[PATCH 1/1] drm/amdkfd: Create file descriptor after client is added to smi_clients list
This ensures userspace cannot prematurely clean-up the client before it is fully initialised which has been proven to cause issues in the past.
Cc: Felix Kuehling Felix.Kuehling@amd.com Cc: Alex Deucher alexander.deucher@amd.com Cc: "Christian König" christian.koenig@amd.com Cc: "Pan, Xinhui" Xinhui.Pan@amd.com Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Cc: amd-gfx@lists.freedesktop.org Cc: dri-devel@lists.freedesktop.org Signed-off-by: Lee Jones lee.jones@linaro.org --- drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c index e4beebb1c80a2..c5d5398d45cbf 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c @@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) return ret; }
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client, - O_RDWR); - if (ret < 0) { - kfifo_free(&client->fifo); - kfree(client); - return ret; - } - *fd = ret; - init_waitqueue_head(&client->wait_queue); spin_lock_init(&client->lock); client->events = 0; @@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) list_add_rcu(&client->list, &dev->smi_clients); spin_unlock(&dev->smi_lock);
+ ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client, + O_RDWR); + if (ret < 0) { + kfifo_free(&client->fifo); + kfree(client); + return ret; + } + *fd = ret; + return 0; }
Am 2022-03-30 um 03:51 schrieb Lee Jones:
This ensures userspace cannot prematurely clean-up the client before it is fully initialised which has been proven to cause issues in the past.
Cc: Felix Kuehling Felix.Kuehling@amd.com Cc: Alex Deucher alexander.deucher@amd.com Cc: "Christian König" christian.koenig@amd.com Cc: "Pan, Xinhui" Xinhui.Pan@amd.com Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Cc: amd-gfx@lists.freedesktop.org Cc: dri-devel@lists.freedesktop.org Signed-off-by: Lee Jones lee.jones@linaro.org
drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c index e4beebb1c80a2..c5d5398d45cbf 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c @@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) return ret; }
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
O_RDWR);- if (ret < 0) {
kfifo_free(&client->fifo);kfree(client);return ret;- }
- *fd = ret;
- init_waitqueue_head(&client->wait_queue); spin_lock_init(&client->lock); client->events = 0;
@@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) list_add_rcu(&client->list, &dev->smi_clients); spin_unlock(&dev->smi_lock);
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
O_RDWR);- if (ret < 0) {
Thank you for the patch. This looks like the correct solution. But you also need to remove the client from the dev->smi_clients list here before kfree(client). With that fixed, the patch is
Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com
kfifo_free(&client->fifo);kfree(client);return ret;- }
- *fd = ret;
- return 0; }
On Wed, 30 Mar 2022, Felix Kuehling wrote:
Am 2022-03-30 um 03:51 schrieb Lee Jones:
This ensures userspace cannot prematurely clean-up the client before it is fully initialised which has been proven to cause issues in the past.
Cc: Felix Kuehling Felix.Kuehling@amd.com Cc: Alex Deucher alexander.deucher@amd.com Cc: "Christian König" christian.koenig@amd.com Cc: "Pan, Xinhui" Xinhui.Pan@amd.com Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Cc: amd-gfx@lists.freedesktop.org Cc: dri-devel@lists.freedesktop.org Signed-off-by: Lee Jones lee.jones@linaro.org
drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c index e4beebb1c80a2..c5d5398d45cbf 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_smi_events.c @@ -247,15 +247,6 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) return ret; }
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
O_RDWR);- if (ret < 0) {
kfifo_free(&client->fifo);kfree(client);return ret;- }
- *fd = ret;
- init_waitqueue_head(&client->wait_queue); spin_lock_init(&client->lock); client->events = 0;
@@ -265,5 +256,14 @@ int kfd_smi_event_open(struct kfd_dev *dev, uint32_t *fd) list_add_rcu(&client->list, &dev->smi_clients); spin_unlock(&dev->smi_lock);
- ret = anon_inode_getfd(kfd_smi_name, &kfd_smi_ev_fops, (void *)client,
O_RDWR);- if (ret < 0) {
Thank you for the patch. This looks like the correct solution. But you also need to remove the client from the dev->smi_clients list here before kfree(client). With that fixed, the patch is
Yes, that makes perfect sense.
Reviewed-by: Felix Kuehling Felix.Kuehling@amd.com
Thanks Felix. I will provide a follow-up tomorrow.
dri-devel@lists.freedesktop.org
-
Felix Kuehling -
Lee Jones