Patch "drm/amdkfd: Fix a race condition of vram buffer unref in svm code" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    drm/amdkfd: Fix a race condition of vram buffer unref in svm code

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     drm-amdkfd-fix-a-race-condition-of-vram-buffer-unref.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 0e049f42f55a32e9c4ad7061d2559ccd80a6d056
Author: Xiaogang Chen <xiaogang.chen@xxxxxxx>
Date:   Wed Sep 27 11:20:28 2023 -0500

    drm/amdkfd: Fix a race condition of vram buffer unref in svm code
    
    [ Upstream commit 709c348261618da7ed89d6c303e2ceb9e453ba74 ]
    
    prange->svm_bo unref can happen in both mmu callback and a callback after
    migrate to system ram. Both are async call in different tasks. Sync svm_bo
    unref operation to avoid random "use-after-free".
    
    Signed-off-by: Xiaogang Chen <xiaogang.chen@xxxxxxx>
    Reviewed-by: Philip Yang <Philip.Yang@xxxxxxx>
    Reviewed-by: Jesse Zhang <Jesse.Zhang@xxxxxxx>
    Tested-by: Jesse Zhang <Jesse.Zhang@xxxxxxx>
    Signed-off-by: Alex Deucher <alexander.deucher@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c
index 2a42fbddcb7ae..2591bdfcc2289 100644
--- a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c
@@ -628,8 +628,15 @@ svm_range_vram_node_new(struct kfd_node *node, struct svm_range *prange,
 
 void svm_range_vram_node_free(struct svm_range *prange)
 {
-	svm_range_bo_unref(prange->svm_bo);
-	prange->ttm_res = NULL;
+	/* serialize prange->svm_bo unref */
+	mutex_lock(&prange->lock);
+	/* prange->svm_bo has not been unref */
+	if (prange->ttm_res) {
+		prange->ttm_res = NULL;
+		mutex_unlock(&prange->lock);
+		svm_range_bo_unref(prange->svm_bo);
+	} else
+		mutex_unlock(&prange->lock);
 }
 
 struct kfd_node *



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux