[PATCH] drm/amdgpu: fix use-after-free issue

Lazar, Lijo lijo.lazar at amd.com
Mon Apr 22 09:37:33 UTC 2024



On 4/22/2024 2:59 PM, Christian König wrote:
> Am 22.04.24 um 10:47 schrieb Jack Xiao:
>> Delete fence fallback timer to fix the ramdom
>> use-after-free issue.
> 
> That's already done in amdgpu_fence_driver_hw_fini() and absolutely
> shouldn't be in amdgpu_ring_fini().
> 
> And the kfree(ring->fence_drv.fences); shouldn't be there either since
> that is done in amdgpu_fence_driver_sw_fini().
> 

In the present logic, these are part of special rings dynamically
created for mes self tests with amdgpu_mes_add_ring/amdgpu_mes_remove_ring.

Thanks,
Lijo

> Regards,
> Christian.
> 
>>
>> Signed-off-by: Jack Xiao <Jack.Xiao at amd.com>
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>> index 06f0a6534a94..93ab9faa2d72 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>> @@ -390,6 +390,7 @@ void amdgpu_ring_fini(struct amdgpu_ring *ring)
>>                         &ring->gpu_addr,
>>                         (void **)&ring->ring);
>>       } else {
>> +        del_timer_sync(&ring->fence_drv.fallback_timer);
>>           kfree(ring->fence_drv.fences);
>>       }
>>   
> 


More information about the amd-gfx mailing list