mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-13 06:08:07 +00:00
drm/amdgpu: fix race condition in amd_sched_entity_push_job
As soon as we leave the spinlock after the job has been added to the job queue, we can no longer rely on the job's data to be available. I have seen a null-pointer dereference due to sched == NULL in amd_sched_wakeup via amd_sched_entity_push_job and amd_sched_ib_submit_kernel_helper. Since the latter initializes sched_job->sched with the address of the ring scheduler, which is guaranteed to be non-NULL, this race appears to be a likely culprit. Signed-off-by: Nicolai Hähnle <nicolai.haehnle@amd.com> Bugzilla: https://bugs.freedesktop.org/attachment.cgi?bugid=93079 Reviewed-by: Christian König <christian.koenig@amd.com>
This commit is contained in:
parent
e2f784fa8a
commit
07df04dfcf
1 changed files with 3 additions and 2 deletions
|
@ -288,6 +288,7 @@ amd_sched_entity_pop_job(struct amd_sched_entity *entity)
|
||||||
*/
|
*/
|
||||||
static bool amd_sched_entity_in(struct amd_sched_job *sched_job)
|
static bool amd_sched_entity_in(struct amd_sched_job *sched_job)
|
||||||
{
|
{
|
||||||
|
struct amd_gpu_scheduler *sched = sched_job->sched;
|
||||||
struct amd_sched_entity *entity = sched_job->s_entity;
|
struct amd_sched_entity *entity = sched_job->s_entity;
|
||||||
bool added, first = false;
|
bool added, first = false;
|
||||||
|
|
||||||
|
@ -302,7 +303,7 @@ static bool amd_sched_entity_in(struct amd_sched_job *sched_job)
|
||||||
|
|
||||||
/* first job wakes up scheduler */
|
/* first job wakes up scheduler */
|
||||||
if (first)
|
if (first)
|
||||||
amd_sched_wakeup(sched_job->sched);
|
amd_sched_wakeup(sched);
|
||||||
|
|
||||||
return added;
|
return added;
|
||||||
}
|
}
|
||||||
|
@ -318,9 +319,9 @@ void amd_sched_entity_push_job(struct amd_sched_job *sched_job)
|
||||||
{
|
{
|
||||||
struct amd_sched_entity *entity = sched_job->s_entity;
|
struct amd_sched_entity *entity = sched_job->s_entity;
|
||||||
|
|
||||||
|
trace_amd_sched_job(sched_job);
|
||||||
wait_event(entity->sched->job_scheduled,
|
wait_event(entity->sched->job_scheduled,
|
||||||
amd_sched_entity_in(sched_job));
|
amd_sched_entity_in(sched_job));
|
||||||
trace_amd_sched_job(sched_job);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue