This is a note to let you know that I've just added the patch titled drm/amdgpu: drop redundant sched job cleanup when cs is aborted to the 6.3-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: drm-amdgpu-drop-redundant-sched-job-cleanup-when-cs-is-aborted.patch and it can be found in the queue-6.3 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8 Mon Sep 17 00:00:00 2001 From: Guchun Chen <guchun.chen@xxxxxxx> Date: Wed, 26 Apr 2023 09:46:54 +0800 Subject: drm/amdgpu: drop redundant sched job cleanup when cs is aborted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Guchun Chen <guchun.chen@xxxxxxx> commit 1253685f0d3eb3eab0bfc4bf15ab341a5f3da0c8 upstream. Once command submission failed due to userptr invalidation in amdgpu_cs_submit, legacy code will perform cleanup of scheduler job. However, it's not needed at all, as former commit has integrated job cleanup stuff into amdgpu_job_free. Otherwise, because of double free, a NULL pointer dereference will occur in such scenario. Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2457 Fixes: f7d66fb2ea43 ("drm/amdgpu: cleanup scheduler job initialization v2") Signed-off-by: Guchun Chen <guchun.chen@xxxxxxx> Reviewed-by: Christian König <christian.koenig@xxxxxxx> Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c @@ -1276,7 +1276,7 @@ static int amdgpu_cs_submit(struct amdgp r = drm_sched_job_add_dependency(&leader->base, fence); if (r) { dma_fence_put(fence); - goto error_cleanup; + return r; } } @@ -1303,7 +1303,8 @@ static int amdgpu_cs_submit(struct amdgp } if (r) { r = -EAGAIN; - goto error_unlock; + mutex_unlock(&p->adev->notifier_lock); + return r; } p->fence = dma_fence_get(&leader->base.s_fence->finished); @@ -1350,14 +1351,6 @@ static int amdgpu_cs_submit(struct amdgp mutex_unlock(&p->adev->notifier_lock); mutex_unlock(&p->bo_list->bo_list_mutex); return 0; - -error_unlock: - mutex_unlock(&p->adev->notifier_lock); - -error_cleanup: - for (i = 0; i < p->gang_size; ++i) - drm_sched_job_cleanup(&p->jobs[i]->base); - return r; } /* Cleanup the parser structure */ Patches currently in stable-queue which might be from guchun.chen@xxxxxxx are queue-6.3/drm-amdgpu-disable-sdma-ecc-irq-only-when-sdma-ras-is-enabled-in-suspend.patch queue-6.3/drm-amd-pm-parse-pp_handle-under-appropriate-conditions.patch queue-6.3/drm-amdgpu-drop-redundant-sched-job-cleanup-when-cs-is-aborted.patch queue-6.3/drm-amdgpu-fix-amdgpu_irq_put-call-trace-in-gmc_v10_0_hw_fini.patch queue-6.3/drm-amdgpu-drop-gfx_v11_0_cp_ecc_error_irq_funcs.patch queue-6.3/drm-amdgpu-gfx-disable-gfx9-cp_ecc_error_irq-only-when-enabling-legacy-gfx-ras.patch queue-6.3/drm-amd-pm-avoid-potential-ubsan-issue-on-legacy-asics.patch queue-6.3/drm-amdgpu-fix-amdgpu_irq_put-call-trace-in-gmc_v11_0_hw_fini.patch