Linux Kernel AMDGPU Fence Reference Leak Vulnerability in User Mode Queue Teardown

A vulnerability in the Linux kernel's AMDGPU driver has been addressed, concerning a fence reference leak during the teardown of user mode queues. The issue arises because the user queue maintains a pointer to the last fence, which holds an additional reference. When the queue is destroyed, the fence driver and its associated data structure are freed, but the reference to the last fence is not properly released. This oversight can cause the fence object to persist after the driver has been unloaded, leaving a memory allocation in the AMDGPU user queue fence slab cache. The problem becomes apparent during the driver unload process, which reveals remaining objects in the slab cache, indicating a failure to properly clean up. The vulnerability has been fixed by ensuring that the last fence reference is released and the pointer cleared before the user queue is fully destroyed, allowing the slab cache to be emptied before the module exits.

Impact

The vulnerability can lead to a memory leak, where allocated objects remain in the AMDGPU user queue fence slab cache, causing potential issues during driver unload.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.