On 6/5/26 11:48, Wentao Liang wrote: > In amdgpu_ttm_clear_buffer(), the *fence pointer is initialized with > a stub fence via dma_fence_get_stub() and may be overwritten with > job fences in the loop. On the error path (goto err), the last > reference from *fence is not released, leaking a fence reference. > > The sibling function amdgpu_fill_buffer() properly releases its > local fence reference on error, confirming this is a missing > cleanup. Drop the fence reference in the error path to fix the > leak.
Absolutely clear NAK. Even in the case of an error the fence must be returned or otherwise we run into random memory corruption. Regards, Christian. > > Cc: [email protected] > Fixes: a68c7eaa7a8f ("drm/amdgpu: Enable clear page functionality") > Signed-off-by: Wentao Liang <[email protected]> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > index 3d2e00efc741..d65f1df3574f 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c > @@ -2585,6 +2585,8 @@ int amdgpu_ttm_clear_buffer(struct amdgpu_bo *bo, > } > err: > mutex_unlock(&entity->lock); > + dma_fence_put(*fence); > + *fence = NULL; > > return r; > }
