On 2023-09-26 23:00, Xiaogang.Chen
wrote:
Reviewed-by: Philip Yang <Philip.Yang@xxxxxxx>From: Xiaogang Chen <xiaogang.chen@xxxxxxx> prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync svm_bo unref operation to avoid random "use-after-free". Signed-off-by: Xiaogang.Chen <Xiaogang.Chen@xxxxxxx>
--- drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c index 70aa882636ab..8e246e848018 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c @@ -637,6 +637,15 @@ void svm_range_vram_node_free(struct svm_range *prange) { svm_range_bo_unref(prange->svm_bo); prange->ttm_res = NULL; + /* serialize prange->svm_bo unref */ + mutex_lock(&prange->lock); + /* prange->svm_bo has not been unref */ + if (prange->ttm_res) { + prange->ttm_res = NULL; + mutex_unlock(&prange->lock); + svm_range_bo_unref(prange->svm_bo); + } else + mutex_unlock(&prange->lock); } struct kfd_node *