>,
Gerd Hoffmann <kraxel@...hat.com>,
Huang Rui <ray.huang@....com>,
amd-gfx mailing list <amd-gfx@...ts.freedesktop.org>,
"dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
virtualization@...ts.linux-foundation.org,
spice-devel@...ts.freedesktop.org
Subject: re: drm/ttm: switch to per device LRU lock
Hi,
Static analysis with Coverity in linux-next has detected an issue in
drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:
commit a1f091f8ef2b680a5184db065527612247cb4cae
Author: Christian König <christian.koenig@....com>
Date: Tue Oct 6 17:26:42 2020 +0200
drm/ttm: switch to per device LRU lock
Instead of having a global lock for potentially less contention.
The analysis is as follows:
617 int ttm_mem_evict_first(struct ttm_device *bdev,
618 struct ttm_resource_manager *man,
619 const struct ttm_place *place,
620 struct ttm_operation_ctx *ctx,
621 struct ww_acquire_ctx *ticket)
622 {
1. assign_zero: Assigning: bo = NULL.
623 struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
624 bool locked = false;
625 unsigned i;
626 int ret;
627
Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
Dereferencing null pointer bo.
628 spin_lock(&bo->bdev->lru_lock);
629 for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {
The spin_lock on bo is dereferencing a null bo pointer.
Colin
Powered by blists - more mailing lists