[AMD Official Use Only - General] Reviewed-by: Tao Zhou <tao.zhou1@xxxxxxx> > -----Original Message----- > From: amd-gfx <amd-gfx-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of > Stanley.Yang > Sent: Thursday, November 17, 2022 11:01 AM > To: amd-gfx@xxxxxxxxxxxxxxxxxxxxx > Cc: Wang, YuBiao <YuBiao.Wang@xxxxxxx>; andrey.grodzovsky@xxxxxxx; > Yang, Stanley <Stanley.Yang@xxxxxxx> > Subject: [PATCH Reivew 1/1] drm/amdgpu: fix use-after-free during gpu > recovery > > [Why] > [ 754.862560] refcount_t: underflow; use-after-free. > [ 754.862898] Call Trace: > [ 754.862903] <TASK> > [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] > [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] > > [How] > The fw_fence may be not init, check whether dma_fence_init > is performed before job free > > Signed-off-by: Stanley.Yang <Stanley.Yang@xxxxxxx> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > index 8771df97d590..ddee6a6b133d 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c > @@ -169,7 +169,11 @@ static void amdgpu_job_free_cb(struct drm_sched_job > *s_job) > amdgpu_sync_free(&job->sync); > amdgpu_sync_free(&job->sched_sync); > > - dma_fence_put(&job->hw_fence); > + /* only put the hw fence if has embedded fence */ > + if (!job->hw_fence.ops) > + kfree(job); > + else > + dma_fence_put(&job->hw_fence); > } > > void amdgpu_job_set_gang_leader(struct amdgpu_job *job, > -- > 2.17.1
