lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <202512131704.dhYp30j8-lkp@intel.com>
Date: Wed, 17 Dec 2025 17:28:37 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: oe-kbuild@...ts.linux.dev, Arvind Yadav <arvind.yadav@....com>
Cc: lkp@...el.com, oe-kbuild-all@...ts.linux.dev,
	linux-kernel@...r.kernel.org,
	Alex Deucher <alexander.deucher@....com>,
	Christian König <christian.koenig@....com>,
	Shashank Sharma <shashank.sharma@....com>
Subject: drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c:100
 amdgpu_gem_update_bo_mapping() error: we previously assumed 'bo_va' could be
 null (see line 85)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   a859eca0e4cc96f63ff125dbe5388d961558b0e9
commit: 70773bef4e091ff6d2a91e3dfb4f29013eb81f1f drm/amdgpu: update userqueue BOs and PDs
config: s390-randconfig-r071-20251213 (https://download.01.org/0day-ci/archive/20251213/202512131704.dhYp30j8-lkp@intel.com/config)
compiler: s390-linux-gcc (GCC) 10.5.0

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
| Closes: https://lore.kernel.org/r/202512131704.dhYp30j8-lkp@intel.com/

smatch warnings:
drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c:100 amdgpu_gem_update_bo_mapping() error: we previously assumed 'bo_va' could be null (see line 85)

vim +/bo_va +100 drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c

70773bef4e091f Arvind Yadav 2024-09-25   76  static void
70773bef4e091f Arvind Yadav 2024-09-25   77  amdgpu_gem_update_bo_mapping(struct drm_file *filp,
70773bef4e091f Arvind Yadav 2024-09-25   78  			     struct amdgpu_bo_va *bo_va,
70773bef4e091f Arvind Yadav 2024-09-25   79  			     uint32_t operation,
70773bef4e091f Arvind Yadav 2024-09-25   80  			     uint64_t point,
70773bef4e091f Arvind Yadav 2024-09-25   81  			     struct dma_fence *fence,
70773bef4e091f Arvind Yadav 2024-09-25   82  			     struct drm_syncobj *syncobj,
70773bef4e091f Arvind Yadav 2024-09-25   83  			     struct dma_fence_chain *chain)
70773bef4e091f Arvind Yadav 2024-09-25   84  {
70773bef4e091f Arvind Yadav 2024-09-25  @85  	struct amdgpu_bo *bo = bo_va ? bo_va->base.bo : NULL;

bo_va can be NULL.

70773bef4e091f Arvind Yadav 2024-09-25   86  	struct amdgpu_fpriv *fpriv = filp->driver_priv;
70773bef4e091f Arvind Yadav 2024-09-25   87  	struct amdgpu_vm *vm = &fpriv->vm;
70773bef4e091f Arvind Yadav 2024-09-25   88  	struct dma_fence *last_update;
70773bef4e091f Arvind Yadav 2024-09-25   89  
70773bef4e091f Arvind Yadav 2024-09-25   90  	if (!syncobj)
70773bef4e091f Arvind Yadav 2024-09-25   91  		return;
70773bef4e091f Arvind Yadav 2024-09-25   92  
70773bef4e091f Arvind Yadav 2024-09-25   93  	/* Find the last update fence */
70773bef4e091f Arvind Yadav 2024-09-25   94  	switch (operation) {
70773bef4e091f Arvind Yadav 2024-09-25   95  	case AMDGPU_VA_OP_MAP:
70773bef4e091f Arvind Yadav 2024-09-25   96  	case AMDGPU_VA_OP_REPLACE:
70773bef4e091f Arvind Yadav 2024-09-25   97  		if (bo && (bo->tbo.base.resv == vm->root.bo->tbo.base.resv))
70773bef4e091f Arvind Yadav 2024-09-25   98  			last_update = vm->last_update;
70773bef4e091f Arvind Yadav 2024-09-25   99  		else
70773bef4e091f Arvind Yadav 2024-09-25 @100  			last_update = bo_va->last_pt_update;

Unchecked dereference.  If "bo" is non-NULL we would know that
bo_va is also non-NULL, but the fact that bo is possibly NULL makes us
even more suspicious of bo_va.

I reported this before and never got a response.
https://lore.kernel.org/all/7074cf24-b136-44fc-a86d-4394d62c5242@stanley.mountain/

70773bef4e091f Arvind Yadav 2024-09-25  101  		break;
70773bef4e091f Arvind Yadav 2024-09-25  102  	case AMDGPU_VA_OP_UNMAP:
70773bef4e091f Arvind Yadav 2024-09-25  103  	case AMDGPU_VA_OP_CLEAR:
70773bef4e091f Arvind Yadav 2024-09-25  104  		last_update = fence;
70773bef4e091f Arvind Yadav 2024-09-25  105  		break;
70773bef4e091f Arvind Yadav 2024-09-25  106  	default:
70773bef4e091f Arvind Yadav 2024-09-25  107  		return;
70773bef4e091f Arvind Yadav 2024-09-25  108  	}
70773bef4e091f Arvind Yadav 2024-09-25  109  
70773bef4e091f Arvind Yadav 2024-09-25  110  	/* Add fence to timeline */
70773bef4e091f Arvind Yadav 2024-09-25  111  	if (!point)
70773bef4e091f Arvind Yadav 2024-09-25  112  		drm_syncobj_replace_fence(syncobj, last_update);
70773bef4e091f Arvind Yadav 2024-09-25  113  	else
70773bef4e091f Arvind Yadav 2024-09-25  114  		drm_syncobj_add_point(syncobj, chain, last_update, point);
70773bef4e091f Arvind Yadav 2024-09-25  115  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ