Am 31.05.23 um 06:48 schrieb Bob Zhou:
uvd ring in uvd_v7_0_sw_init only initializes ring in bare metal case,
so when executing amdgpu_uvd_resume to restore fence seq in SRIOV,
a null pointer dereference will occur. This patch correct this.
Ah! I was already wondering how this bug reports came to be.
In this case please fix the UVD code to not call
amdgpu_fence_driver_force_completion() in the first place instead of
hacking around that in the fence code.
Regards,
Christian.
Fixes: 043f2271e2d0a ("drm/amdgpu: mark force completed fences with -ECANCELED")
BUG: kernel NULL pointer dereference, address: 0000000000000000
Oops: 0000 [#1] PREEMPT SMP PTI
RIP: 0010:amdgpu_fence_driver_set_error+0x3f/0xc0 [amdgpu]
Call Trace:
<TASK>
amdgpu_fence_driver_force_completion+0x18/0x50 [amdgpu]
amdgpu_uvd_resume+0x1b2/0x380 [amdgpu]
? amdgpu_ring_init+0x73c/0x820 [amdgpu]
uvd_v7_0_sw_init+0x358/0x450 [amdgpu]
amdgpu_device_init.cold+0x198c/0x1fdf [amdgpu]
? pci_bus_read_config_byte+0x40/0x80
? pci_read_config_byte+0x27/0x50
amdgpu_driver_load_kms+0x1a/0x160 [amdgpu]
amdgpu_pci_probe+0x186/0x3c0 [amdgpu]
Signed-off-by: Bob Zhou <bob.zhou@xxxxxxx>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
index c694b41f6461..d2c5484309a6 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c
@@ -723,6 +723,8 @@ void amdgpu_fence_driver_set_error(struct amdgpu_ring *ring, int error)
*/
void amdgpu_fence_driver_force_completion(struct amdgpu_ring *ring)
{
+ if (ring->fence_drv.irq_src)
+ return;
amdgpu_fence_driver_set_error(ring, -ECANCELED);
amdgpu_fence_write(ring, ring->fence_drv.sync_seq);
amdgpu_fence_process(ring);
