From 58442f0db3f89b7e77113295c72ac0672f74f92a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Christian=20K=C3=B6nig?= Date: Thu, 25 Mar 2021 16:06:57 +0100 Subject: [PATCH] drm/ttm: fix invalid NULL deref MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The BO might be NULL in this function, use the bdev directly. Signed-off-by: Christian König Reported-by: Colin Ian King Reviewed-by: Colin Ian King Fixes: a1f091f8ef2b ("drm/ttm: switch to per device LRU lock") Link: https://patchwork.freedesktop.org/patch/msgid/20210325152740.82633-1-christian.koenig@amd.com --- drivers/gpu/drm/ttm/ttm_bo.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c index 2d2ac532987e..6ab7b66ce36d 100644 --- a/drivers/gpu/drm/ttm/ttm_bo.c +++ b/drivers/gpu/drm/ttm/ttm_bo.c @@ -625,7 +625,7 @@ int ttm_mem_evict_first(struct ttm_device *bdev, unsigned i; int ret; - spin_lock(&bo->bdev->lru_lock); + spin_lock(&bdev->lru_lock); for (i = 0; i < TTM_MAX_BO_PRIORITY; ++i) { list_for_each_entry(bo, &man->lru[i], lru) { bool busy; @@ -662,7 +662,7 @@ int ttm_mem_evict_first(struct ttm_device *bdev, if (!bo) { if (busy_bo && !ttm_bo_get_unless_zero(busy_bo)) busy_bo = NULL; - spin_unlock(&bo->bdev->lru_lock); + spin_unlock(&bdev->lru_lock); ret = ttm_mem_evict_wait_busy(busy_bo, ctx, ticket); if (busy_bo) ttm_bo_put(busy_bo); @@ -676,7 +676,7 @@ int ttm_mem_evict_first(struct ttm_device *bdev, return ret; } - spin_unlock(&bo->bdev->lru_lock); + spin_unlock(&bdev->lru_lock); ret = ttm_bo_evict(bo, ctx); if (locked) -- 2.20.1