[linux-next:master 13299/13550] drivers/gpu/drm/xe/xe_guc_submit.c:1417 guc_exec_queue_process_msg() error: dereferencing freed memory 'msg'

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: Dan Carpenter <dan.carpenter@linaro.org>
To: oe-kbuild@lists.linux.dev, Matthew Brost <matthew.brost@intel.com>
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev,
	Linux Memory Management List <linux-mm@kvack.org>,
	Matthew Auld <matthew.auld@intel.com>,
	Nirmoy Das <nirmoy.das@intel.com>
Subject: [linux-next:master 13299/13550] drivers/gpu/drm/xe/xe_guc_submit.c:1417 guc_exec_queue_process_msg() error: dereferencing freed memory 'msg'
Date: Tue, 23 Jul 2024 14:06:08 -0500	[thread overview]
Message-ID: <69198958-f351-48f5-8b94-2f0098c1c7b8@suswa.mountain> (raw)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   2347b4c79f5e6cd3f4996e80c2d3c15f53006bf5
commit: d930c19fdff3109e97b610fa10943b7602efcabd [13299/13550] drm/xe: Build PM into GuC CT layer
config: i386-randconfig-141-20240722 (https://download.01.org/0day-ci/archive/20240723/202407231445.rpisd1vA-lkp@intel.com/config)
compiler: clang version 18.1.5 (https://github.com/llvm/llvm-project 617a15a9eac96088ae5e9134248d8236e34b91b1)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202407231445.rpisd1vA-lkp@intel.com/

smatch warnings:
drivers/gpu/drm/xe/xe_guc_submit.c:1417 guc_exec_queue_process_msg() error: dereferencing freed memory 'msg'

vim +/msg +1417 drivers/gpu/drm/xe/xe_guc_submit.c

9b9529ce379a08 Francois Dugast 2023-07-31  1396  static void guc_exec_queue_process_msg(struct xe_sched_msg *msg)
dd08ebf6c3525a Matthew Brost   2023-03-30  1397  {
dd08ebf6c3525a Matthew Brost   2023-03-30  1398  	trace_xe_sched_msg_recv(msg);
dd08ebf6c3525a Matthew Brost   2023-03-30  1399  
dd08ebf6c3525a Matthew Brost   2023-03-30  1400  	switch (msg->opcode) {
dd08ebf6c3525a Matthew Brost   2023-03-30  1401  	case CLEANUP:
9b9529ce379a08 Francois Dugast 2023-07-31  1402  		__guc_exec_queue_process_msg_cleanup(msg);
dd08ebf6c3525a Matthew Brost   2023-03-30  1403  		break;
dd08ebf6c3525a Matthew Brost   2023-03-30  1404  	case SET_SCHED_PROPS:
9b9529ce379a08 Francois Dugast 2023-07-31  1405  		__guc_exec_queue_process_msg_set_sched_props(msg);
                                                                                                             ^^^
Freed

dd08ebf6c3525a Matthew Brost   2023-03-30  1406  		break;
dd08ebf6c3525a Matthew Brost   2023-03-30  1407  	case SUSPEND:
9b9529ce379a08 Francois Dugast 2023-07-31  1408  		__guc_exec_queue_process_msg_suspend(msg);
dd08ebf6c3525a Matthew Brost   2023-03-30  1409  		break;
dd08ebf6c3525a Matthew Brost   2023-03-30  1410  	case RESUME:
9b9529ce379a08 Francois Dugast 2023-07-31  1411  		__guc_exec_queue_process_msg_resume(msg);
dd08ebf6c3525a Matthew Brost   2023-03-30  1412  		break;
dd08ebf6c3525a Matthew Brost   2023-03-30  1413  	default:
99fea682887938 Francois Dugast 2023-07-27  1414  		XE_WARN_ON("Unknown message type");
dd08ebf6c3525a Matthew Brost   2023-03-30  1415  	}
d930c19fdff310 Matthew Brost   2024-07-19  1416  
d930c19fdff310 Matthew Brost   2024-07-19 @1417  	xe_pm_runtime_put(guc_to_xe(exec_queue_to_guc(msg->private_data)));
                                                                                                      ^^^
Use after free

dd08ebf6c3525a Matthew Brost   2023-03-30  1418  }

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2024-07-23 19:06 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69198958-f351-48f5-8b94-2f0098c1c7b8@suswa.mountain \
    --to=dan.carpenter@linaro.org \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=matthew.auld@intel.com \
    --cc=matthew.brost@intel.com \
    --cc=nirmoy.das@intel.com \
    --cc=oe-kbuild-all@lists.linux.dev \
    --cc=oe-kbuild@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox