From patchwork Wed Dec 2 13:18:30 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Nicolai_H=C3=A4hnle?= X-Patchwork-Id: 7745921 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 9644ABEEE1 for ; Wed, 2 Dec 2015 13:18:43 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id BC6C520607 for ; Wed, 2 Dec 2015 13:18:42 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id A662F2061C for ; Wed, 2 Dec 2015 13:18:41 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id DAD096E9B6; Wed, 2 Dec 2015 05:18:40 -0800 (PST) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wm0-f53.google.com (mail-wm0-f53.google.com [74.125.82.53]) by gabe.freedesktop.org (Postfix) with ESMTPS id 62A3A6E9B6 for ; Wed, 2 Dec 2015 05:18:39 -0800 (PST) Received: by wmww144 with SMTP id w144so214443015wmw.1 for ; Wed, 02 Dec 2015 05:18:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:mime-version:content-type :content-transfer-encoding; bh=Pkncd6QqzSsGkcen6qiuzRGS4b8Chdn623avpwoKzmo=; b=Iq2f0KXgZsurwqYBQMTYwhhYDqfw2UPBFVgZ+uhOsndKg5HWkW/BbNpfIzdWDp8NNi HcjwnA5/Gf5L2cbbCZmjkuXiRWLOXOd34o4gF7SaZYMxZF1oxdTfcR8tWHzjCSC7TCh8 2eJm+GOpU4joTn8VIl0tgKfJfdx3yw1CHvqFtjeGKxasD4HfZs84OZ8Ev/3RclTqlmSv ezrZ8r5pRnyLHnM5xdSDOfrHndDTXo2/cr7ne4pu+j0GyebwyYVPS0IozmyH0B1mMX2l O1JX1EgTUlbHaTcQqLorPwbJE6UcvF8YgkKM3cVZ8gbdqL7ppc6XqLhJcmNQjGRNlPuI 9YYg== X-Received: by 10.28.172.129 with SMTP id v123mr5833680wme.47.1449062317780; Wed, 02 Dec 2015 05:18:37 -0800 (PST) Received: from cassiopeia.fritz.box (aftr-185-17-207-171.dynamic.mnet-online.de. [185.17.207.171]) by smtp.gmail.com with ESMTPSA id q6sm2760336wjx.28.2015.12.02.05.18.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 02 Dec 2015 05:18:37 -0800 (PST) From: =?UTF-8?q?Nicolai=20H=C3=A4hnle?= To: dri-devel@lists.freedesktop.org Subject: [PATCH] drm/amdgpu: fix race condition in amd_sched_entity_push_job Date: Wed, 2 Dec 2015 14:18:30 +0100 Message-Id: <1449062310-2879-1-git-send-email-nhaehnle@gmail.com> X-Mailer: git-send-email 2.5.0 MIME-Version: 1.0 Cc: =?UTF-8?q?Nicolai=20H=C3=A4hnle?= X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_MED, T_DKIM_INVALID, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Nicolai Hähnle As soon as we leave the spinlock after the job has been added to the job queue, we can no longer rely on the job's data to be available. I have seen a null-pointer dereference due to sched == NULL in amd_sched_wakeup via amd_sched_entity_push_job and amd_sched_ib_submit_kernel_helper. Since the latter initializes sched_job->sched with the address of the ring scheduler, which is guaranteed to be non-NULL, this race appears to be a likely culprit. Signed-off-by: Nicolai Hähnle Bugzilla: https://bugs.freedesktop.org/attachment.cgi?bugid=93079 Reviewed-by: Christian König --- drivers/gpu/drm/amd/scheduler/gpu_scheduler.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c index e13b7a0..5ace1a7 100644 --- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c +++ b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c @@ -288,6 +288,7 @@ amd_sched_entity_pop_job(struct amd_sched_entity *entity) */ static bool amd_sched_entity_in(struct amd_sched_job *sched_job) { + struct amd_gpu_scheduler *sched = sched_job->sched; struct amd_sched_entity *entity = sched_job->s_entity; bool added, first = false; @@ -302,7 +303,7 @@ static bool amd_sched_entity_in(struct amd_sched_job *sched_job) /* first job wakes up scheduler */ if (first) - amd_sched_wakeup(sched_job->sched); + amd_sched_wakeup(sched); return added; } @@ -318,9 +319,9 @@ void amd_sched_entity_push_job(struct amd_sched_job *sched_job) { struct amd_sched_entity *entity = sched_job->s_entity; + trace_amd_sched_job(sched_job); wait_event(entity->sched->job_scheduled, amd_sched_entity_in(sched_job)); - trace_amd_sched_job(sched_job); } /**