[PATCH] drm/amdgpu: Fix double free of dmabuf
Felix Kuehling
felix.kuehling at amd.com
Fri Nov 19 23:22:24 UTC 2021
On 2021-11-19 5:17 a.m., xinhui pan wrote:
> amdgpu_amdkfd_gpuvm_free_memory_of_gpu drop dmabuf reference increased in
> amdgpu_gem_prime_export.
> amdgpu_bo_destroy drop dmabuf reference increased in
> amdgpu_gem_prime_import.
OK. This was not obvious at all. The get_dma_buf in
amdgpu_gem_prime_import could use a comment that it's balanced by the
dma_buf_put in drm_prime_gem_destroy, which gets called from
amdgpu_bo_destroy for any bo that has a bo->tbo.base.import_attach.
I confirmed the bug and tested the fix by running the following test on
a 2-GPU system
HSA_USERPTR_FOR_PAGED_MEM=0 run_kfdtest.sh
--gtest_filter=KFDMemoryTest.MMBench
>
> So remove this extra dma_buf_put to avoid double free.
>
> Signed-off-by: xinhui pan <xinhui.pan at amd.com>
Tested-by: Felix Kuehling <Felix.Kuehling at amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling at amd.com>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 6 ------
> 1 file changed, 6 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> index 6c6d5d994b5d..0f68d28e002e 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> @@ -665,12 +665,6 @@ kfd_mem_attach_dmabuf(struct amdgpu_device *adev, struct kgd_mem *mem,
> if (IS_ERR(gobj))
> return PTR_ERR(gobj);
>
> - /* Import takes an extra reference on the dmabuf. Drop it now to
> - * avoid leaking it. We only need the one reference in
> - * kgd_mem->dmabuf.
> - */
> - dma_buf_put(mem->dmabuf);
> -
> *bo = gem_to_amdgpu_bo(gobj);
> (*bo)->flags |= AMDGPU_GEM_CREATE_PREEMPTIBLE;
> (*bo)->parent = amdgpu_bo_ref(mem->bo);
More information about the amd-gfx
mailing list