[PATCH] drm/amdgpu: fix use-after-free issue

Christian König christian.koenig at amd.com
Mon Apr 22 11:31:39 UTC 2024 

Am 22.04.24 um 13:29 schrieb Lazar, Lijo:
> On 4/22/2024 4:52 PM, Christian König wrote:
>> Am 22.04.24 um 11:37 schrieb Lazar, Lijo:
>>> On 4/22/2024 2:59 PM, Christian König wrote:
>>>> Am 22.04.24 um 10:47 schrieb Jack Xiao:
>>>>> Delete fence fallback timer to fix the ramdom
>>>>> use-after-free issue.
>>>> That's already done in amdgpu_fence_driver_hw_fini() and absolutely
>>>> shouldn't be in amdgpu_ring_fini().
>>>>
>>>> And the kfree(ring->fence_drv.fences); shouldn't be there either since
>>>> that is done in amdgpu_fence_driver_sw_fini().
>>>>
>>> In the present logic, these are part of special rings dynamically
>>> created for mes self tests with
>>> amdgpu_mes_add_ring/amdgpu_mes_remove_ring.
>> Ok, we should probably stop doing that altogether.
>>
>> Shashanks work of utilizing the MES in userspace is nearly finished and
>> we don't really need the MES test in the kernel any more.
>>
> A v2 of the patch is posted. Can we use it temporarily till Shashank's
> work is in place?

Yes, absolutely.

> Assuming Shashank's work will also include removing
> MES self test in kernel.

Yes, that was the long term plan. But no idea when we can completely 
upstream that work.

Regards,
Christian.

>
> Thanks,
> Lijo
>
>> Regards,
>> Christian.
>>
>>> Thanks,
>>> Lijo
>>>
>>>> Regards,
>>>> Christian.
>>>>
>>>>> Signed-off-by: Jack Xiao <Jack.Xiao at amd.com>
>>>>> ---
>>>>>     drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 +
>>>>>     1 file changed, 1 insertion(+)
>>>>>
>>>>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>>>> b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>>>> index 06f0a6534a94..93ab9faa2d72 100644
>>>>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>>>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
>>>>> @@ -390,6 +390,7 @@ void amdgpu_ring_fini(struct amdgpu_ring *ring)
>>>>>                           &ring->gpu_addr,
>>>>>                           (void **)&ring->ring);
>>>>>         } else {
>>>>> +        del_timer_sync(&ring->fence_drv.fallback_timer);
>>>>>             kfree(ring->fence_drv.fences);
>>>>>         }
>>>>>

More information about the amd-gfx mailing list