drm/ttm: fix bulk_move corruption when adding a entry

author jsg <jsg@openbsd.org>

Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)

committer jsg <jsg@openbsd.org>

Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)
author jsg <jsg@openbsd.org>
Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)
committer jsg <jsg@openbsd.org>
Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)
diff --git a/sys/dev/pci/drm/ttm/ttm_resource.c b/sys/dev/pci/drm/ttm/ttm_resource.c

index 8b31e8d..802a724 100644 (file)
--- a/sys/dev/pci/drm/ttm/ttm_resource.c
+++ b/sys/dev/pci/drm/ttm/ttm_resource.c
@@ -85,6 +85,8 @@ static void ttm_lru_bulk_move_pos_tail(struct ttm_lru_bulk_move_pos *pos,
                                        struct ttm_resource *res)
  {
         if (pos->last != res) {
+               if (pos->first == res)
+                       pos->first = list_next_entry(res, lru);
                 list_move(&res->lru, &pos->last->lru);
                 pos->last = res;
         }
@@ -110,7 +112,8 @@ static void ttm_lru_bulk_move_del(struct ttm_lru_bulk_move *bulk,
  {
         struct ttm_lru_bulk_move_pos *pos = ttm_lru_bulk_move_pos(bulk, res);
  
-       if (unlikely(pos->first == res && pos->last == res)) {
+       if (unlikely(WARN_ON(!pos->first || !pos->last) ||
+                    (pos->first == res && pos->last == res))) {
                 pos->first = NULL;
                 pos->last = NULL;
         } else if (pos->first == res) {
author	jsg <jsg@openbsd.org>
	Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)
committer	jsg <jsg@openbsd.org>
	Fri, 28 Jul 2023 06:48:41 +0000 (06:48 +0000)