Quoting Jia-Ju Bai (2018-09-01 13:20:41) > The driver may sleep with holding a spinlock. > > The function call paths (from bottom to top) in Linux-4.16 are: > > [FUNC] kmalloc(GFP_KERNEL) > drivers/gpu/drm/drm_mm.c, 130: > kmalloc in show_leaks > drivers/gpu/drm/drm_mm.c, 913: > show_leaks in drm_mm_takedown > drivers/gpu/drm/drm_vma_manager.c, 107: > drm_mm_takedown in drm_vma_offset_manager_destroy > drivers/gpu/drm/drm_vma_manager.c, 106: > _raw_write_lock in drm_vma_offset_manager_destroy > > [FUNC] kmalloc(GFP_KERNEL) > drivers/gpu/drm/drm_mm.c, 130: > kmalloc in show_leaks > drivers/gpu/drm/drm_mm.c, 913: > show_leaks in drm_mm_takedown > drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c, 71: > drm_mm_takedown in amdgpu_vram_mgr_fini > drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c, 70: > spin_lock in amdgpu_vram_mgr_fini > > [FUNC] kmalloc(GFP_KERNEL) > drivers/gpu/drm/drm_mm.c, 130: > kmalloc in show_leaks > drivers/gpu/drm/drm_mm.c, 913: > show_leaks in drm_mm_takedown > drivers/gpu/drm/ttm/ttm_bo_manager.c, 128: > drm_mm_takedown in ttm_bo_man_takedown > drivers/gpu/drm/ttm/ttm_bo_manager.c, 126: > spin_lock in ttm_bo_man_takedown > > To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. The bug are above, since those spinlocks do not protect the data and imply use-after-free. -Chris _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
