Am 11.12.24 um 18:10 schrieb Pierre-Eric Pelloux-Prayer:
Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()")
accessing job->base.sched can produce unexpected results as the initialisation
of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the
memset.
This commit fixes an issue when a CS would fail validation and would
be rejected after job->num_ibs is incremented. In this case,
amdgpu_ib_free(ring->adev, ...) will be called, which would crash the
machine because the ring value is bogus.
To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this
because the device is actually not used in this function.
The next commit will remove the ring argument completely.
Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@xxxxxxx>
I would squash patch #1 and #2 together, but that isn't a must have.We should look out for potential issues with patch #3, but I still hope that we cleaned up all users of this pointer.
Series is Reviewed-by: Christian König <christian.koenig@xxxxxxx> Regards, Christian.
--- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c index 9b322569255e..9ec8d5a8e48c 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c @@ -256,7 +256,6 @@ void amdgpu_job_set_resources(struct amdgpu_job *job, struct amdgpu_bo *gds,void amdgpu_job_free_resources(struct amdgpu_job *job){ - struct amdgpu_ring *ring = to_amdgpu_ring(job->base.sched); struct dma_fence *f; unsigned i;@@ -269,7 +268,7 @@ void amdgpu_job_free_resources(struct amdgpu_job *job)f = NULL;for (i = 0; i < job->num_ibs; ++i)- amdgpu_ib_free(ring->adev, &job->ibs[i], f); + amdgpu_ib_free(NULL, &job->ibs[i], f); }static void amdgpu_job_free_cb(struct drm_sched_job *s_job)
