subject:"\[PATCH\] drm\/ttm\: fix ttm client driver \(e.g. amdgpu\) reload issue"

RE: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-07 Thread Liu, Monk

Oh I know why,

My fix is to modify kobj_type's member "release" while upstream is doing the 
different way, but both of the way shall fix the issue

Thanks

/Monk

From: Deucher, Alexander
Sent: Thursday, June 6, 2019 11:16 PM
To: Koenig, Christian ; Liu, Monk ; 
amd-gfx@lists.freedesktop.org
Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
issue

It's upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd4264112f93045704731850c5e4d85db981cd85
and in drm-next:
https://cgit.freedesktop.org/drm/drm/commit/?id=bd4264112f93045704731850c5e4d85db981cd85
and in amd-staging-drm-next:
https://cgit.freedesktop.org/~agd5f/linux/commit/?h=amd-staging-drm-next=bd4264112f93045704731850c5e4d85db981cd85

Where are you seeing it missing?

Alex

From: Christian König 
mailto:ckoenig.leichtzumer...@gmail.com>>
Sent: Thursday, June 6, 2019 10:00 AM
To: Koenig, Christian; Liu, Monk; 
amd-gfx@lists.freedesktop.org<mailto:amd-gfx@lists.freedesktop.org>; Deucher, 
Alexander
Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
issue

It is part of amd-staging-drm-next and has Alex Signed-of by tag.

So it should definitely be upstream, Alex any idea why that patch isn't
in drm-next?

Christian.

Am 05.06.19 um 20:10 schrieb Koenig, Christian:
> Mhm, looks like that somehow got dropped during rebase.
>
> Going to dig up where that actually ended up tomorrow.
>
> Christian.
>
> Am 05.06.19 um 16:44 schrieb Liu, Monk:
>> Strange, I get the latest "drm-next" branch and didn't see the change landed 
>> 
>>
>> /Monk
>>
>> -Original Message-
>> From: Koenig, Christian
>> Sent: Wednesday, June 5, 2019 7:11 PM
>> To: Liu, Monk mailto:monk....@amd.com>>; 
>> amd-gfx@lists.freedesktop.org<mailto:amd-gfx@lists.freedesktop.org>
>> Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
>> issue
>>
>> This should already be fixed by patch "drm/ttm: fix re-init of global 
>> structures".
>>
>> Christian.
>>
>> Am 05.06.19 um 09:29 schrieb Liu, Monk:
>>> -Original Message-
>>> From: Monk Liu mailto:monk....@amd.com>>
>>> Sent: Wednesday, June 5, 2019 2:45 PM
>>> To: amd-gfx@lists.freedesktop.org<mailto:amd-gfx@lists.freedesktop.org>
>>> Cc: Liu, Monk mailto:monk@amd.com>>
>>> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload
>>> issue
>>>
>>> need to clear bo glob and mem glob during their release otherwise their 
>>> member value would be wrongly used in the next glob init stage and lead to 
>>> wild pointer access problems:
>>>
>>> 1) kobj.state_initialized is 1
>>> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it
>>>   on member "swap_lru" would hit out of bound array accessing
>>>   bug
>>>
>>> Signed-off-by: Monk Liu mailto:monk@amd.com>>
>>> ---
>>> drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
>>> drivers/gpu/drm/ttm/ttm_memory.c | 8 
>>> 2 files changed, 10 insertions(+)
>>>
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c
>>> b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
>>> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
>>> *kobj)
>>>  container_of(kobj, struct ttm_bo_global, kobj);
>>>
>>>  __free_page(glob->dummy_read_page);
>>> +
>>> +   memset(glob, 0, sizeof(*glob));
>>> }
>>>
>>> static void ttm_bo_global_release(void) diff --git
>>> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
>>> index 8617958..7128bbf 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_memory.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
>>> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>>>  .store = _mem_global_store,
>>> };
>>>
>>> +void ttm_mem_glob_kobj_release(struct kobject *kobj) {
>>> +   struct ttm_mem_global *glob = container_of(kobj, struct
>>> +ttm_mem_global, kobj);
>>> +
>>> +   memset(glob, 0, sizeof(*glob));
>>> +}
>>> +
>>> static struct kobj_type ttm_mem_glob_kobj_type = {
>>>  .sysfs_ops = _mem_global_ops,
>>>  .default_attrs = ttm_mem_global_attrs,
>>> +   .release = ttm_mem_glob_kobj_release,
>>> };
>>>
>>> static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
>>> --
>>> 2.7.4
>>>
> ___
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org<mailto:amd-gfx@lists.freedesktop.org>
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-06 Thread Deucher, Alexander

It's upstream:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd4264112f93045704731850c5e4d85db981cd85
and in drm-next:
https://cgit.freedesktop.org/drm/drm/commit/?id=bd4264112f93045704731850c5e4d85db981cd85
and in amd-staging-drm-next:
https://cgit.freedesktop.org/~agd5f/linux/commit/?h=amd-staging-drm-next=bd4264112f93045704731850c5e4d85db981cd85

Where are you seeing it missing?

Alex

From: Christian K?nig 
Sent: Thursday, June 6, 2019 10:00 AM
To: Koenig, Christian; Liu, Monk; amd-gfx@lists.freedesktop.org; Deucher, 
Alexander
Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
issue

It is part of amd-staging-drm-next and has Alex Signed-of by tag.

So it should definitely be upstream, Alex any idea why that patch isn't
in drm-next?

Christian.

Am 05.06.19 um 20:10 schrieb Koenig, Christian:
> Mhm, looks like that somehow got dropped during rebase.
>
> Going to dig up where that actually ended up tomorrow.
>
> Christian.
>
> Am 05.06.19 um 16:44 schrieb Liu, Monk:
>> Strange, I get the latest "drm-next" branch and didn't see the change landed 
>> 
>>
>> /Monk
>>
>> -Original Message-
>> From: Koenig, Christian
>> Sent: Wednesday, June 5, 2019 7:11 PM
>> To: Liu, Monk ; amd-gfx@lists.freedesktop.org
>> Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
>> issue
>>
>> This should already be fixed by patch "drm/ttm: fix re-init of global 
>> structures".
>>
>> Christian.
>>
>> Am 05.06.19 um 09:29 schrieb Liu, Monk:
>>> -----Original Message-----
>>> From: Monk Liu 
>>> Sent: Wednesday, June 5, 2019 2:45 PM
>>> To: amd-gfx@lists.freedesktop.org
>>> Cc: Liu, Monk 
>>> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload
>>> issue
>>>
>>> need to clear bo glob and mem glob during their release otherwise their 
>>> member value would be wrongly used in the next glob init stage and lead to 
>>> wild pointer access problems:
>>>
>>> 1) kobj.state_initialized is 1
>>> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it
>>>   on member "swap_lru" would hit out of bound array accessing
>>>   bug
>>>
>>> Signed-off-by: Monk Liu 
>>> ---
>>> drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
>>> drivers/gpu/drm/ttm/ttm_memory.c | 8 
>>> 2 files changed, 10 insertions(+)
>>>
>>> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c
>>> b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_bo.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
>>> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
>>> *kobj)
>>>  container_of(kobj, struct ttm_bo_global, kobj);
>>>
>>>  __free_page(glob->dummy_read_page);
>>> +
>>> +   memset(glob, 0, sizeof(*glob));
>>> }
>>>
>>> static void ttm_bo_global_release(void) diff --git
>>> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
>>> index 8617958..7128bbf 100644
>>> --- a/drivers/gpu/drm/ttm/ttm_memory.c
>>> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
>>> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>>>  .store = _mem_global_store,
>>> };
>>>
>>> +void ttm_mem_glob_kobj_release(struct kobject *kobj) {
>>> +   struct ttm_mem_global *glob = container_of(kobj, struct
>>> +ttm_mem_global, kobj);
>>> +
>>> +   memset(glob, 0, sizeof(*glob));
>>> +}
>>> +
>>> static struct kobj_type ttm_mem_glob_kobj_type = {
>>>  .sysfs_ops = _mem_global_ops,
>>>  .default_attrs = ttm_mem_global_attrs,
>>> +   .release = ttm_mem_glob_kobj_release,
>>> };
>>>
>>> static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
>>> --
>>> 2.7.4
>>>
> ___
> amd-gfx mailing list
> amd-gfx@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/amd-gfx

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-06 Thread Christian König


It is part of amd-staging-drm-next and has Alex Signed-of by tag.

So it should definitely be upstream, Alex any idea why that patch isn't 
in drm-next?


Christian.

Am 05.06.19 um 20:10 schrieb Koenig, Christian:

Mhm, looks like that somehow got dropped during rebase.

Going to dig up where that actually ended up tomorrow.

Christian.

Am 05.06.19 um 16:44 schrieb Liu, Monk:

Strange, I get the latest "drm-next" branch and didn't see the change landed 


/Monk

-Original Message-
From: Koenig, Christian
Sent: Wednesday, June 5, 2019 7:11 PM
To: Liu, Monk ; amd-gfx@lists.freedesktop.org
Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
issue

This should already be fixed by patch "drm/ttm: fix re-init of global 
structures".

Christian.

Am 05.06.19 um 09:29 schrieb Liu, Monk:

-Original Message-
From: Monk Liu 
Sent: Wednesday, June 5, 2019 2:45 PM
To: amd-gfx@lists.freedesktop.org
Cc: Liu, Monk 
Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload
issue

need to clear bo glob and mem glob during their release otherwise their member 
value would be wrongly used in the next glob init stage and lead to wild 
pointer access problems:

1) kobj.state_initialized is 1
2) ttm_bo_glob.bo_count isn't cleared and referenced via it
  on member "swap_lru" would hit out of bound array accessing
  bug

Signed-off-by: Monk Liu 
---
drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
drivers/gpu/drm/ttm/ttm_memory.c | 8 
2 files changed, 10 insertions(+)

diff --git a/drivers/gpu/drm/ttm/ttm_bo.c
b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
*kobj)
container_of(kobj, struct ttm_bo_global, kobj);

	__free_page(glob->dummy_read_page);

+
+   memset(glob, 0, sizeof(*glob));
}

static void ttm_bo_global_release(void) diff --git

a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
index 8617958..7128bbf 100644
--- a/drivers/gpu/drm/ttm/ttm_memory.c
+++ b/drivers/gpu/drm/ttm/ttm_memory.c
@@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
.store = _mem_global_store,
};

+void ttm_mem_glob_kobj_release(struct kobject *kobj) {

+   struct ttm_mem_global *glob = container_of(kobj, struct
+ttm_mem_global, kobj);
+
+   memset(glob, 0, sizeof(*glob));
+}
+
static struct kobj_type ttm_mem_glob_kobj_type = {
.sysfs_ops = _mem_global_ops,
.default_attrs = ttm_mem_global_attrs,
+   .release = ttm_mem_glob_kobj_release,
};

static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,

--
2.7.4


___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx


___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-05 Thread Koenig, Christian

Mhm, looks like that somehow got dropped during rebase.

Going to dig up where that actually ended up tomorrow.

Christian.

Am 05.06.19 um 16:44 schrieb Liu, Monk:
> Strange, I get the latest "drm-next" branch and didn't see the change landed 
> 
>
> /Monk
>
> -Original Message-
> From: Koenig, Christian
> Sent: Wednesday, June 5, 2019 7:11 PM
> To: Liu, Monk ; amd-gfx@lists.freedesktop.org
> Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
> issue
>
> This should already be fixed by patch "drm/ttm: fix re-init of global 
> structures".
>
> Christian.
>
> Am 05.06.19 um 09:29 schrieb Liu, Monk:
>> -Original Message-
>> From: Monk Liu 
>> Sent: Wednesday, June 5, 2019 2:45 PM
>> To: amd-gfx@lists.freedesktop.org
>> Cc: Liu, Monk 
>> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload
>> issue
>>
>> need to clear bo glob and mem glob during their release otherwise their 
>> member value would be wrongly used in the next glob init stage and lead to 
>> wild pointer access problems:
>>
>> 1) kobj.state_initialized is 1
>> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it
>>  on member "swap_lru" would hit out of bound array accessing
>>  bug
>>
>> Signed-off-by: Monk Liu 
>> ---
>>drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
>>drivers/gpu/drm/ttm/ttm_memory.c | 8 
>>2 files changed, 10 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c
>> b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644
>> --- a/drivers/gpu/drm/ttm/ttm_bo.c
>> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
>> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
>> *kobj)
>>  container_of(kobj, struct ttm_bo_global, kobj);
>>
>>  __free_page(glob->dummy_read_page);
>> +
>> +memset(glob, 0, sizeof(*glob));
>>}
>>
>>static void ttm_bo_global_release(void) diff --git
>> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
>> index 8617958..7128bbf 100644
>> --- a/drivers/gpu/drm/ttm/ttm_memory.c
>> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
>> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>>  .store = _mem_global_store,
>>};
>>
>> +void ttm_mem_glob_kobj_release(struct kobject *kobj) {
>> +struct ttm_mem_global *glob = container_of(kobj, struct
>> +ttm_mem_global, kobj);
>> +
>> +memset(glob, 0, sizeof(*glob));
>> +}
>> +
>>static struct kobj_type ttm_mem_glob_kobj_type = {
>>  .sysfs_ops = _mem_global_ops,
>>  .default_attrs = ttm_mem_global_attrs,
>> +.release = ttm_mem_glob_kobj_release,
>>};
>>
>>static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
>> --
>> 2.7.4
>>

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

RE: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-05 Thread Liu, Monk

Strange, I get the latest "drm-next" branch and didn't see the change landed 


/Monk

-Original Message-
From: Koenig, Christian 
Sent: Wednesday, June 5, 2019 7:11 PM
To: Liu, Monk ; amd-gfx@lists.freedesktop.org
Subject: Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
issue

This should already be fixed by patch "drm/ttm: fix re-init of global 
structures".

Christian.

Am 05.06.19 um 09:29 schrieb Liu, Monk:
>
> -Original Message-
> From: Monk Liu 
> Sent: Wednesday, June 5, 2019 2:45 PM
> To: amd-gfx@lists.freedesktop.org
> Cc: Liu, Monk 
> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload 
> issue
>
> need to clear bo glob and mem glob during their release otherwise their 
> member value would be wrongly used in the next glob init stage and lead to 
> wild pointer access problems:
>
> 1) kobj.state_initialized is 1
> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it
> on member "swap_lru" would hit out of bound array accessing
> bug
>
> Signed-off-by: Monk Liu 
> ---
>   drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
>   drivers/gpu/drm/ttm/ttm_memory.c | 8 
>   2 files changed, 10 insertions(+)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c 
> b/drivers/gpu/drm/ttm/ttm_bo.c index c7de667..6434eac 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
> *kobj)
>   container_of(kobj, struct ttm_bo_global, kobj);
>   
>   __free_page(glob->dummy_read_page);
> +
> + memset(glob, 0, sizeof(*glob));
>   }
>   
>   static void ttm_bo_global_release(void) diff --git 
> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
> index 8617958..7128bbf 100644
> --- a/drivers/gpu/drm/ttm/ttm_memory.c
> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>   .store = _mem_global_store,
>   };
>   
> +void ttm_mem_glob_kobj_release(struct kobject *kobj) {
> + struct ttm_mem_global *glob = container_of(kobj, struct 
> +ttm_mem_global, kobj);
> +
> + memset(glob, 0, sizeof(*glob));
> +}
> +
>   static struct kobj_type ttm_mem_glob_kobj_type = {
>   .sysfs_ops = _mem_global_ops,
>   .default_attrs = ttm_mem_global_attrs,
> + .release = ttm_mem_glob_kobj_release,
>   };
>   
>   static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
> --
> 2.7.4
>

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-05 Thread Koenig, Christian

This should already be fixed by patch "drm/ttm: fix re-init of global 
structures".

Christian.

Am 05.06.19 um 09:29 schrieb Liu, Monk:
>
> -Original Message-
> From: Monk Liu 
> Sent: Wednesday, June 5, 2019 2:45 PM
> To: amd-gfx@lists.freedesktop.org
> Cc: Liu, Monk 
> Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue
>
> need to clear bo glob and mem glob during their release otherwise their 
> member value would be wrongly used in the next glob init stage and lead to 
> wild pointer access problems:
>
> 1) kobj.state_initialized is 1
> 2) ttm_bo_glob.bo_count isn't cleared and referenced via it
> on member "swap_lru" would hit out of bound array accessing
> bug
>
> Signed-off-by: Monk Liu 
> ---
>   drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
>   drivers/gpu/drm/ttm/ttm_memory.c | 8 
>   2 files changed, 10 insertions(+)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c 
> index c7de667..6434eac 100644
> --- a/drivers/gpu/drm/ttm/ttm_bo.c
> +++ b/drivers/gpu/drm/ttm/ttm_bo.c
> @@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
> *kobj)
>   container_of(kobj, struct ttm_bo_global, kobj);
>   
>   __free_page(glob->dummy_read_page);
> +
> + memset(glob, 0, sizeof(*glob));
>   }
>   
>   static void ttm_bo_global_release(void) diff --git 
> a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
> index 8617958..7128bbf 100644
> --- a/drivers/gpu/drm/ttm/ttm_memory.c
> +++ b/drivers/gpu/drm/ttm/ttm_memory.c
> @@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
>   .store = _mem_global_store,
>   };
>   
> +void ttm_mem_glob_kobj_release(struct kobject *kobj) {
> + struct ttm_mem_global *glob = container_of(kobj, struct
> +ttm_mem_global, kobj);
> +
> + memset(glob, 0, sizeof(*glob));
> +}
> +
>   static struct kobj_type ttm_mem_glob_kobj_type = {
>   .sysfs_ops = _mem_global_ops,
>   .default_attrs = ttm_mem_global_attrs,
> + .release = ttm_mem_glob_kobj_release,
>   };
>   
>   static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
> --
> 2.7.4
>

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-05 Thread Liu, Monk



-Original Message-
From: Monk Liu  
Sent: Wednesday, June 5, 2019 2:45 PM
To: amd-gfx@lists.freedesktop.org
Cc: Liu, Monk 
Subject: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

need to clear bo glob and mem glob during their release otherwise their member 
value would be wrongly used in the next glob init stage and lead to wild 
pointer access problems:

1) kobj.state_initialized is 1
2) ttm_bo_glob.bo_count isn't cleared and referenced via it
   on member "swap_lru" would hit out of bound array accessing
   bug

Signed-off-by: Monk Liu 
---
 drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
 drivers/gpu/drm/ttm/ttm_memory.c | 8 
 2 files changed, 10 insertions(+)

diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c index 
c7de667..6434eac 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
*kobj)
container_of(kobj, struct ttm_bo_global, kobj);
 
__free_page(glob->dummy_read_page);
+
+   memset(glob, 0, sizeof(*glob));
 }
 
 static void ttm_bo_global_release(void) diff --git 
a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
index 8617958..7128bbf 100644
--- a/drivers/gpu/drm/ttm/ttm_memory.c
+++ b/drivers/gpu/drm/ttm/ttm_memory.c
@@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
.store = _mem_global_store,
 };
 
+void ttm_mem_glob_kobj_release(struct kobject *kobj) {
+   struct ttm_mem_global *glob = container_of(kobj, struct 
+ttm_mem_global, kobj);
+
+   memset(glob, 0, sizeof(*glob));
+}
+
 static struct kobj_type ttm_mem_glob_kobj_type = {
.sysfs_ops = _mem_global_ops,
.default_attrs = ttm_mem_global_attrs,
+   .release = ttm_mem_glob_kobj_release,
 };
 
 static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
--
2.7.4

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

[PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

2019-06-05 Thread Monk Liu

need to clear bo glob and mem glob during their release
otherwise their member value would be wrongly used in the
next glob init stage and lead to wild pointer access problems:

1) kobj.state_initialized is 1
2) ttm_bo_glob.bo_count isn't cleared and referenced via it
   on member "swap_lru" would hit out of bound array accessing
   bug

Signed-off-by: Monk Liu 
---
 drivers/gpu/drm/ttm/ttm_bo.c | 2 ++
 drivers/gpu/drm/ttm/ttm_memory.c | 8 
 2 files changed, 10 insertions(+)

diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c
index c7de667..6434eac 100644
--- a/drivers/gpu/drm/ttm/ttm_bo.c
+++ b/drivers/gpu/drm/ttm/ttm_bo.c
@@ -1604,6 +1604,8 @@ static void ttm_bo_global_kobj_release(struct kobject 
*kobj)
container_of(kobj, struct ttm_bo_global, kobj);
 
__free_page(glob->dummy_read_page);
+
+   memset(glob, 0, sizeof(*glob));
 }
 
 static void ttm_bo_global_release(void)
diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
index 8617958..7128bbf 100644
--- a/drivers/gpu/drm/ttm/ttm_memory.c
+++ b/drivers/gpu/drm/ttm/ttm_memory.c
@@ -229,9 +229,17 @@ static const struct sysfs_ops ttm_mem_global_ops = {
.store = _mem_global_store,
 };
 
+void ttm_mem_glob_kobj_release(struct kobject *kobj)
+{
+   struct ttm_mem_global *glob = container_of(kobj, struct ttm_mem_global, 
kobj);
+
+   memset(glob, 0, sizeof(*glob));
+}
+
 static struct kobj_type ttm_mem_glob_kobj_type = {
.sysfs_ops = _mem_global_ops,
.default_attrs = ttm_mem_global_attrs,
+   .release = ttm_mem_glob_kobj_release,
 };
 
 static bool ttm_zones_above_swap_target(struct ttm_mem_global *glob,
-- 
2.7.4

___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx

RE: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

RE: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

Re: FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

FW: [PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

[PATCH] drm/ttm: fix ttm client driver (e.g. amdgpu) reload issue

8 matches

Site Navigation

Mail list logo

Footer information