summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStanley.Yang <Stanley.Yang@amd.com>2022-11-16 12:08:22 +0300
committerAlex Deucher <alexander.deucher@amd.com>2022-11-23 17:01:53 +0300
commit3cb93f390453cde4d6afda1587aaa00e75e09617 (patch)
treeea553c0756d7d84162b7a19931cc3f37a051bbeb
parentf2e1aa267f12b82e03927d1e918d2844ddd3eea5 (diff)
downloadlinux-3cb93f390453cde4d6afda1587aaa00e75e09617.tar.xz
drm/amdgpu: fix use-after-free during gpu recovery
[Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free Signed-off-by: Stanley.Yang <Stanley.Yang@amd.com> Reviewed-by: Tao Zhou <tao.zhou1@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
-rw-r--r--drivers/gpu/drm/amd/amdgpu/amdgpu_job.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
index cd968e781077..f4a3122352de 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
@@ -169,7 +169,11 @@ static void amdgpu_job_free_cb(struct drm_sched_job *s_job)
amdgpu_sync_free(&job->sync);
amdgpu_sync_free(&job->sched_sync);
- dma_fence_put(&job->hw_fence);
+ /* only put the hw fence if has embedded fence */
+ if (!job->hw_fence.ops)
+ kfree(job);
+ else
+ dma_fence_put(&job->hw_fence);
}
void amdgpu_job_set_gang_leader(struct amdgpu_job *job,