On 29/06/17 04:59 PM, Huang Rui wrote: > On Thu, Jun 29, 2017 at 03:34:57PM +0800, Michel Dänzer wrote: >> On 29/06/17 04:03 PM, Huang Rui wrote: >>> psp->cmd will be used on resume phase, so we can not free it on hw_init. >>> Otherwise, a memory corruption will be triggered. >>> >>> Signed-off-by: Huang Rui <ray.huang at amd.com> >>> --- >>> >>> Alex, Christian, >>> >>> This is the final fix for vega10 S3. The random memory corruption issue is >> root >>> caused. >>> >>> Thanks, >>> Ray >>> >>> --- >>> drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 8 ++++++-- >>> 1 file changed, 6 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c b/drivers/gpu/drm/amd/ >> amdgpu/amdgpu_psp.c >>> index 5041073..fcdd542 100644 >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c >>> @@ -372,8 +372,6 @@ static int psp_load_fw(struct amdgpu_device *adev) >>> if (ret) >>> goto failed_mem; >>> >>> - kfree(cmd); >>> - >>> return 0; >> >> This looks like a good catch. >> >> >>> @@ -384,6 +382,7 @@ static int psp_load_fw(struct amdgpu_device *adev) >>> &psp->fw_pri_mc_addr, &psp->fw_pri_buf); >>> failed: >>> kfree(cmd); >>> + cmd = NULL; >> >> This should probably be >> >> psp->cmd = NULL; >> >> instead? >> > > Actually, we set psp->cmd = cmd before. > > But anyway, we needn't "cmd" member any more. You should probably still set psp->cmd = NULL here, otherwise psp->cmd still contains the pointer to the memory that is freed here, which could result in use-after-free somewhere else. -- Earthling Michel Dänzer | http://www.amd.com Libre software enthusiast | Mesa and X developer
