Re: [PATCH 1/2] drm/amdgpu: fix NULL pointer dereference

Christian König <ckoenig.leichtzumerken@xxxxxxxxx> · Tue, 30 Mar 2021 12:38:47 +0200

Am 30.03.21 um 12:02 schrieb Guchun Chen:
ttm->sg needs to be checked before accessing its child member.

Call Trace:
  amdgpu_ttm_backend_destroy+0x12/0x70 [amdgpu]
  ttm_bo_cleanup_memtype_use+0x3a/0x60 [ttm]
  ttm_bo_release+0x17d/0x300 [ttm]
  amdgpu_bo_unref+0x1a/0x30 [amdgpu]
  amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x78b/0x8b0 [amdgpu]
  kfd_ioctl_alloc_memory_of_gpu+0x118/0x220 [amdgpu]
  kfd_ioctl+0x222/0x400 [amdgpu]
  ? kfd_dev_is_large_bar+0x90/0x90 [amdgpu]
  __x64_sys_ioctl+0x8e/0xd0
  ? __context_tracking_exit+0x52/0x90
  do_syscall_64+0x33/0x80
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f97f264d317
Code: b3 66 90 48 8b 05 71 4b 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 41 4b 2d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffdb402c338 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007f97f3cc63a0 RCX: 00007f97f264d317
RDX: 00007ffdb402c380 RSI: 00000000c0284b16 RDI: 0000000000000003
RBP: 00007ffdb402c380 R08: 00007ffdb402c428 R09: 00000000c4000004
R10: 00000000c4000004 R11: 0000000000000246 R12: 00000000c0284b16
R13: 0000000000000003 R14: 00007f97f3cc63a0 R15: 00007f8836200000

Signed-off-by: Guchun Chen <guchun.chen@xxxxxxx>

Yeah I had this one on my TODO list as well.

For now the patch is Acked-by: Christian König 
<christian.koenig@xxxxxxx>, but I'm not 100% sure if this is the right fix.

Please keep an eye open if anybody complains about issues with this 
patch, if yes we need to get back to the drawing board.

Christian.

---
  drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index e00263bcc88b..722efd86718e 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -867,7 +867,7 @@ static void amdgpu_ttm_tt_unpin_userptr(struct ttm_device *bdev,
  		DMA_BIDIRECTIONAL : DMA_TO_DEVICE;
  
  	/* double check that we don't free the table twice */
-	if (!ttm->sg->sgl)
+	if (!ttm->sg || !ttm->sg->sgl)
  		return;
  
  	/* unmap the pages mapped to the device */

_______________________________________________
amd-gfx mailing list
amd-gfx@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/amd-gfx







