drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram

author jsg <jsg@openbsd.org>

Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)

committer jsg <jsg@openbsd.org>

Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)
author jsg <jsg@openbsd.org>
Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)
committer jsg <jsg@openbsd.org>
Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)
diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_object.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_object.c

index 2c1285b..5c44cb7 100644 (file)
--- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_object.c
+++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_object.c
@@ -80,9 +80,10 @@ static void amdgpu_bo_user_destroy(struct ttm_buffer_object *tbo)
  static void amdgpu_bo_vm_destroy(struct ttm_buffer_object *tbo)
  {
         struct amdgpu_device *adev = amdgpu_ttm_adev(tbo->bdev);
-       struct amdgpu_bo *bo = ttm_to_amdgpu_bo(tbo);
+       struct amdgpu_bo *shadow_bo = ttm_to_amdgpu_bo(tbo), *bo;
         struct amdgpu_bo_vm *vmbo;
  
+       bo = shadow_bo->parent;
         vmbo = to_amdgpu_bo_vm(bo);
         /* in case amdgpu_device_recover_vram got NULL of bo->parent */
         if (!list_empty(&vmbo->shadow_list)) {
@@ -693,11 +694,6 @@ int amdgpu_bo_create_vm(struct amdgpu_device *adev,
                 return r;
  
         *vmbo_ptr = to_amdgpu_bo_vm(bo_ptr);
-       INIT_LIST_HEAD(&(*vmbo_ptr)->shadow_list);
-       /* Set destroy callback to amdgpu_bo_vm_destroy after vmbo->shadow_list
-        * is initialized.
-        */
-       bo_ptr->tbo.destroy = &amdgpu_bo_vm_destroy;
         return r;
  }
  
@@ -714,6 +710,8 @@ void amdgpu_bo_add_to_shadow_list(struct amdgpu_bo_vm *vmbo)
  
         mutex_lock(&adev->shadow_list_lock);
         list_add_tail(&vmbo->shadow_list, &adev->shadow_list);
+       vmbo->shadow->parent = amdgpu_bo_ref(&vmbo->bo);
+       vmbo->shadow->tbo.destroy = &amdgpu_bo_vm_destroy;
         mutex_unlock(&adev->shadow_list_lock);
  }
  
diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm_pt.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm_pt.c

index 432bf26..7faa418 100644 (file)
--- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm_pt.c
+++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_vm_pt.c
@@ -564,7 +564,6 @@ int amdgpu_vm_pt_create(struct amdgpu_device *adev, struct amdgpu_vm *vm,
                 return r;
         }
  
-       (*vmbo)->shadow->parent = amdgpu_bo_ref(bo);
         amdgpu_bo_add_to_shadow_list(*vmbo);
  
         return 0;
author	jsg <jsg@openbsd.org>
	Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)
committer	jsg <jsg@openbsd.org>
	Tue, 20 Jun 2023 02:30:04 +0000 (02:30 +0000)
sys/dev/pci/drm/amd/amdgpu/amdgpu_object.c		patch \| blob \| history
sys/dev/pci/drm/amd/amdgpu/amdgpu_vm_pt.c		patch \| blob \| history