This should already be fixed by patch "drm/ttm: fix re-init of global structures".
Christian. Am 05.06.19 um 09:29 schrieb Liu, Monk: > > -----Original Message----- > From: Monk Liu <monk....@amd.com> > Sent: Wednesday, June 5, 2019 2:45 PM > To: amd-gfx@lists.freedesktop.org > Cc: Liu, Monk <monk....@amd.com> > Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue > > need to clear bo glob and mem glob during their release otherwise their > member value would be wrongly used in the next glob init stage and lead to > wild pointer access problems: > > 1) kobj.state_initialized is 1 > 2) ttm_bo_glob.bo_count isn't cleared and referenced via it > on member "swap_lru" would hit out of bound array accessing > bug > > Signed-off-by: Monk Liu <monk....@amd.com> > --- > drivers/gpu/drm/ttm/ttm_bo.c | 2 ++ > drivers/gpu/drm/ttm/ttm_memory.c | 8 ++++++++ > 2 files changed, 10 insertions(+) > > diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c > index c7de667..6434eac 100644 > --- a/drivers/gpu/drm/ttm/ttm_bo.c > +++ b/drivers/gpu/drm/ttm/ttm_bo.c > @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject > *kobj) > container_of(kobj, struct ttm_bo_global, kobj); > > __free_page(glob->dummy_read_page); > + > + memset(glob, 0, sizeof(*glob)); > } > > static void ttm_bo_global_release(void) diff --git > a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c > index 8617958..7128bbf 100644 > --- a/drivers/gpu/drm/ttm/ttm_memory.c > +++ b/drivers/gpu/drm/ttm/ttm_memory.c > @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = { > .store = &ttm_mem_global_store, > }; > > +void ttm_mem_glob_kobj_release(struct kobject *kobj) { > + struct ttm_mem_global *glob = container_of(kobj, struct > +ttm_mem_global, kobj); > + > + memset(glob, 0, sizeof(*glob)); > +} > + > static struct kobj_type ttm_mem_glob_kobj_type = { > .sysfs_ops = &ttm_mem_global_ops, > .default_attrs = ttm_mem_global_attrs, > + .release = ttm_mem_glob_kobj_release, > }; > > static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob, > -- > 2.7.4 > _______________________________________________ amd-gfx mailing list amd-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/amd-gfx