diff mbox series

[1/4] Klock work Fix for NULL dereferencing in i915_gem_ttm.c

Message ID 20210628143829.22995-2-krishnaiah.bommu@intel.com (mailing list archive)
State New, archived
Headers show
Series The Following Patches are to Fix the Critical KclockWork Errors in i915_gem and gt | expand

Commit Message

Bommu, Krishnaiah June 28, 2021, 2:38 p.m. UTC
Signed-off-by: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
---
 drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Ramalingam C June 29, 2021, 9:26 a.m. UTC | #1
On 2021-06-28 at 20:08:26 +0530, Bommu Krishnaiah wrote:
> Signed-off-by: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> ---
>  drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> index c39d982c4fa66..97093a9bfccc2 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> @@ -590,6 +590,7 @@ static unsigned long i915_ttm_io_mem_pfn(struct ttm_buffer_object *bo,
>  	GEM_WARN_ON(bo->ttm);
>  
>  	sg = __i915_gem_object_get_sg(obj, &obj->ttm.get_io_page, page_offset, &ofs, true, true);
> +	GEM_BUG_ON(!sg);
IMHO this looks good to have as this is member of ttm_device_funcs. As i am not aware of the callers
intentions and requirement check, i leave this to Maarten.

Ram
>  
>  	return ((base + sg_dma_address(sg)) >> PAGE_SHIFT) + ofs;
>  }
> -- 
> 2.25.1
> 
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx
Matthew Auld July 1, 2021, 9:39 a.m. UTC | #2
On Mon, 28 Jun 2021 at 15:49, Bommu Krishnaiah
<krishnaiah.bommu@intel.com> wrote:
>
> Signed-off-by: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> ---
>  drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> index c39d982c4fa66..97093a9bfccc2 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> @@ -590,6 +590,7 @@ static unsigned long i915_ttm_io_mem_pfn(struct ttm_buffer_object *bo,
>         GEM_WARN_ON(bo->ttm);
>
>         sg = __i915_gem_object_get_sg(obj, &obj->ttm.get_io_page, page_offset, &ofs, true, true);
> +       GEM_BUG_ON(!sg);

Is there some analysis for how this could happen? The commit message
should ideally have something like that. It looks like we already have
a GEM_BUG_ON(!sg) for the lookup case, and in the event of doing the
manual walk we already dereference the sg, so not seeing it.

>
>         return ((base + sg_dma_address(sg)) >> PAGE_SHIFT) + ofs;
>  }
> --
> 2.25.1
>
> _______________________________________________
> Intel-gfx mailing list
> Intel-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gfx
Matthew Auld July 1, 2021, 9:49 a.m. UTC | #3
On Thu, 1 Jul 2021 at 10:39, Matthew Auld
<matthew.william.auld@gmail.com> wrote:
>
> On Mon, 28 Jun 2021 at 15:49, Bommu Krishnaiah
> <krishnaiah.bommu@intel.com> wrote:
> >
> > Signed-off-by: Bommu Krishnaiah <krishnaiah.bommu@intel.com>
> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> > ---
> >  drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> > index c39d982c4fa66..97093a9bfccc2 100644
> > --- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> > +++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
> > @@ -590,6 +590,7 @@ static unsigned long i915_ttm_io_mem_pfn(struct ttm_buffer_object *bo,
> >         GEM_WARN_ON(bo->ttm);
> >
> >         sg = __i915_gem_object_get_sg(obj, &obj->ttm.get_io_page, page_offset, &ofs, true, true);
> > +       GEM_BUG_ON(!sg);
>
> Is there some analysis for how this could happen? The commit message
> should ideally have something like that. It looks like we already have
> a GEM_BUG_ON(!sg) for the lookup case, and in the event of doing the
> manual walk we already dereference the sg, so not seeing it.

So simply adding GEM_BUG_ON(!sg) here I don't think does anything. But
maybe this tool is trying to point out a potential bug inside
__i915_gem_object_get_sg(), hence needs proper analysis.

>
> >
> >         return ((base + sg_dma_address(sg)) >> PAGE_SHIFT) + ofs;
> >  }
> > --
> > 2.25.1
> >
> > _______________________________________________
> > Intel-gfx mailing list
> > Intel-gfx@lists.freedesktop.org
> > https://lists.freedesktop.org/mailman/listinfo/intel-gfx
diff mbox series

Patch

diff --git a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
index c39d982c4fa66..97093a9bfccc2 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c
@@ -590,6 +590,7 @@  static unsigned long i915_ttm_io_mem_pfn(struct ttm_buffer_object *bo,
 	GEM_WARN_ON(bo->ttm);
 
 	sg = __i915_gem_object_get_sg(obj, &obj->ttm.get_io_page, page_offset, &ofs, true, true);
+	GEM_BUG_ON(!sg);
 
 	return ((base + sg_dma_address(sg)) >> PAGE_SHIFT) + ofs;
 }