lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aaef965f-608a-e77d-9a4a-b91951298836@amd.com>
Date:   Thu, 25 Mar 2021 16:14:55 +0100
From:   Christian König <christian.koenig@....com>
To:     Colin Ian King <colin.king@...onical.com>
Cc:     David Airlie <airlied@...ux.ie>, Daniel Vetter <daniel@...ll.ch>,
        Gerd Hoffmann <kraxel@...hat.com>,
        Huang Rui <ray.huang@....com>,
        amd-gfx mailing list <amd-gfx@...ts.freedesktop.org>,
        "dri-devel@...ts.freedesktop.org" <dri-devel@...ts.freedesktop.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        virtualization@...ts.linux-foundation.org,
        spice-devel@...ts.freedesktop.org
Subject: Re: drm/ttm: switch to per device LRU lock

Thanks! Just a copy&paste issue.

Patch to fix this is on the mailing list.

Christian.

Am 25.03.21 um 16:00 schrieb Colin Ian King:
> Hi,
>
> Static analysis with Coverity in linux-next has detected an issue in
> drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:
>
> commit a1f091f8ef2b680a5184db065527612247cb4cae
> Author: Christian König <christian.koenig@....com>
> Date:   Tue Oct 6 17:26:42 2020 +0200
>
>      drm/ttm: switch to per device LRU lock
>
>      Instead of having a global lock for potentially less contention.
>
>
> The analysis is as follows:
>
> 617 int ttm_mem_evict_first(struct ttm_device *bdev,
> 618                        struct ttm_resource_manager *man,
> 619                        const struct ttm_place *place,
> 620                        struct ttm_operation_ctx *ctx,
> 621                        struct ww_acquire_ctx *ticket)
> 622 {
>     1. assign_zero: Assigning: bo = NULL.
>
> 623        struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
> 624        bool locked = false;
> 625        unsigned i;
> 626        int ret;
> 627
>
>     Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
> Dereferencing null pointer bo.
>
> 628        spin_lock(&bo->bdev->lru_lock);
> 629        for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {
>
> The spin_lock on bo is dereferencing a null bo pointer.
>
> Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ