From: "Stanley.Yang" <stanley.y...@amd.com> [ Upstream commit 3cb93f390453cde4d6afda1587aaa00e75e09617 ]
[Why] [ 754.862560] refcount_t: underflow; use-after-free. [ 754.862898] Call Trace: [ 754.862903] <TASK> [ 754.862913] amdgpu_job_free_cb+0xc2/0xe1 [amdgpu] [ 754.863543] drm_sched_main.cold+0x34/0x39 [amd_sched] [How] The fw_fence may be not init, check whether dma_fence_init is performed before job free Signed-off-by: Stanley.Yang <stanley.y...@amd.com> Reviewed-by: Tao Zhou <tao.zh...@amd.com> Signed-off-by: Alex Deucher <alexander.deuc...@amd.com> Signed-off-by: Sasha Levin <sas...@kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c index c2fd6f3076a6..e9583a58cce0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_job.c @@ -150,7 +150,11 @@ static void amdgpu_job_free_cb(struct drm_sched_job *s_job) amdgpu_sync_free(&job->sync); amdgpu_sync_free(&job->sched_sync); - dma_fence_put(&job->hw_fence); + /* only put the hw fence if has embedded fence */ + if (!job->hw_fence.ops) + kfree(job); + else + dma_fence_put(&job->hw_fence); } void amdgpu_job_free(struct amdgpu_job *job) -- 2.35.1