lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aYXvON-q4xpkubRu@stanley.mountain>
Date: Fri, 6 Feb 2026 16:40:08 +0300
From: Dan Carpenter <dan.carpenter@...aro.org>
To: Matthew Brost <matthew.brost@...el.com>
Cc: intel-xe@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
	linux-kernel <linux-kernel@...r.kernel.org>
Subject: [bug report] drm/xe: Avoid toggling schedule state to check LRC
 timestamp in TDR

[ Smatch checking is paused while we raise funding.  #SadFace
  https://lore.kernel.org/all/aTaiGSbWZ9DJaGo7@stanley.mountain/ -dan ]

Hello Matthew Brost,

Commit bb63e7257e63 ("drm/xe: Avoid toggling schedule state to check
LRC timestamp in TDR") from Jan 9, 2026 (linux-next), leads to the
following Smatch static checker warning:

	drivers/gpu/drm/xe/xe_lrc.c:2450 xe_lrc_timestamp()
	error: uninitialized symbol 'new_ts'.

drivers/gpu/drm/xe/xe_lrc.c
    2421 u64 xe_lrc_timestamp(struct xe_lrc *lrc)
    2422 {
    2423         u64 lrc_ts, reg_ts, new_ts;
    2424         u32 engine_id;
    2425 
    2426         lrc_ts = xe_lrc_ctx_timestamp(lrc);
    2427         /* CTX_TIMESTAMP mmio read is invalid on VF, so return the LRC value */
    2428         if (IS_SRIOV_VF(lrc_to_xe(lrc))) {
    2429                 new_ts = lrc_ts;
    2430                 goto done;
    2431         }
    2432 
    2433         if (lrc_ts == CONTEXT_ACTIVE) {
    2434                 engine_id = xe_lrc_engine_id(lrc);
    2435                 if (!get_ctx_timestamp(lrc, engine_id, &reg_ts))
    2436                         new_ts = reg_ts;

Imagine lrc_ts is active but get_ctx_timestamp() returns -1. 

    2437 
    2438                 /* read lrc again to ensure context is still active */
    2439                 lrc_ts = xe_lrc_ctx_timestamp(lrc);
    2440         }
    2441 
    2442         /*
    2443          * If context switched out, just use the lrc_ts. Note that this needs to
    2444          * be a separate if condition.
    2445          */
    2446         if (lrc_ts != CONTEXT_ACTIVE)
    2447                 new_ts = lrc_ts;
    2448 
    2449 done:
--> 2450         return new_ts;

Then new_ts could be uninitialized.

    2451 }

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ