[PATCH 1/3] drm/amdgpu: don't access invalid sched

Alex Deucher alexdeucher at gmail.com
Wed Dec 11 17:27:34 UTC 2024


On Wed, Dec 11, 2024 at 12:13 PM Pierre-Eric Pelloux-Prayer
<pierre-eric.pelloux-prayer at amd.com> wrote:
>
> Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()")
> accessing job->base.sched can produce unexpected results as the initialisation
> of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the
> memset.
>
> This commit fixes an issue when a CS would fail validation and would
> be rejected after job->num_ibs is incremented. In this case,
> amdgpu_ib_free(ring->adev, ...) will be called, which would crash the
> machine because the ring value is bogus.
>
> To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this
> because the device is actually not used in this function.
>
> The next commit will remove the ring argument completely.
>
> Signed-off-by: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer at amd.com>

Please add:
Fixes: 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()")

With that, the series is:
Reviewed-by: Alex Deucher <alexander.deucher at amd.com>

> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
> index 9b322569255e..9ec8d5a8e48c 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c
> @@ -256,7 +256,6 @@ void amdgpu_job_set_resources(struct amdgpu_job *job, struct amdgpu_bo *gds,
>
>  void amdgpu_job_free_resources(struct amdgpu_job *job)
>  {
> -       struct amdgpu_ring *ring = to_amdgpu_ring(job->base.sched);
>         struct dma_fence *f;
>         unsigned i;
>
> @@ -269,7 +268,7 @@ void amdgpu_job_free_resources(struct amdgpu_job *job)
>                 f = NULL;
>
>         for (i = 0; i < job->num_ibs; ++i)
> -               amdgpu_ib_free(ring->adev, &job->ibs[i], f);
> +               amdgpu_ib_free(NULL, &job->ibs[i], f);
>  }
>
>  static void amdgpu_job_free_cb(struct drm_sched_job *s_job)
> --
> 2.43.0
>


More information about the amd-gfx mailing list