Re: [PATCH 08/62] drm/amdgpu: Fix locking bugs in error paths
From: Christian König
Date: Tue Feb 24 2026 - 03:29:03 EST
On 2/23/26 22:50, Bart Van Assche wrote:
> Do not unlock psp->ras_context.mutex if it has not been locked. This has
> been detected by the Clang thread-safety analyzer.
>
> Cc: Alex Deucher <alexander.deucher@xxxxxxx>
> Cc: Christian König <christian.koenig@xxxxxxx>
> Cc: YiPeng Chai <YiPeng.Chai@xxxxxxx>
> Cc: Hawking Zhang <Hawking.Zhang@xxxxxxx>
> Cc: amd-gfx@xxxxxxxxxxxxxxxxxxxxx
> Fixes: b3fb79cda568 ("drm/amdgpu: add mutex to protect ras shared memory")
> Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
Acked-by: Christian König <christian.koenig@xxxxxxx>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> index 6e8aad91bcd3..0d3c18f04ac3 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c
> @@ -332,13 +332,13 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
> if (!context || !context->initialized) {
> dev_err(adev->dev, "TA is not initialized\n");
> ret = -EINVAL;
> - goto err_free_shared_buf;
> + goto free_shared_buf;
> }
>
> if (!psp->ta_funcs || !psp->ta_funcs->fn_ta_invoke) {
> dev_err(adev->dev, "Unsupported function to invoke TA\n");
> ret = -EOPNOTSUPP;
> - goto err_free_shared_buf;
> + goto free_shared_buf;
> }
>
> context->session_id = ta_id;
> @@ -346,7 +346,7 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
> mutex_lock(&psp->ras_context.mutex);
> ret = prep_ta_mem_context(&context->mem_context, shared_buf, shared_buf_len);
> if (ret)
> - goto err_free_shared_buf;
> + goto unlock;
>
> ret = psp_fn_ta_invoke(psp, cmd_id);
> if (ret || context->resp_status) {
> @@ -354,15 +354,17 @@ static ssize_t ta_if_invoke_debugfs_write(struct file *fp, const char *buf, size
> ret, context->resp_status);
> if (!ret) {
> ret = -EINVAL;
> - goto err_free_shared_buf;
> + goto unlock;
> }
> }
>
> if (copy_to_user((char *)&buf[copy_pos], context->mem_context.shared_buf, shared_buf_len))
> ret = -EFAULT;
>
> -err_free_shared_buf:
> +unlock:
> mutex_unlock(&psp->ras_context.mutex);
> +
> +free_shared_buf:
> kfree(shared_buf);
>
> return ret;