Virtualization - Mar 2021 - drm/ttm: switch to per device LRU lock

Hi,

Static analysis with Coverity in linux-next has detected an issue in
drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:

commit a1f091f8ef2b680a5184db065527612247cb4cae
Author: Christian K?nig <christian.koenig at amd.com>
Date:   Tue Oct 6 17:26:42 2020 +0200

    drm/ttm: switch to per device LRU lock

    Instead of having a global lock for potentially less contention.


The analysis is as follows:

617 int ttm_mem_evict_first(struct ttm_device *bdev,
618                        struct ttm_resource_manager *man,
619                        const struct ttm_place *place,
620                        struct ttm_operation_ctx *ctx,
621                        struct ww_acquire_ctx *ticket)
622 {
   1. assign_zero: Assigning: bo = NULL.

623        struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
624        bool locked = false;
625        unsigned i;
626        int ret;
627

   Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
Dereferencing null pointer bo.

628        spin_lock(&bo->bdev->lru_lock);
629        for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {

The spin_lock on bo is dereferencing a null bo pointer.

Colin

Thanks! Just a copy&paste issue.

Patch to fix this is on the mailing list.

Christian.

Am 25.03.21 um 16:00 schrieb Colin Ian King:
> Hi,
>
> Static analysis with Coverity in linux-next has detected an issue in
> drivers/gpu/drm/ttm/ttm_bo.c with the follow commit:
>
> commit a1f091f8ef2b680a5184db065527612247cb4cae
> Author: Christian K?nig <christian.koenig at amd.com>
> Date:   Tue Oct 6 17:26:42 2020 +0200
>
>      drm/ttm: switch to per device LRU lock
>
>      Instead of having a global lock for potentially less contention.
>
>
> The analysis is as follows:
>
> 617 int ttm_mem_evict_first(struct ttm_device *bdev,
> 618                        struct ttm_resource_manager *man,
> 619                        const struct ttm_place *place,
> 620                        struct ttm_operation_ctx *ctx,
> 621                        struct ww_acquire_ctx *ticket)
> 622 {
>     1. assign_zero: Assigning: bo = NULL.
>
> 623        struct ttm_buffer_object *bo = NULL, *busy_bo = NULL;
> 624        bool locked = false;
> 625        unsigned i;
> 626        int ret;
> 627
>
>     Explicit null dereferenced (FORWARD_NULL)2. var_deref_op:
> Dereferencing null pointer bo.
>
> 628        spin_lock(&bo->bdev->lru_lock);
> 629        for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) {
>
> The spin_lock on bo is dereferencing a null bo pointer.
>
> Colin