<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Helvetica,sans-serif;" dir="ltr">
<p style="margin-top:0;margin-bottom:0">Apply this patch with Christian's suggestions.</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">Thanks.</p>
<p style="margin-top:0;margin-bottom:0"><br>
</p>
<p style="margin-top:0;margin-bottom:0">Best Regards</p>
<p style="margin-top:0;margin-bottom:0">Rex<br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" color="#000000" face="Calibri, sans-serif"><b>From:</b> Christian König <ckoenig.leichtzumerken@gmail.com><br>
<b>Sent:</b> Thursday, March 15, 2018 2:21 AM<br>
<b>To:</b> Grodzovsky, Andrey; amd-gfx@lists.freedesktop.org<br>
<b>Cc:</b> Zhu, Rex; Koenig, Christian<br>
<b>Subject:</b> Re: [PATCH 2/2] drm/amd/powerplay: Fix KASAN user after free on driver unload.</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Am 14.03.2018 um 19:07 schrieb Andrey Grodzovsky:<br>
> Reusing local handle to initialize BO without resetting it to<br>
> NULL is wrong since it causes amdgpu_bo_create_reserved to skip<br>
> new BO creation and just reuse the given pointer for pinning.<br>
><br>
> Signed-off-by: Andrey Grodzovsky <andrey.grodzovsky@amd.com><br>
> ---<br>
> drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c | 7 ++-----<br>
> drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c | 16 +++++-----------<br>
> 2 files changed, 7 insertions(+), 16 deletions(-)<br>
><br>
> diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c<br>
> index e2ee23a..65c6ca7 100644<br>
> --- a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c<br>
> +++ b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c<br>
> @@ -327,7 +327,6 @@ static int rv_start_smu(struct pp_hwmgr *hwmgr)<br>
> <br>
> static int rv_smu_init(struct pp_hwmgr *hwmgr)<br>
> {<br>
> - struct amdgpu_bo *handle = NULL;<br>
> struct rv_smumgr *priv;<br>
> uint64_t mc_addr;<br>
> void *kaddr = NULL;<br>
> @@ -345,7 +344,7 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)<br>
> sizeof(Watermarks_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[WMTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> <br>
> @@ -357,14 +356,13 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[WMTABLE].table_id = TABLE_WATERMARKS;<br>
> priv->smu_tables.entry[WMTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[WMTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[WMTABLE].handle = handle;<br>
> <br>
> /* allocate space for watermarks table */<br>
> r = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,<br>
> sizeof(DpmClocks_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[CLOCKTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> <br>
> @@ -380,7 +378,6 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[CLOCKTABLE].table_id = TABLE_DPMCLOCKS;<br>
> priv->smu_tables.entry[CLOCKTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[CLOCKTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[CLOCKTABLE].handle = handle;<br>
> <br>
> return 0;<br>
> }<br>
> diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c<br>
> index 15e1afa..c8b326e 100644<br>
> --- a/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c<br>
> +++ b/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c<br>
> @@ -377,7 +377,6 @@ static int vega10_verify_smc_interface(struct pp_hwmgr *hwmgr)<br>
> <br>
> static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> {<br>
> - struct amdgpu_bo *handle = NULL;<br>
> struct vega10_smumgr *priv;<br>
> uint64_t mc_addr;<br>
> void *kaddr = NULL;<br>
> @@ -403,7 +402,7 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> sizeof(PPTable_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[PPTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> <br>
> @@ -415,14 +414,13 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[PPTABLE].table_id = TABLE_PPTABLE;<br>
> priv->smu_tables.entry[PPTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[PPTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[PPTABLE].handle = handle;<br>
> <br>
> /* allocate space for watermarks table */<br>
> ret = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,<br>
> sizeof(Watermarks_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[WMTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> <br>
> @@ -434,14 +432,13 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[WMTABLE].table_id = TABLE_WATERMARKS;<br>
> priv->smu_tables.entry[WMTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[WMTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[WMTABLE].handle = handle;<br>
> <br>
> /* allocate space for AVFS table */<br>
> ret = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,<br>
> sizeof(AvfsTable_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[AVFSTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> <br>
> @@ -453,7 +450,6 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[AVFSTABLE].table_id = TABLE_AVFS;<br>
> priv->smu_tables.entry[AVFSTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[AVFSTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[AVFSTABLE].handle = handle;<br>
> <br>
> tools_size = 0x19000;<br>
> if (tools_size) {<br>
> @@ -461,7 +457,7 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> tools_size,<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[TOOLSTABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
<br>
I think it would be better to specify mc_addr and kaddr directly as well.<br>
<br>
Christian.<br>
<br>
> if (ret)<br>
> @@ -471,7 +467,6 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[TOOLSTABLE].table_id = TABLE_PMSTATUSLOG;<br>
> priv->smu_tables.entry[TOOLSTABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[TOOLSTABLE].table = kaddr;<br>
> - priv->smu_tables.entry[TOOLSTABLE].handle = handle;<br>
> }<br>
> <br>
> /* allocate space for AVFS Fuse table */<br>
> @@ -479,7 +474,7 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> sizeof(AvfsFuseOverride_t),<br>
> PAGE_SIZE,<br>
> AMDGPU_GEM_DOMAIN_VRAM,<br>
> - &handle,<br>
> + &priv->smu_tables.entry[AVFSFUSETABLE].handle,<br>
> &mc_addr,<br>
> &kaddr);<br>
> if (ret)<br>
> @@ -490,7 +485,6 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)<br>
> priv->smu_tables.entry[AVFSFUSETABLE].table_id = TABLE_AVFS_FUSE_OVERRIDE;<br>
> priv->smu_tables.entry[AVFSFUSETABLE].mc_addr = mc_addr;<br>
> priv->smu_tables.entry[AVFSFUSETABLE].table = kaddr;<br>
> - priv->smu_tables.entry[AVFSFUSETABLE].handle = handle;<br>
> <br>
> return 0;<br>
> <br>
<br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>