This ensures userspace cannot prematurely clean-up the client before
it is fully initialised which has been proven to cause issues in the
past.
Cc: Felix Kuehling <[email protected]>
Cc: Alex Deucher <[email protected]>
Cc: "Christian König" <[email protected]>
Cc: "Pan, Xinhui" <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Lee Jones <[email protected]>
---
drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
index e4beebb1c80a2..c5d5398d45cbf 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
@@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
return ret;
}
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
- O_RDWR);
- if (ret < 0) {
- kfifo_free(&client->fifo);
- kfree(client);
- return ret;
- }
- *fd = ret;
-
init_waitqueue_head(&client->wait_queue);
spin_lock_init(&client->lock);
client->events = 0;
@@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
list_add_rcu(&client->list, &dev->smi_clients);
spin_unlock(&dev->smi_lock);
+ ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
+ O_RDWR);
+ if (ret < 0) {
+ kfifo_free(&client->fifo);
+ kfree(client);
+ return ret;
+ }
+ *fd = ret;
+
return 0;
}
--
2.35.1.1021.g381101b075-goog
Am 2022-03-30 um 03:51 schrieb Lee Jones:
> This ensures userspace cannot prematurely clean-up the client before
> it is fully initialised which has been proven to cause issues in the
> past.
>
> Cc: Felix Kuehling <[email protected]>
> Cc: Alex Deucher <[email protected]>
> Cc: "Christian König" <[email protected]>
> Cc: "Pan, Xinhui" <[email protected]>
> Cc: David Airlie <[email protected]>
> Cc: Daniel Vetter <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
> Signed-off-by: Lee Jones <[email protected]>
> ---
> drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++---------
> 1 file changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> index e4beebb1c80a2..c5d5398d45cbf 100644
> --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> @@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> return ret;
> }
>
> - ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
> - O_RDWR);
> - if (ret < 0) {
> - kfifo_free(&client->fifo);
> - kfree(client);
> - return ret;
> - }
> - *fd = ret;
> -
> init_waitqueue_head(&client->wait_queue);
> spin_lock_init(&client->lock);
> client->events = 0;
> @@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> list_add_rcu(&client->list, &dev->smi_clients);
> spin_unlock(&dev->smi_lock);
>
> + ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
> + O_RDWR);
> + if (ret < 0) {
Thank you for the patch. This looks like the correct solution. But you
also need to remove the client from the dev->smi_clients list here
before kfree(client). With that fixed, the patch is
Reviewed-by: Felix Kuehling <[email protected]>
> + kfifo_free(&client->fifo);
> + kfree(client);
> + return ret;
> + }
> + *fd = ret;
> +
> return 0;
> }
On Wed, 30 Mar 2022, Felix Kuehling wrote:
>
> Am 2022-03-30 um 03:51 schrieb Lee Jones:
> > This ensures userspace cannot prematurely clean-up the client before
> > it is fully initialised which has been proven to cause issues in the
> > past.
> >
> > Cc: Felix Kuehling <[email protected]>
> > Cc: Alex Deucher <[email protected]>
> > Cc: "Christian König" <[email protected]>
> > Cc: "Pan, Xinhui" <[email protected]>
> > Cc: David Airlie <[email protected]>
> > Cc: Daniel Vetter <[email protected]>
> > Cc: [email protected]
> > Cc: [email protected]
> > Signed-off-by: Lee Jones <[email protected]>
> > ---
> > drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++---------
> > 1 file changed, 9 insertions(+), 9 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > index e4beebb1c80a2..c5d5398d45cbf 100644
> > --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c
> > @@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> > return ret;
> > }
> > - ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
> > - O_RDWR);
> > - if (ret < 0) {
> > - kfifo_free(&client->fifo);
> > - kfree(client);
> > - return ret;
> > - }
> > - *fd = ret;
> > -
> > init_waitqueue_head(&client->wait_queue);
> > spin_lock_init(&client->lock);
> > client->events = 0;
> > @@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd)
> > list_add_rcu(&client->list, &dev->smi_clients);
> > spin_unlock(&dev->smi_lock);
> > + ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
> > + O_RDWR);
> > + if (ret < 0) {
>
> Thank you for the patch. This looks like the correct solution. But you also
> need to remove the client from the dev->smi_clients list here before
> kfree(client). With that fixed, the patch is
Yes, that makes perfect sense.
> Reviewed-by: Felix Kuehling <[email protected]>
Thanks Felix. I will provide a follow-up tomorrow.
--
Lee Jones [李琼斯]
Principal Technical Lead - Developer Services
Linaro.org │ Open source software for Arm SoCs
Follow Linaro: Facebook | Twitter | Blog