:::::: :::::: Manual check reason: "low confidence bisect report" ::::::
BCC: [email protected] CC: [email protected] CC: [email protected] TO: Maarten Lankhorst <[email protected]> CC: "Thomas Hellström" <[email protected]> tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: b44f2fd87919b5ae6e1756d4c7ba2cbba22238e1 commit: cf3e3e86d77970211e0983130e896ae242601003 drm/i915: Use ttm mmap handling for ttm bo's. date: 1 year, 2 months ago :::::: branch date: 18 hours ago :::::: commit date: 1 year, 2 months ago config: x86_64-randconfig-c001-20220801 (https://download.01.org/0day-ci/archive/20220805/[email protected]/config) compiler: gcc-11 (Debian 11.3.0-3) 11.3.0 reproduce (this is a W=1 build): # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf3e3e86d77970211e0983130e896ae242601003 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout cf3e3e86d77970211e0983130e896ae242601003 # save the config file make If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> All errors (new ones prefixed by >>): drivers/gpu/drm/i915/gem/i915_gem_mman.c: In function 'i915_gem_mmap': >> drivers/gpu/drm/i915/gem/i915_gem_mman.c:961:20: error: dereference of NULL >> 'mmo' [CWE-476] [-Werror=analyzer-null-dereference] 961 | switch (mmo->mmap_type) { | ~~~^~~~~~~~~~~ 'i915_gem_mmap': events 1-4 | | 880 | int i915_gem_mmap(struct file *filp, struct vm_area_struct *vma) | | ^~~~~~~~~~~~~ | | | | | (1) entry to 'i915_gem_mmap' |...... | 889 | if (drm_dev_is_unplugged(dev)) | | ~ | | | | | (2) following 'false' branch... |...... | 892 | rcu_read_lock(); | | ~~~~~~~~~~~~~ | | | | | (3) ...to here | 893 | drm_vma_offset_lock_lookup(dev->vma_offset_manager); | 894 | node = drm_vma_offset_exact_lookup_locked(dev->vma_offset_manager, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) calling 'drm_vma_offset_exact_lookup_locked' from 'i915_gem_mmap' | 895 | vma->vm_pgoff, | | ~~~~~~~~~~~~~~ | 896 | vma_pages(vma)); | | ~~~~~~~~~~~~~~~ | +--> 'drm_vma_offset_exact_lookup_locked': event 5 | |include/drm/drm_vma_manager.h:95:1: | 95 | drm_vma_offset_exact_lookup_locked(struct drm_vma_offset_manager *mgr, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (5) entry to 'drm_vma_offset_exact_lookup_locked' | 'drm_vma_offset_exact_lookup_locked': event 6 | | 102 | return (node && node->vm_node.start == start) ? node : NULL; | 'drm_vma_offset_exact_lookup_locked': event 7 | | 102 | return (node && node->vm_node.start == start) ? node : NULL; | <------+ | 'i915_gem_mmap': events 8-13 | |drivers/gpu/drm/i915/gem/i915_gem_mman.c:894:16: | 894 | node = drm_vma_offset_exact_lookup_locked(dev->vma_offset_manager, | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (8) returning to 'i915_gem_mmap' from 'drm_vma_offset_exact_lookup_locked' | 895 | vma->vm_pgoff, | | ~~~~~~~~~~~~~~ | 896 | vma_pages(vma)); | | ~~~~~~~~~~~~~~~ | 897 | if (node && drm_vma_node_is_allowed(node, priv)) { | | ~ | | | | | (9) following 'true' branch... |...... | 903 | if (!node->driver_private) { | | ~~ ~ | | | | | | | (11) following 'false' branch... | | (10) ...to here |...... | 909 | obj = i915_gem_object_get_rcu | | ~~~ ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (13) calling 'i915_gem_object_get_rcu' from 'i915_gem_mmap' | | (12) ...to here | 910 | (container_of(node, struct drm_i915_gem_object, | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 911 | base.vma_node)); | | ~~~~~~~~~~~~~~~ | +--> 'i915_gem_object_get_rcu': events 14-15 | |drivers/gpu/drm/i915/gem/i915_gem_object.h:105:1: | 105 | i915_gem_object_get_rcu(struct drm_i915_gem_object *obj) | | ^~~~~~~~~~~~~~~~~~~~~~~ | | | | | (14) entry to 'i915_gem_object_get_rcu' | 106 | { | 107 | if (obj && !kref_get_unless_zero(&obj->base.refcount)) | | ~ | | | | | (15) following 'true' branch (when 'obj' is non-NULL)... | 'i915_gem_object_get_rcu': events 16-17 | |include/linux/kref.h:111:9: | 111 | return refcount_inc_not_zero(&kref->refcount); | | ^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | (17) calling 'refcount_inc_not_zero' from 'i915_gem_object_get_rcu' | | (16) ...to here | vim +/mmo +961 drivers/gpu/drm/i915/gem/i915_gem_mman.c f17b898009d8c9 Chris Wilson 2020-01-01 873 cc662126b4134e Abdiel Janulgue 2019-12-04 874 /* cc662126b4134e Abdiel Janulgue 2019-12-04 875 * This overcomes the limitation in drm_gem_mmap's assignment of a cc662126b4134e Abdiel Janulgue 2019-12-04 876 * drm_gem_object as the vma->vm_private_data. Since we need to cc662126b4134e Abdiel Janulgue 2019-12-04 877 * be able to resolve multiple mmap offsets which could be tied cc662126b4134e Abdiel Janulgue 2019-12-04 878 * to a single gem object. cc662126b4134e Abdiel Janulgue 2019-12-04 879 */ cc662126b4134e Abdiel Janulgue 2019-12-04 880 int i915_gem_mmap(struct file *filp, struct vm_area_struct *vma) cc662126b4134e Abdiel Janulgue 2019-12-04 881 { cc662126b4134e Abdiel Janulgue 2019-12-04 882 struct drm_vma_offset_node *node; cc662126b4134e Abdiel Janulgue 2019-12-04 883 struct drm_file *priv = filp->private_data; cc662126b4134e Abdiel Janulgue 2019-12-04 884 struct drm_device *dev = priv->minor->dev; 280d14a69da2e7 Chris Wilson 2020-01-30 885 struct drm_i915_gem_object *obj = NULL; cc662126b4134e Abdiel Janulgue 2019-12-04 886 struct i915_mmap_offset *mmo = NULL; f17b898009d8c9 Chris Wilson 2020-01-01 887 struct file *anon; cc662126b4134e Abdiel Janulgue 2019-12-04 888 cc662126b4134e Abdiel Janulgue 2019-12-04 889 if (drm_dev_is_unplugged(dev)) cc662126b4134e Abdiel Janulgue 2019-12-04 890 return -ENODEV; cc662126b4134e Abdiel Janulgue 2019-12-04 891 280d14a69da2e7 Chris Wilson 2020-01-30 892 rcu_read_lock(); cc662126b4134e Abdiel Janulgue 2019-12-04 893 drm_vma_offset_lock_lookup(dev->vma_offset_manager); cc662126b4134e Abdiel Janulgue 2019-12-04 894 node = drm_vma_offset_exact_lookup_locked(dev->vma_offset_manager, cc662126b4134e Abdiel Janulgue 2019-12-04 895 vma->vm_pgoff, cc662126b4134e Abdiel Janulgue 2019-12-04 896 vma_pages(vma)); 280d14a69da2e7 Chris Wilson 2020-01-30 897 if (node && drm_vma_node_is_allowed(node, priv)) { cc662126b4134e Abdiel Janulgue 2019-12-04 898 /* cc662126b4134e Abdiel Janulgue 2019-12-04 899 * Skip 0-refcnted objects as it is in the process of being cc662126b4134e Abdiel Janulgue 2019-12-04 900 * destroyed and will be invalid when the vma manager lock cc662126b4134e Abdiel Janulgue 2019-12-04 901 * is released. cc662126b4134e Abdiel Janulgue 2019-12-04 902 */ cf3e3e86d77970 Maarten Lankhorst 2021-06-10 903 if (!node->driver_private) { 280d14a69da2e7 Chris Wilson 2020-01-30 904 mmo = container_of(node, struct i915_mmap_offset, vma_node); 280d14a69da2e7 Chris Wilson 2020-01-30 905 obj = i915_gem_object_get_rcu(mmo->obj); cf3e3e86d77970 Maarten Lankhorst 2021-06-10 906 cf3e3e86d77970 Maarten Lankhorst 2021-06-10 907 GEM_BUG_ON(obj && obj->ops->mmap_ops); cf3e3e86d77970 Maarten Lankhorst 2021-06-10 908 } else { cf3e3e86d77970 Maarten Lankhorst 2021-06-10 909 obj = i915_gem_object_get_rcu cf3e3e86d77970 Maarten Lankhorst 2021-06-10 910 (container_of(node, struct drm_i915_gem_object, cf3e3e86d77970 Maarten Lankhorst 2021-06-10 911 base.vma_node)); cf3e3e86d77970 Maarten Lankhorst 2021-06-10 912 cf3e3e86d77970 Maarten Lankhorst 2021-06-10 913 GEM_BUG_ON(obj && !obj->ops->mmap_ops); cf3e3e86d77970 Maarten Lankhorst 2021-06-10 914 } cc662126b4134e Abdiel Janulgue 2019-12-04 915 } cc662126b4134e Abdiel Janulgue 2019-12-04 916 drm_vma_offset_unlock_lookup(dev->vma_offset_manager); 280d14a69da2e7 Chris Wilson 2020-01-30 917 rcu_read_unlock(); cc662126b4134e Abdiel Janulgue 2019-12-04 918 if (!obj) 280d14a69da2e7 Chris Wilson 2020-01-30 919 return node ? -EACCES : -EINVAL; cc662126b4134e Abdiel Janulgue 2019-12-04 920 280d14a69da2e7 Chris Wilson 2020-01-30 921 if (i915_gem_object_is_readonly(obj)) { cc662126b4134e Abdiel Janulgue 2019-12-04 922 if (vma->vm_flags & VM_WRITE) { 280d14a69da2e7 Chris Wilson 2020-01-30 923 i915_gem_object_put(obj); cc662126b4134e Abdiel Janulgue 2019-12-04 924 return -EINVAL; cc662126b4134e Abdiel Janulgue 2019-12-04 925 } cc662126b4134e Abdiel Janulgue 2019-12-04 926 vma->vm_flags &= ~VM_MAYWRITE; cc662126b4134e Abdiel Janulgue 2019-12-04 927 } cc662126b4134e Abdiel Janulgue 2019-12-04 928 280d14a69da2e7 Chris Wilson 2020-01-30 929 anon = mmap_singleton(to_i915(dev)); f17b898009d8c9 Chris Wilson 2020-01-01 930 if (IS_ERR(anon)) { 280d14a69da2e7 Chris Wilson 2020-01-30 931 i915_gem_object_put(obj); f17b898009d8c9 Chris Wilson 2020-01-01 932 return PTR_ERR(anon); f17b898009d8c9 Chris Wilson 2020-01-01 933 } f17b898009d8c9 Chris Wilson 2020-01-01 934 cc662126b4134e Abdiel Janulgue 2019-12-04 935 vma->vm_flags |= VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; cf3e3e86d77970 Maarten Lankhorst 2021-06-10 936 cf3e3e86d77970 Maarten Lankhorst 2021-06-10 937 if (i915_gem_object_has_iomem(obj)) cf3e3e86d77970 Maarten Lankhorst 2021-06-10 938 vma->vm_flags |= VM_IO; cc662126b4134e Abdiel Janulgue 2019-12-04 939 f17b898009d8c9 Chris Wilson 2020-01-01 940 /* f17b898009d8c9 Chris Wilson 2020-01-01 941 * We keep the ref on mmo->obj, not vm_file, but we require f17b898009d8c9 Chris Wilson 2020-01-01 942 * vma->vm_file->f_mapping, see vma_link(), for later revocation. f17b898009d8c9 Chris Wilson 2020-01-01 943 * Our userspace is accustomed to having per-file resource cleanup f17b898009d8c9 Chris Wilson 2020-01-01 944 * (i.e. contexts, objects and requests) on their close(fd), which f17b898009d8c9 Chris Wilson 2020-01-01 945 * requires avoiding extraneous references to their filp, hence why f17b898009d8c9 Chris Wilson 2020-01-01 946 * we prefer to use an anonymous file for their mmaps. f17b898009d8c9 Chris Wilson 2020-01-01 947 */ 295992fb815e79 Christian König 2020-09-14 948 vma_set_file(vma, anon); 295992fb815e79 Christian König 2020-09-14 949 /* Drop the initial creation reference, the vma is now holding one. */ 295992fb815e79 Christian König 2020-09-14 950 fput(anon); f17b898009d8c9 Chris Wilson 2020-01-01 951 cf3e3e86d77970 Maarten Lankhorst 2021-06-10 952 if (obj->ops->mmap_ops) { cf3e3e86d77970 Maarten Lankhorst 2021-06-10 953 vma->vm_page_prot = pgprot_decrypted(vm_get_page_prot(vma->vm_flags)); cf3e3e86d77970 Maarten Lankhorst 2021-06-10 954 vma->vm_ops = obj->ops->mmap_ops; cf3e3e86d77970 Maarten Lankhorst 2021-06-10 955 vma->vm_private_data = node->driver_private; cf3e3e86d77970 Maarten Lankhorst 2021-06-10 956 return 0; cf3e3e86d77970 Maarten Lankhorst 2021-06-10 957 } cf3e3e86d77970 Maarten Lankhorst 2021-06-10 958 cf3e3e86d77970 Maarten Lankhorst 2021-06-10 959 vma->vm_private_data = mmo; cf3e3e86d77970 Maarten Lankhorst 2021-06-10 960 cc662126b4134e Abdiel Janulgue 2019-12-04 @961 switch (mmo->mmap_type) { cc662126b4134e Abdiel Janulgue 2019-12-04 962 case I915_MMAP_TYPE_WC: cc662126b4134e Abdiel Janulgue 2019-12-04 963 vma->vm_page_prot = cc662126b4134e Abdiel Janulgue 2019-12-04 964 pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); cc662126b4134e Abdiel Janulgue 2019-12-04 965 vma->vm_ops = &vm_ops_cpu; cc662126b4134e Abdiel Janulgue 2019-12-04 966 break; cc662126b4134e Abdiel Janulgue 2019-12-04 967 cc662126b4134e Abdiel Janulgue 2019-12-04 968 case I915_MMAP_TYPE_WB: cc662126b4134e Abdiel Janulgue 2019-12-04 969 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); cc662126b4134e Abdiel Janulgue 2019-12-04 970 vma->vm_ops = &vm_ops_cpu; cc662126b4134e Abdiel Janulgue 2019-12-04 971 break; cc662126b4134e Abdiel Janulgue 2019-12-04 972 cc662126b4134e Abdiel Janulgue 2019-12-04 973 case I915_MMAP_TYPE_UC: cc662126b4134e Abdiel Janulgue 2019-12-04 974 vma->vm_page_prot = cc662126b4134e Abdiel Janulgue 2019-12-04 975 pgprot_noncached(vm_get_page_prot(vma->vm_flags)); cc662126b4134e Abdiel Janulgue 2019-12-04 976 vma->vm_ops = &vm_ops_cpu; cc662126b4134e Abdiel Janulgue 2019-12-04 977 break; cc662126b4134e Abdiel Janulgue 2019-12-04 978 cc662126b4134e Abdiel Janulgue 2019-12-04 979 case I915_MMAP_TYPE_GTT: cc662126b4134e Abdiel Janulgue 2019-12-04 980 vma->vm_page_prot = cc662126b4134e Abdiel Janulgue 2019-12-04 981 pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); cc662126b4134e Abdiel Janulgue 2019-12-04 982 vma->vm_ops = &vm_ops_gtt; cc662126b4134e Abdiel Janulgue 2019-12-04 983 break; cc662126b4134e Abdiel Janulgue 2019-12-04 984 } cc662126b4134e Abdiel Janulgue 2019-12-04 985 vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); cc662126b4134e Abdiel Janulgue 2019-12-04 986 cc662126b4134e Abdiel Janulgue 2019-12-04 987 return 0; b414fcd5be0b00 Chris Wilson 2019-05-28 988 } b414fcd5be0b00 Chris Wilson 2019-05-28 989 :::::: The code at line 961 was first introduced by commit :::::: cc662126b4134e25fcfb6cad480de0fa95a4d3d8 drm/i915: Introduce DRM_I915_GEM_MMAP_OFFSET :::::: TO: Abdiel Janulgue <[email protected]> :::::: CC: Chris Wilson <[email protected]> -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
