[bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem

Dan Carpenter Wed, 13 Apr 2022 04:11:47 -0700

Hello Thomas Hellström,

The patch 3bf3710e3718: "drm/ttm: Add a generic TTM memcpy move for
page-based iomem" from Jun 2, 2021, leads to the following Smatch
static checker warning:


        ./include/drm/ttm/ttm_bo_driver.h:259 ttm_bo_move_sync_cleanup()
        error: NULL dereference inside function 'ttm_bo_move_accel_cleanup()'

./include/drm/ttm/ttm_bo_driver.h
    256 static inline void ttm_bo_move_sync_cleanup(struct ttm_buffer_object 
*bo,
    257                                             struct ttm_resource 
*new_mem)
    258 {
--> 259         int ret = ttm_bo_move_accel_cleanup(bo, NULL, true, false, 
new_mem);
                                                        ^^^^
Passing a NULL for "fence" will crash.  The first place where it will
crash is in dma_resv_add_fence() where it does:

        WARN_ON(dma_fence_is_container(fence));

    260 
    261         WARN_ON(ret);
    262 }

regards,
dan carpenter

[bug report] drm/ttm: Add a generic TTM memcpy move for page-based iomem

Reply via email to