[PATCH] drm/ttm: Fix bo_global and mem_global kfree error

Christian König ckoenig.leichtzumerken at gmail.com
Tue Nov 6 11:59:32 UTC 2018 

Am 06.11.18 um 12:54 schrieb Trigger Huang:
> ttm_bo_glob and ttm_mem_glob are defined as structure instance, while
> not allocated by kzalloc, so kfree should not be invoked to release
> them anymore. Otherwise, it will cause the following kernel BUG when
> unloading amdgpu module
>
> [   48.419294] kernel BUG at /build/linux-5s7Xkn/linux-4.15.0/mm/slub.c:3894!
> [   48.419352] invalid opcode: 0000 [#1] SMP PTI
> [   48.419387] Modules linked in: amdgpu(OE-) amdchash(OE) amdttm(OE) amd_sched(OE) amdkcl(OE) amd_iommu_v2 drm_kms_helper drm i2c_algo_bit fb_sys_fops syscopyarea sysfillrect sysimgblt snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi pcbc snd_seq snd_seq_device snd_timer aesni_intel snd soundcore joydev aes_x86_64 crypto_simd glue_helper cryptd input_leds mac_hid serio_raw binfmt_misc nfsd auth_rpcgss nfs_acl lockd grace sunrpc sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 8139too psmouse i2c_piix4 8139cp mii floppy pata_acpi
> [   48.419782] CPU: 1 PID: 1281 Comm: modprobe Tainted: G           OE    4.15.0-20-generic #21-Ubuntu
> [   48.419838] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
> [   48.419901] RIP: 0010:kfree+0x137/0x180
> [   48.419934] RSP: 0018:ffffb02101273bf8 EFLAGS: 00010246
> [   48.419974] RAX: ffffeee1418ad7e0 RBX: ffffffffc075f100 RCX: ffff8fed7fca7ed0
> [   48.420025] RDX: 0000000000000000 RSI: 000000000003440e RDI: 0000000022400000
> [   48.420073] RBP: ffffb02101273c10 R08: 0000000000000010 R09: ffff8fed7ffd3680
> [   48.420121] R10: ffffeee1418ad7c0 R11: ffff8fed7ffd3000 R12: ffffffffc075e2c0
> [   48.420169] R13: ffffffffc074ec10 R14: ffff8fed73063900 R15: ffff8fed737428e8
> [   48.420216] FS:  00007fdc912ec540(0000) GS:ffff8fed7fc80000(0000) knlGS:0000000000000000
> [   48.420267] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   48.420308] CR2: 000055fa40c30060 CR3: 000000023470a006 CR4: 00000000003606e0
> [   48.420358] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   48.420405] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [   48.420452] Call Trace:
> [   48.420485]  ttm_bo_global_kobj_release+0x20/0x30 [amdttm]
> [   48.420528]  kobject_release+0x6a/0x180
> [   48.420562]  kobject_put+0x28/0x50
> [   48.420595]  ttm_bo_global_release+0x36/0x50 [amdttm]
> [   48.420636]  amdttm_bo_device_release+0x119/0x180 [amdttm]
> [   48.420678]  ? amdttm_bo_clean_mm+0xa6/0xf0 [amdttm]
> [   48.420760]  amdgpu_ttm_fini+0xc9/0x180 [amdgpu]
> [   48.420821]  amdgpu_bo_fini+0x12/0x40 [amdgpu]
> [   48.420889]  gmc_v9_0_sw_fini+0x40/0x50 [amdgpu]
> [   48.420947]  amdgpu_device_fini+0x36f/0x4c0 [amdgpu]
> [   48.421007]  amdgpu_driver_unload_kms+0xb4/0x150 [amdgpu]
> [   48.421058]  drm_dev_unregister+0x46/0xf0 [drm]
> [   48.421102]  drm_dev_unplug+0x12/0x70 [drm]
>
> Signed-off-by: Trigger Huang <Trigger.Huang at amd.com>

Reviewed-by: Christian König <christian.koenig at amd.com>

> ---
>   drivers/gpu/drm/ttm/ttm_bo.c     | 1 -
>   drivers/gpu/drm/ttm/ttm_memory.c | 9 ---------
>   2 files changed, 10 deletions(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
> index df02880..01c6d14 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
> @@ -1527,7 +1527,6 @@ static void ttm_bo_global_kobj_release(struct kobject *kobj)
>   		container_of(kobj, struct ttm_bo_global, kobj);
>   
>   	__free_page(glob->dummy_read_page);
> -	kfree(glob);
>   }
>   
>   static void ttm_bo_global_release(void)
> diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
> index 7704e17..f1567c3 100644
> --- a/drivers/gpu/drm/ttm/ttm_memory.c
> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
> @@ -219,14 +219,6 @@ static ssize_t ttm_mem_global_store(struct kobject *kobj,
>   	return size;
>   }
>   
> -static void ttm_mem_global_kobj_release(struct kobject *kobj)
> -{
> -	struct ttm_mem_global *glob =
> -		container_of(kobj, struct ttm_mem_global, kobj);
> -
> -	kfree(glob);
> -}
> -
>   static struct attribute *ttm_mem_global_attrs[] = {
>   	&ttm_mem_global_lower_mem_limit,
>   	NULL
> @@ -238,7 +230,6 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>   };
>   
>   static struct kobj_type ttm_mem_glob_kobj_type = {
> -	.release = &ttm_mem_global_kobj_release,
>   	.sysfs_ops = &ttm_mem_global_ops,
>   	.default_attrs = ttm_mem_global_attrs,
>   };

More information about the amd-gfx mailing list