Am 04.02.20 um 13:57 schrieb Dan Carpenter:
Hello Christian König,
The patch bd4264112f93: "drm/ttm: fix re-init of global structures" from Apr 16, 2019, leads to the following static checker warning:
drivers/gpu/drm/ttm/ttm_bo.c:1610 ttm_bo_global_release() warn: passing freed memory 'glob'
drivers/gpu/drm/ttm/ttm_bo.c 1591 static void ttm_bo_global_kobj_release(struct kobject *kobj) 1592 { 1593 struct ttm_bo_global *glob = 1594 container_of(kobj, struct ttm_bo_global, kobj); 1595 1596 __free_page(glob->dummy_read_page); 1597 } 1598 1599 static void ttm_bo_global_release(void) 1600 { 1601 struct ttm_bo_global *glob = &ttm_bo_glob; 1602 1603 mutex_lock(&ttm_global_mutex); 1604 if (--ttm_bo_glob_use_count > 0) 1605 goto out; 1606 1607 kobject_del(&glob->kobj); 1608 kobject_put(&glob->kobj); 1609 ttm_mem_global_release(&ttm_mem_glob); 1610 memset(glob, 0, sizeof(*glob)); ^^^^^^^^^^^^^^^^^^^^^^ Depending on the config kobject_release() might call ttm_bo_global_kobj_release() a few seconds after this memset. Maybe put the memset into ttm_bo_global_kobj_release()?
That's not possible. The object might be re-used directly after we drop the ttm_global_mutex.
How can we wait for the ttm_mem_global_release() to have finished?
I mean in theory that function should actually be used from a module_exit() callback, and we need to make 100% sure that the kobj is gone or we are running in a bunch of trouble.
Christian.
1611 out: 1612 mutex_unlock(&ttm_global_mutex); 1613 }
regards, dan carpenter