diff options
| author | Philip Yang <Philip.Yang@amd.com> | 2017-11-27 18:29:44 -0500 |
|---|---|---|
| committer | Oded Gabbay <oded.gabbay@gmail.com> | 2017-11-27 18:29:44 -0500 |
| commit | 3c0b42809071cb6d779b9c4a573edd5d12654f43 (patch) | |
| tree | 564999afa490002154f1bf5e3405be9cff679c83 | |
| parent | a9efcc19161e20623c285fac967a32842972cebe (diff) | |
| download | linux-0-day-3c0b42809071cb6d779b9c4a573edd5d12654f43.tar.gz linux-0-day-3c0b42809071cb6d779b9c4a573edd5d12654f43.tar.xz | |
drm/amdkfd: Add crash protection in debugger register path
After debugger is registered, the pqm_destroy_queue fails because is_debug
is true, the queue should not be removed from process_queue_list since
the count is not reduced.
Test application calls debugger unregister without register debugger, add
null pointer check protection to avoid crash for this case
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
| -rw-r--r-- | drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 | ||||
| -rw-r--r-- | drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 |
2 files changed, 6 insertions, 1 deletions
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index cc61ec2898802..62c3d9cd6ef18 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -526,7 +526,7 @@ static int kfd_ioctl_dbg_unregister(struct file *filep, long status; dev = kfd_device_by_id(args->gpu_id); - if (!dev) + if (!dev || !dev->dbgmgr) return -EINVAL; if (dev->device_info->asic_family == CHIP_CARRIZO) { diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c index fbfa2741e2a78..991b3bf1e8bcd 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c @@ -311,6 +311,10 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid) if (pqn->q) { dqm = pqn->q->device->dqm; retval = dqm->ops.destroy_queue(dqm, &pdd->qpd, pqn->q); + if (retval) { + pr_debug("Destroy queue failed, returned %d\n", retval); + goto err_destroy_queue; + } uninit_queue(pqn->q); } @@ -322,6 +326,7 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid) list_empty(&pdd->qpd.priv_queue_list)) dqm->ops.unregister_process(dqm, &pdd->qpd); +err_destroy_queue: return retval; } |