Mhm, looks like that somehow got dropped during rebase. Going to dig up where that actually ended up tomorrow. Christian. Am 05.06.19 um 16:44 schrieb Liu, Monk: > Strange, I get the latest "drm-next" branch and didn't see the change landed .... > > /Monk > > -----Original Message----- > From: Koenig, Christian > Sent: Wednesday, June 5, 2019 7:11 PM > To: Liu, Monk <Monk.Liu@xxxxxxx>; amd-gfx@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue > > This should already be fixed by patch "drm/ttm: fix re-init of global structures". > > Christian. > > Am 05.06.19 um 09:29 schrieb Liu, Monk: >> -----Original Message----- >> From: Monk Liu <Monk.Liu@xxxxxxx> >> Sent: Wednesday, June 5, 2019 2:45 PM >> To: amd-gfx@xxxxxxxxxxxxxxxxxxxxx >> Cc: Liu, Monk <Monk.Liu@xxxxxxx> >> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload >> issue >> >> need to clear bo glob and mem glob during their release otherwise their member value would be wrongly used in the next glob init stage and lead to wild pointer access problems: >> >> 1) kobj.state_initialized is 1 >> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it >> on member "swap_lru" would hit out of bound array accessing >> bug >> >> Signed-off-by: Monk Liu <Monk.Liu@xxxxxxx> >> --- >> drivers/gpu/drm/ttm/ttm_bo.c | 2 ++ >> drivers/gpu/drm/ttm/ttm_memory.c | 8 ++++++++ >> 2 files changed, 10 insertions(+) >> >> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c >> b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644 >> --- a/drivers/gpu/drm/ttm/ttm_bo.c >> +++ b/drivers/gpu/drm/ttm/ttm_bo.c >> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject *kobj) >> container_of(kobj, struct ttm_bo_global, kobj); >> >> __free_page(glob->dummy_read_page); >> + >> + memset(glob, 0, sizeof(*glob)); >> } >> >> static void ttm_bo_global_release(void) diff --git >> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c >> index 8617958..7128bbf 100644 >> --- a/drivers/gpu/drm/ttm/ttm_memory.c >> +++ b/drivers/gpu/drm/ttm/ttm_memory.c >> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = { >> .store = &ttm_mem_global_store, >> }; >> >> +void ttm_mem_glob_kobj_release(struct kobject *kobj) { >> + struct ttm_mem_global *glob = container_of(kobj, struct >> +ttm_mem_global, kobj); >> + >> + memset(glob, 0, sizeof(*glob)); >> +} >> + >> static struct kobj_type ttm_mem_glob_kobj_type = { >> .sysfs_ops = &ttm_mem_global_ops, >> .default_attrs = ttm_mem_global_attrs, >> + .release = ttm_mem_glob_kobj_release, >> }; >> >> static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob, >> -- >> 2.7.4 >> _______________________________________________ amd-gfx mailing list amd-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/amd-gfx