[PATCH v3] drm/amdgpu: user pages array memory leak fix

Joe Barnett thejoe at gmail.com
Sat Oct 12 16:12:26 UTC 2019 

Confirming that v3 patch still fixes the bug.

Thanks,
-Joe

On Fri, Oct 11, 2019 at 7:36 AM Yang, Philip <Philip.Yang at amd.com> wrote:

> user_pages array should always be freed after validation regardless if
> user pages are changed after bo is created because with HMM change parse
> bo always allocate user pages array to get user pages for userptr bo.
>
> v2: remove unused local variable and amend commit
>
> v3: add back get user pages in gem_userptr_ioctl, to detect application
> bug where an userptr VMA is not ananymous memory and reject it.
>
> Bugzilla: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1844962
>
> Signed-off-by: Philip Yang <Philip.Yang at amd.com>
> Tested-by: Joe Barnett <thejoe at gmail.com>
> Reviewed-by: Christian König <christian.koenig at amd.com>
> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index c18a153b3d2a..e7b39daa22f6 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -476,7 +476,6 @@ static int amdgpu_cs_list_validate(struct
> amdgpu_cs_parser *p,
>
>         list_for_each_entry(lobj, validated, tv.head) {
>                 struct amdgpu_bo *bo = ttm_to_amdgpu_bo(lobj->tv.bo);
> -               bool binding_userptr = false;
>                 struct mm_struct *usermm;
>
>                 usermm = amdgpu_ttm_tt_get_usermm(bo->tbo.ttm);
> @@ -493,14 +492,13 @@ static int amdgpu_cs_list_validate(struct
> amdgpu_cs_parser *p,
>
>                         amdgpu_ttm_tt_set_user_pages(bo->tbo.ttm,
>                                                      lobj->user_pages);
> -                       binding_userptr = true;
>                 }
>
>                 r = amdgpu_cs_validate(p, bo);
>                 if (r)
>                         return r;
>
> -               if (binding_userptr) {
> +               if (lobj->user_pages) {
>                         kvfree(lobj->user_pages);
>                         lobj->user_pages = NULL;
>                 }
> --
> 2.17.1
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/amd-gfx/attachments/20191012/502c84ee/attachment.html>

More information about the amd-gfx mailing list