Hi Ma,
On 5/29/2025 6:37 PM, Li Ma wrote:
The original code did not properly release the dma_fence `next` in case
amdgpu_ttm_fill_mem failed during buffer clearing.
Signed-off-by: Li Ma <li...@amd.com>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index 9c5df35f05b7..b7284f0a5ac0 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -2296,6 +2296,7 @@ int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo,
struct amdgpu_device *adev = amdgpu_ttm_adev(bo->tbo.bdev);
struct amdgpu_ring *ring = adev->mman.buffer_funcs_ring;
struct amdgpu_res_cursor cursor;
+ struct dma_fence *next = NULL;
u64 addr;
int r = 0;
@@ -2311,7 +2312,6 @@ int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo,
mutex_lock(&adev->mman.gtt_window_lock);
while (cursor.remaining) {
- struct dma_fence *next = NULL;
u64 size;
if (amdgpu_res_cleared(&cursor)) {
@@ -2334,10 +2334,13 @@ int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo,
dma_fence_put(*fence);
*fence = next;
+ next = NULL;
amdgpu_res_next(&cursor, size);
}
err:
+ if (next)
+ dma_fence_put(next);
Since you are observing use-after-free warning for the compute dispatch
test in amdgpu_test with this patch,
can we try the below code in amdgpu_bo_create() function,
r = amdgpu_ttm_clear_buffer(bo, bo->tbo.base.resv, &fence);
if (unlikely(r)) {
if (fence)
dma_fence_put(fence);
goto fail_unreserve;
}
Regards,
Arun.
mutex_unlock(&adev->mman.gtt_window_lock);
return r;
