[PATCH] drm/amdkfd: fix double free mem structure

[Felix Kuehling]

Am 2021-11-26 um 6:58 p.m. schrieb Philip Yang:
> drm_gem_object_put calls release_notify callback to free the mem
> structure and unreserve_mem_limit, move it down after the last access
> of mem and make it conditional call.
>
> Signed-off-by: Philip Yang <Philip.Yang at amd.com>
> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> index c5362c23e687..e592a2067133 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
> @@ -1582,14 +1582,16 @@ int amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu(
>  err_pin_bo:
>  	drm_vma_node_revoke(&gobj->vma_node, drm_priv);
>  err_node_allow:
> -	drm_gem_object_put(gobj);
>  	/* Don't unreserve system mem limit twice */
>  	goto err_reserve_limit;
>  err_bo_create:
>  	unreserve_mem_limit(adev, size, flags);
>  err_reserve_limit:
>  	mutex_destroy(&(*mem)->lock);
> -	kfree(*mem);
> +	if (gobj)

For this to work you need to initialize gobj = NULL at the start of the
function. I think you should also see an "uninitialized variable"
warning without that.

Regards,
  Felix


> +		drm_gem_object_put(gobj);
> +	else
> +		kfree(*mem);
>  err:
>  	if (sg) {
>  		sg_free_table(sg);