[PATCH] drm/amdgpu: fix use-after-free issue

[Christian König]

Am 22.04.24 um 10:47 schrieb Jack Xiao:
> Delete fence fallback timer to fix the ramdom
> use-after-free issue.

That's already done in amdgpu_fence_driver_hw_fini() and absolutely 
shouldn't be in amdgpu_ring_fini().

And the kfree(ring->fence_drv.fences); shouldn't be there either since 
that is done in amdgpu_fence_driver_sw_fini().

Regards,
Christian.

>
> Signed-off-by: Jack Xiao <Jack.Xiao at amd.com>
> ---
>   drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 +
>   1 file changed, 1 insertion(+)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
> index 06f0a6534a94..93ab9faa2d72 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
> @@ -390,6 +390,7 @@ void amdgpu_ring_fini(struct amdgpu_ring *ring)
>   				      &ring->gpu_addr,
>   				      (void **)&ring->ring);
>   	} else {
> +		del_timer_sync(&ring->fence_drv.fallback_timer);
>   		kfree(ring->fence_drv.fences);
>   	}
>