[PATCH] drm/amdgpu: fix use-after-free issue
Christian König
christian.koenig at amd.com
Mon Apr 22 11:22:14 UTC 2024
Am 22.04.24 um 11:37 schrieb Lazar, Lijo:
>
> On 4/22/2024 2:59 PM, Christian König wrote:
>> Am 22.04.24 um 10:47 schrieb Jack Xiao:
>>> Delete fence fallback timer to fix the ramdom
>>> use-after-free issue.
>> That's already done in amdgpu_fence_driver_hw_fini() and absolutely
>> shouldn't be in amdgpu_ring_fini().
>>
>> And the kfree(ring->fence_drv.fences); shouldn't be there either since
>> that is done in amdgpu_fence_driver_sw_fini().
>>
> In the present logic, these are part of special rings dynamically
> created for mes self tests with amdgpu_mes_add_ring/amdgpu_mes_remove_ring.
Ok, we should probably stop doing that altogether.
Shashanks work of utilizing the MES in userspace is nearly finished and
we don't really need the MES test in the kernel any more.
Regards,
Christian.
>
> Thanks,
> Lijo
>
>> Regards,
>> Christian.
>>
>>> Signed-off-by: Jack Xiao <Jack.Xiao at amd.com>
>>> ---
>>> drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>> index 06f0a6534a94..93ab9faa2d72 100644
>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>> @@ -390,6 +390,7 @@ void amdgpu_ring_fini(struct amdgpu_ring *ring)
>>> &ring->gpu_addr,
>>> (void **)&ring->ring);
>>> } else {
>>> + del_timer_sync(&ring->fence_drv.fallback_timer);
>>> kfree(ring->fence_drv.fences);
>>> }
>>>
More information about the amd-gfx
mailing list