drm/amdgpu: fix use-after-free during gpu recovery

[Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free Signed-off-by: Stanley.Yang <Stanley.Yang@amd.com> Reviewed-by: Tao Zhou <tao.zhou1@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
author: Stanley.Yang <Stanley.Yang@amd.com> 2022-11-16 12:08:22 +0300
committer: Alex Deucher <alexander.deucher@amd.com> 2022-11-23 17:01:53 +0300
commit: 3cb93f390453cde4d6afda1587aaa00e75e09617 (patch)
tree: ea553c0756d7d84162b7a19931cc3f37a051bbeb /drivers/gpu
parent: f2e1aa267f12b82e03927d1e918d2844ddd3eea5 (diff)
download: linux-3cb93f390453cde4d6afda1587aaa00e75e09617.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
index cd968e781077..f4a3122352de 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
@@ -169,7 +169,11 @@ static void amdgpu_job_free_cb(struct drm_sched_job *s_job)
 	amdgpu_sync_free(&job->sync);
 	amdgpu_sync_free(&job->sched_sync);
 
-	dma_fence_put(&job->hw_fence);
+	/* only put the hw fence if has embedded fence */
+	if (!job->hw_fence.ops)
+		kfree(job);
+	else
+		dma_fence_put(&job->hw_fence);
 }
 
 void amdgpu_job_set_gang_leader(struct amdgpu_job *job,
author	Stanley.Yang <Stanley.Yang@amd.com>	2022-11-16 12:08:22 +0300
committer	Alex Deucher <alexander.deucher@amd.com>	2022-11-23 17:01:53 +0300
commit	3cb93f390453cde4d6afda1587aaa00e75e09617 (patch)
tree	ea553c0756d7d84162b7a19931cc3f37a051bbeb /drivers/gpu
parent	f2e1aa267f12b82e03927d1e918d2844ddd3eea5 (diff)
download	linux-3cb93f390453cde4d6afda1587aaa00e75e09617.tar.xz