1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
From ce1f8843282fce8b8bd45d95300318e0b7aacd16 Mon Sep 17 00:00:00 2001
From: Andrey Grodzovsky <andrey.grodzovsky@amd.com>
Date: Wed, 14 Mar 2018 14:07:49 -0400
Subject: [PATCH 3786/4131] drm/amd/powerplay: Fix KASAN user after free on
driver unload.
Reusing local handle to initialize BO without resetting it to
NULL is wrong since it causes amdgpu_bo_create_reserved to skip
new BO creation and just reuse the given pointer for pinning.
Change-Id: Ib7701c85d9c19a8f79d3b125f85a8b1a2e7d0bba
Reviewed-by: Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Andrey Grodzovsky <andrey.grodzovsky@amd.com>
---
drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c | 22 ++++------
.../gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c | 49 +++++++---------------
2 files changed, 23 insertions(+), 48 deletions(-)
diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c
index e2ee23a..6f360c3 100644
--- a/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c
+++ b/drivers/gpu/drm/amd/powerplay/smumgr/rv_smumgr.c
@@ -327,10 +327,7 @@ static int rv_start_smu(struct pp_hwmgr *hwmgr)
static int rv_smu_init(struct pp_hwmgr *hwmgr)
{
- struct amdgpu_bo *handle = NULL;
struct rv_smumgr *priv;
- uint64_t mc_addr;
- void *kaddr = NULL;
int r;
priv = kzalloc(sizeof(struct rv_smumgr), GFP_KERNEL);
@@ -345,9 +342,9 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)
sizeof(Watermarks_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[WMTABLE].handle,
+ &priv->smu_tables.entry[WMTABLE].mc_addr,
+ &priv->smu_tables.entry[WMTABLE].table);
if (r)
return -EINVAL;
@@ -355,18 +352,16 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)
priv->smu_tables.entry[WMTABLE].version = 0x01;
priv->smu_tables.entry[WMTABLE].size = sizeof(Watermarks_t);
priv->smu_tables.entry[WMTABLE].table_id = TABLE_WATERMARKS;
- priv->smu_tables.entry[WMTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[WMTABLE].table = kaddr;
- priv->smu_tables.entry[WMTABLE].handle = handle;
+
/* allocate space for watermarks table */
r = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,
sizeof(DpmClocks_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[CLOCKTABLE].handle,
+ &priv->smu_tables.entry[CLOCKTABLE].mc_addr,
+ &priv->smu_tables.entry[CLOCKTABLE].table);
if (r) {
amdgpu_bo_free_kernel(&priv->smu_tables.entry[WMTABLE].handle,
@@ -378,9 +373,6 @@ static int rv_smu_init(struct pp_hwmgr *hwmgr)
priv->smu_tables.entry[CLOCKTABLE].version = 0x01;
priv->smu_tables.entry[CLOCKTABLE].size = sizeof(DpmClocks_t);
priv->smu_tables.entry[CLOCKTABLE].table_id = TABLE_DPMCLOCKS;
- priv->smu_tables.entry[CLOCKTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[CLOCKTABLE].table = kaddr;
- priv->smu_tables.entry[CLOCKTABLE].handle = handle;
return 0;
}
diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c
index 2199508..bc467ba 100644
--- a/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c
+++ b/drivers/gpu/drm/amd/powerplay/smumgr/vega10_smumgr.c
@@ -377,10 +377,7 @@ static int vega10_verify_smc_interface(struct pp_hwmgr *hwmgr)
static int vega10_smu_init(struct pp_hwmgr *hwmgr)
{
- struct amdgpu_bo *handle = NULL;
struct vega10_smumgr *priv;
- uint64_t mc_addr;
- void *kaddr = NULL;
unsigned long tools_size;
int ret;
struct cgs_firmware_info info = {0};
@@ -403,27 +400,24 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)
sizeof(PPTable_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[PPTABLE].handle,
+ &priv->smu_tables.entry[PPTABLE].mc_addr,
+ &priv->smu_tables.entry[PPTABLE].table);
if (ret)
goto free_backend;
priv->smu_tables.entry[PPTABLE].version = 0x01;
priv->smu_tables.entry[PPTABLE].size = sizeof(PPTable_t);
priv->smu_tables.entry[PPTABLE].table_id = TABLE_PPTABLE;
- priv->smu_tables.entry[PPTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[PPTABLE].table = kaddr;
- priv->smu_tables.entry[PPTABLE].handle = handle;
/* allocate space for watermarks table */
ret = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,
sizeof(Watermarks_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[WMTABLE].handle,
+ &priv->smu_tables.entry[WMTABLE].mc_addr,
+ &priv->smu_tables.entry[WMTABLE].table);
if (ret)
goto err0;
@@ -431,18 +425,15 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)
priv->smu_tables.entry[WMTABLE].version = 0x01;
priv->smu_tables.entry[WMTABLE].size = sizeof(Watermarks_t);
priv->smu_tables.entry[WMTABLE].table_id = TABLE_WATERMARKS;
- priv->smu_tables.entry[WMTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[WMTABLE].table = kaddr;
- priv->smu_tables.entry[WMTABLE].handle = handle;
/* allocate space for AVFS table */
ret = amdgpu_bo_create_kernel((struct amdgpu_device *)hwmgr->adev,
sizeof(AvfsTable_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[AVFSTABLE].handle,
+ &priv->smu_tables.entry[AVFSTABLE].mc_addr,
+ &priv->smu_tables.entry[AVFSTABLE].table);
if (ret)
goto err1;
@@ -450,9 +441,6 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)
priv->smu_tables.entry[AVFSTABLE].version = 0x01;
priv->smu_tables.entry[AVFSTABLE].size = sizeof(AvfsTable_t);
priv->smu_tables.entry[AVFSTABLE].table_id = TABLE_AVFS;
- priv->smu_tables.entry[AVFSTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[AVFSTABLE].table = kaddr;
- priv->smu_tables.entry[AVFSTABLE].handle = handle;
tools_size = 0x19000;
if (tools_size) {
@@ -460,17 +448,14 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)
tools_size,
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[TOOLSTABLE].handle,
+ &priv->smu_tables.entry[TOOLSTABLE].mc_addr,
+ &priv->smu_tables.entry[TOOLSTABLE].table);
if (ret)
goto err2;
priv->smu_tables.entry[TOOLSTABLE].version = 0x01;
priv->smu_tables.entry[TOOLSTABLE].size = tools_size;
priv->smu_tables.entry[TOOLSTABLE].table_id = TABLE_PMSTATUSLOG;
- priv->smu_tables.entry[TOOLSTABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[TOOLSTABLE].table = kaddr;
- priv->smu_tables.entry[TOOLSTABLE].handle = handle;
}
/* allocate space for AVFS Fuse table */
@@ -478,18 +463,16 @@ static int vega10_smu_init(struct pp_hwmgr *hwmgr)
sizeof(AvfsFuseOverride_t),
PAGE_SIZE,
AMDGPU_GEM_DOMAIN_VRAM,
- &handle,
- &mc_addr,
- &kaddr);
+ &priv->smu_tables.entry[AVFSFUSETABLE].handle,
+ &priv->smu_tables.entry[AVFSFUSETABLE].mc_addr,
+ &priv->smu_tables.entry[AVFSFUSETABLE].table);
if (ret)
goto err3;
priv->smu_tables.entry[AVFSFUSETABLE].version = 0x01;
priv->smu_tables.entry[AVFSFUSETABLE].size = sizeof(AvfsFuseOverride_t);
priv->smu_tables.entry[AVFSFUSETABLE].table_id = TABLE_AVFS_FUSE_OVERRIDE;
- priv->smu_tables.entry[AVFSFUSETABLE].mc_addr = mc_addr;
- priv->smu_tables.entry[AVFSFUSETABLE].table = kaddr;
- priv->smu_tables.entry[AVFSFUSETABLE].handle = handle;
+
return 0;
--
2.7.4
|
