[PATCH] drm/amdgpu: fix the memory corruption on S3
Huang Rui
ray.huang at amd.com
Thu Jun 29 08:15:09 UTC 2017
On Thu, Jun 29, 2017 at 04:07:33PM +0800, Michel Dänzer wrote:
> On 29/06/17 04:59 PM, Huang Rui wrote:
> > On Thu, Jun 29, 2017 at 03:34:57PM +0800, Michel Dänzer wrote:
> >> On 29/06/17 04:03 PM, Huang Rui wrote:
> >>> psp->cmd will be used on resume phase, so we can not free it on hw_init.
> >>> Otherwise, a memory corruption will be triggered.
> >>>
> >>> Signed-off-by: Huang Rui <ray.huang at amd.com>
> >>> ---
> >>>
> >>> Alex, Christian,
> >>>
> >>> This is the final fix for vega10 S3. The random memory corruption issue is
> >> root
> >>> caused.
> >>>
> >>> Thanks,
> >>> Ray
> >>>
> >>> ---
> >>> drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 8 ++++++--
> >>> 1 file changed, 6 insertions(+), 2 deletions(-)
> >>>
> >>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c b/drivers/gpu/drm/amd/
> >> amdgpu/amdgpu_psp.c
> >>> index 5041073..fcdd542 100644
> >>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
> >>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c
> >>> @@ -372,8 +372,6 @@ static int psp_load_fw(struct amdgpu_device *adev)
> >>> if (ret)
> >>> goto failed_mem;
> >>>
> >>> - kfree(cmd);
> >>> -
> >>> return 0;
> >>
> >> This looks like a good catch.
> >>
> >>
> >>> @@ -384,6 +382,7 @@ static int psp_load_fw(struct amdgpu_device *adev)
> >>> &psp->fw_pri_mc_addr, &psp->fw_pri_buf);
> >>> failed:
> >>> kfree(cmd);
> >>> + cmd = NULL;
> >>
> >> This should probably be
> >>
> >> psp->cmd = NULL;
> >>
> >> instead?
> >>
> >
> > Actually, we set psp->cmd = cmd before.
> >
> > But anyway, we needn't "cmd" member any more.
>
> You should probably still set psp->cmd = NULL here, otherwise psp->cmd
> still contains the pointer to the memory that is freed here, which could
> result in use-after-free somewhere else.
>
Right, I already found it and update it in V2, please take a look.
Thanks,
Ray
More information about the amd-gfx
mailing list