On Fri, Dec 8, 2023 at 7:55 AM Christian König <ckoenig.leichtzumerken@xxxxxxxxx> wrote: > > When freeing PD/PT with shadows it can happen that the shadow > destruction races with detaching the PD/PT from the VM causing a NULL > pointer dereference in the invalidation code. > > Fix this by detaching the the PD/PT from the VM first and then > freeinguthe shadow instead. typo. Should read: freeing the shadow. WIth that fixed, the series is: Reviewed-by: Alex Deucher <alexander.deucher@xxxxxxx> > > Signed-off-by: Christian König <christian.koenig@xxxxxxx> > Fixes: https://gitlab.freedesktop.org/drm/amd/-/issues/2867 > Cc: <stable@xxxxxxxxxxxxxxx> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c > index a2287bb25223..a160265ddc07 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm_pt.c > @@ -642,13 +642,14 @@ static void amdgpu_vm_pt_free(struct amdgpu_vm_bo_base *entry) > > if (!entry->bo) > return; > + > + entry->bo->vm_bo = NULL; > shadow = amdgpu_bo_shadowed(entry->bo); > if (shadow) { > ttm_bo_set_bulk_move(&shadow->tbo, NULL); > amdgpu_bo_unref(&shadow); > } > ttm_bo_set_bulk_move(&entry->bo->tbo, NULL); > - entry->bo->vm_bo = NULL; > > spin_lock(&entry->vm->status_lock); > list_del(&entry->vm_status); > -- > 2.34.1 >
