* amdgpf: BUG: NULL pointer dereference and memory leak
@ 2019-07-30 8:47 亿一
[not found] ` <CANTwqXBS5RohKsRWmfPDVxSEwri=XhuZVAmPAwdJibJODxcobA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: 亿一 @ 2019-07-30 8:47 UTC (permalink / raw)
To: alexander.deucher-5C7GfCeVMHo, christian.koenig-5C7GfCeVMHo,
David1.Zhou-5C7GfCeVMHo
Cc: amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
Hi alll,
While analyzing the source code, I notice that function
amdgpu_cs_process_fence_dep() may exist NULL pointer dereference and
memory leak in the following code fragments:
fence = amdgpu_ctx_get_fence(ctx, entity,
deps[i].handle);
if (chunk->chunk_id == AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES) {
struct drm_sched_fence *s_fence = to_drm_sched_fence(fence);
struct dma_fence *old = fence;
fence = dma_fence_get(&s_fence->scheduled);
dma_fence_put(old);
}
if (IS_ERR(fence)) {
r = PTR_ERR(fence);
amdgpu_ctx_put(ctx);
return r;
} else if (fence) {
r = amdgpu_sync_fence(p->adev, &p->job->sync, fence,
true);
dma_fence_put(fence);
amdgpu_ctx_put(ctx);
if (r)
return r;
}
function amdgpu_ctx_get_fence may return NULL pointer, which will
cause NULL pointer dereference. What's more, IS_ERR() would not
return true when pointer is NULL, which will cause the ctx reference
leaked.
But I don't know how to fix it, so report it to you all.
Best Regards.
Lin Yi.
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: amdgpf: BUG: NULL pointer dereference and memory leak
[not found] ` <CANTwqXBS5RohKsRWmfPDVxSEwri=XhuZVAmPAwdJibJODxcobA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2019-07-30 9:04 ` Koenig, Christian
[not found] ` <e929562a-96fd-88c8-1b60-f1c863872db8-5C7GfCeVMHo@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Koenig, Christian @ 2019-07-30 9:04 UTC (permalink / raw)
To: 亿一, Deucher, Alexander, Zhou, David(ChunMing)
Cc: amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
Am 30.07.19 um 10:47 schrieb 亿一:
> Hi alll,
> While analyzing the source code, I notice that function
> amdgpu_cs_process_fence_dep() may exist NULL pointer dereference and
> memory leak in the following code fragments:
>
>
> fence = amdgpu_ctx_get_fence(ctx, entity,
> deps[i].handle);
>
> if (chunk->chunk_id == AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES) {
> struct drm_sched_fence *s_fence = to_drm_sched_fence(fence);
> struct dma_fence *old = fence;
>
> fence = dma_fence_get(&s_fence->scheduled);
> dma_fence_put(old);
> }
>
> if (IS_ERR(fence)) {
> r = PTR_ERR(fence);
> amdgpu_ctx_put(ctx);
> return r;
> } else if (fence) {
> r = amdgpu_sync_fence(p->adev, &p->job->sync, fence,
> true);
> dma_fence_put(fence);
> amdgpu_ctx_put(ctx);
> if (r)
> return r;
> }
>
> function amdgpu_ctx_get_fence may return NULL pointer, which will
> cause NULL pointer dereference. What's more, IS_ERR() would not
> return true when pointer is NULL, which will cause the ctx reference
> leaked.
That handling is actually correct.
The problem is the "if (chunk->chunk_id ==
AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES)" stuff above.
That comes to early and needs to be moved below checking the fence for
errors. Going to send a fix for this to the mailing list in a minute.
Thanks for the notice,
Christian.
> But I don't know how to fix it, so report it to you all.
>
> Best Regards.
> Lin Yi.
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: amdgpf: BUG: NULL pointer dereference and memory leak
[not found] ` <e929562a-96fd-88c8-1b60-f1c863872db8-5C7GfCeVMHo@public.gmane.org>
@ 2019-07-30 9:14 ` zhoucm1
[not found] ` <0952fbf6-e877-957c-f560-8ebf8d8f75ca-5C7GfCeVMHo@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: zhoucm1 @ 2019-07-30 9:14 UTC (permalink / raw)
To: Koenig, Christian, 亿一,
Deucher, Alexander, Zhou, David(ChunMing)
Cc: amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
On 2019年07月30日 17:04, Koenig, Christian wrote:
> Am 30.07.19 um 10:47 schrieb 亿一:
>> Hi alll,
>> While analyzing the source code, I notice that function
>> amdgpu_cs_process_fence_dep() may exist NULL pointer dereference and
>> memory leak in the following code fragments:
>>
>>
>> fence = amdgpu_ctx_get_fence(ctx, entity,
>> deps[i].handle);
>>
>> if (chunk->chunk_id == AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES) {
>> struct drm_sched_fence *s_fence = to_drm_sched_fence(fence);
>> struct dma_fence *old = fence;
>>
>> fence = dma_fence_get(&s_fence->scheduled);
>> dma_fence_put(old);
>> }
>>
>> if (IS_ERR(fence)) {
>> r = PTR_ERR(fence);
>> amdgpu_ctx_put(ctx);
>> return r;
>> } else if (fence) {
>> r = amdgpu_sync_fence(p->adev, &p->job->sync, fence,
>> true);
>> dma_fence_put(fence);
>> amdgpu_ctx_put(ctx);
>> if (r)
>> return r;
>> }
>>
>> function amdgpu_ctx_get_fence may return NULL pointer, which will
>> cause NULL pointer dereference. What's more, IS_ERR() would not
>> return true when pointer is NULL, which will cause the ctx reference
>> leaked.
> That handling is actually correct.
>
> The problem is the "if (chunk->chunk_id ==
> AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES)" stuff above.
>
> That comes to early and needs to be moved below checking the fence for
> errors. Going to send a fix for this to the mailing list in a minute.
Lin Yi is right I think, we leaked ctx reference when fence is NULL.
-David
>
> Thanks for the notice,
> Christian.
>
>> But I don't know how to fix it, so report it to you all.
>>
>> Best Regards.
>> Lin Yi.
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: amdgpf: BUG: NULL pointer dereference and memory leak
[not found] ` <0952fbf6-e877-957c-f560-8ebf8d8f75ca-5C7GfCeVMHo@public.gmane.org>
@ 2019-07-30 9:19 ` Koenig, Christian
0 siblings, 0 replies; 4+ messages in thread
From: Koenig, Christian @ 2019-07-30 9:19 UTC (permalink / raw)
To: Zhou, David(ChunMing), 亿一, Deucher, Alexander
Cc: amd-gfx-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
Am 30.07.19 um 11:14 schrieb zhoucm1:
>
>
> On 2019年07月30日 17:04, Koenig, Christian wrote:
>> Am 30.07.19 um 10:47 schrieb 亿一:
>>> Hi alll,
>>> While analyzing the source code, I notice that function
>>> amdgpu_cs_process_fence_dep() may exist NULL pointer dereference and
>>> memory leak in the following code fragments:
>>>
>>>
>>> fence = amdgpu_ctx_get_fence(ctx, entity,
>>> deps[i].handle);
>>>
>>> if (chunk->chunk_id == AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES) {
>>> struct drm_sched_fence *s_fence = to_drm_sched_fence(fence);
>>> struct dma_fence *old = fence;
>>>
>>> fence = dma_fence_get(&s_fence->scheduled);
>>> dma_fence_put(old);
>>> }
>>>
>>> if (IS_ERR(fence)) {
>>> r = PTR_ERR(fence);
>>> amdgpu_ctx_put(ctx);
>>> return r;
>>> } else if (fence) {
>>> r = amdgpu_sync_fence(p->adev, &p->job->sync, fence,
>>> true);
>>> dma_fence_put(fence);
>>> amdgpu_ctx_put(ctx);
>>> if (r)
>>> return r;
>>> }
>>>
>>> function amdgpu_ctx_get_fence may return NULL pointer, which will
>>> cause NULL pointer dereference. What's more, IS_ERR() would not
>>> return true when pointer is NULL, which will cause the ctx reference
>>> leaked.
>> That handling is actually correct.
>>
>> The problem is the "if (chunk->chunk_id ==
>> AMDGPU_CHUNK_ID_SCHEDULED_DEPENDENCIES)" stuff above.
>>
>> That comes to early and needs to be moved below checking the fence for
>> errors. Going to send a fix for this to the mailing list in a minute.
> Lin Yi is right I think, we leaked ctx reference when fence is NULL.
Indeed, but what I meant was the a NULL fence here is not an error.
Just send out a patch to fix that stuff up, please review.
Christian.
>
> -David
>>
>> Thanks for the notice,
>> Christian.
>>
>>> But I don't know how to fix it, so report it to you all.
>>>
>>> Best Regards.
>>> Lin Yi.
>
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-30 9:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-30 8:47 amdgpf: BUG: NULL pointer dereference and memory leak 亿一
[not found] ` <CANTwqXBS5RohKsRWmfPDVxSEwri=XhuZVAmPAwdJibJODxcobA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-07-30 9:04 ` Koenig, Christian
[not found] ` <e929562a-96fd-88c8-1b60-f1c863872db8-5C7GfCeVMHo@public.gmane.org>
2019-07-30 9:14 ` zhoucm1
[not found] ` <0952fbf6-e877-957c-f560-8ebf8d8f75ca-5C7GfCeVMHo@public.gmane.org>
2019-07-30 9:19 ` Koenig, Christian
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.