From: Sasha Levin Date: Sun, 11 Oct 2020 21:31:38 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v4.4.239~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=89a94c8a5ee5994a9e0ac589901270f2072299b0;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/drm-amdgpu-prevent-double-kfree-ttm-sg.patch b/queue-4.14/drm-amdgpu-prevent-double-kfree-ttm-sg.patch new file mode 100644 index 00000000000..b4d5c55efe7 --- /dev/null +++ b/queue-4.14/drm-amdgpu-prevent-double-kfree-ttm-sg.patch @@ -0,0 +1,79 @@ +From de62c1827d8541d001444fcda74aa0d7d311e6c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 15 Sep 2020 17:07:35 -0400 +Subject: drm/amdgpu: prevent double kfree ttm->sg +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Philip Yang + +[ Upstream commit 1d0e16ac1a9e800598dcfa5b6bc53b704a103390 ] + +Set ttm->sg to NULL after kfree, to avoid memory corruption backtrace: + +[ 420.932812] kernel BUG at +/build/linux-do9eLF/linux-4.15.0/mm/slub.c:295! +[ 420.934182] invalid opcode: 0000 [#1] SMP NOPTI +[ 420.935445] Modules linked in: xt_conntrack ipt_MASQUERADE +[ 420.951332] Hardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS +1.5.4 07/09/2020 +[ 420.952887] RIP: 0010:__slab_free+0x180/0x2d0 +[ 420.954419] RSP: 0018:ffffbe426291fa60 EFLAGS: 00010246 +[ 420.955963] RAX: ffff9e29263e9c30 RBX: ffff9e29263e9c30 RCX: +000000018100004b +[ 420.957512] RDX: ffff9e29263e9c30 RSI: fffff3d33e98fa40 RDI: +ffff9e297e407a80 +[ 420.959055] RBP: ffffbe426291fb00 R08: 0000000000000001 R09: +ffffffffc0d39ade +[ 420.960587] R10: ffffbe426291fb20 R11: ffff9e49ffdd4000 R12: +ffff9e297e407a80 +[ 420.962105] R13: fffff3d33e98fa40 R14: ffff9e29263e9c30 R15: +ffff9e2954464fd8 +[ 420.963611] FS: 00007fa2ea097780(0000) GS:ffff9e297e840000(0000) +knlGS:0000000000000000 +[ 420.965144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 420.966663] CR2: 00007f16bfffefb8 CR3: 0000001ff0c62000 CR4: +0000000000340ee0 +[ 420.968193] Call Trace: +[ 420.969703] ? __page_cache_release+0x3c/0x220 +[ 420.971294] ? amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu] +[ 420.972789] kfree+0x168/0x180 +[ 420.974353] ? amdgpu_ttm_tt_set_user_pages+0x64/0xc0 [amdgpu] +[ 420.975850] ? kfree+0x168/0x180 +[ 420.977403] amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu] +[ 420.978888] ttm_tt_unpopulate.part.10+0x53/0x60 [amdttm] +[ 420.980357] ttm_tt_destroy.part.11+0x4f/0x60 [amdttm] +[ 420.981814] ttm_tt_destroy+0x13/0x20 [amdttm] +[ 420.983273] ttm_bo_cleanup_memtype_use+0x36/0x80 [amdttm] +[ 420.984725] ttm_bo_release+0x1c9/0x360 [amdttm] +[ 420.986167] amdttm_bo_put+0x24/0x30 [amdttm] +[ 420.987663] amdgpu_bo_unref+0x1e/0x30 [amdgpu] +[ 420.989165] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x9ca/0xb10 +[amdgpu] +[ 420.990666] kfd_ioctl_alloc_memory_of_gpu+0xef/0x2c0 [amdgpu] + +Signed-off-by: Philip Yang +Reviewed-by: Felix Kuehling +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +index bc746131987ff..ae700e445fbc8 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +@@ -727,6 +727,7 @@ static int amdgpu_ttm_tt_pin_userptr(struct ttm_tt *ttm) + + release_sg: + kfree(ttm->sg); ++ ttm->sg = NULL; + return r; + } + +-- +2.25.1 + diff --git a/queue-4.14/series b/queue-4.14/series index 7febdc47432..5bd8827c5ee 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -50,3 +50,4 @@ sctp-fix-sctp_auth_init_hmacs-error-path.patch team-set-dev-needed_headroom-in-team_setup_by_port.patch net-team-fix-memory-leak-in-__team_options_register.patch openvswitch-handle-dnat-tuple-collision.patch +drm-amdgpu-prevent-double-kfree-ttm-sg.patch