[AMD Official Use Only - General] Reviewed-by: Tao Zhou <tao.zh...@amd.com>
> -----Original Message----- > From: amd-gfx <amd-gfx-boun...@lists.freedesktop.org> On Behalf Of > Stanley.Yang > Sent: Thursday, November 17, 2022 11:01 AM > To: amd-gfx@lists.freedesktop.org > Cc: Wang, YuBiao <yubiao.w...@amd.com>; andrey.grodzov...@amd.com; > Yang, Stanley <stanley.y...@amd.com> > Subject: [PATCH Reivew 1/1] drm/amdgpu: fix use-after-free during gpu > recovery > > [Why] > [ 754.862560] refcount_t: underflow; use-after-free. > [ 754.862898] Call Trace: > [ 754.862903] <TASK> > [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] > [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] > > [How] > The fw_fence may be not init, check whether dma_fence_init > is performed before job free > > Signed-off-by: Stanley.Yang <stanley.y...@amd.com> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > index 8771df97d590..ddee6a6b133d 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > @@ -169,7 +169,11 @@ static void amdgpu_job_free_cb(struct drm_sched_job > *s_job) > amdgpu_sync_free(&job->sync); > amdgpu_sync_free(&job->sched_sync); > > - dma_fence_put(&job->hw_fence); > + /* only put the hw fence if has embedded fence */ > + if (!job->hw_fence.ops) > + kfree(job); > + else > + dma_fence_put(&job->hw_fence); > } > > void amdgpu_job_set_gang_leader(struct amdgpu_job *job, > -- > 2.17.1
