[AMD Official Use Only - AMD Internal Distribution Only] Reviewed-by: Sunil Khatri <[email protected]>
-----Original Message----- From: Koenig, Christian <[email protected]> Sent: Thursday, May 15, 2025 2:30 PM To: Yadav, Arvind <[email protected]>; Deucher, Alexander <[email protected]>; Khatri, Sunil <[email protected]> Cc: [email protected] Subject: Re: [PATCH] drm/amdgpu: fix use-after-unlock in eviction fence destroy On 5/15/25 09:49, Arvind Yadav wrote: > The eviction fence destroy path incorrectly calls dma_fence_put() on > evf_mgr->ev_fence after releasing the ev_fence_lock. This introduces a > potential use-after-unlock or race because another thread concurrently > modifies evf_mgr->ev_fence. > > Fix this by grabbing a local reference to evf_mgr->ev_fence under the > lock and using that for dma_fence_put() after waiting. > > Cc: Sunil Khatri <[email protected]> > Cc: Alex Deucher <[email protected]> > Cc: Christian König <[email protected]> > Signed-off-by: Arvind Yadav <[email protected]> Reviewed-by: Christian König <[email protected]> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_eviction_fence.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_eviction_fence.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_eviction_fence.c > index 1a7469543db5..73b629b5f56f 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_eviction_fence.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_eviction_fence.c > @@ -183,7 +183,7 @@ void amdgpu_eviction_fence_destroy(struct > amdgpu_eviction_fence_mgr *evf_mgr) > dma_fence_wait(&ev_fence->base, false); > > /* Last unref of ev_fence */ > - dma_fence_put(&evf_mgr->ev_fence->base); > + dma_fence_put(&ev_fence->base); > } > > int amdgpu_eviction_fence_attach(struct amdgpu_eviction_fence_mgr > *evf_mgr,
