[PATCH] drm/amdgpu: set bulk_moveable to false when a per VM is released

Tom St Denis tom.stdenis at amd.com
Sun Sep 9 10:38:13 UTC 2018 

On 2018-09-08 5:12 a.m., Huang Rui wrote:
> On Wed, Sep 05, 2018 at 05:08:26PM +0200, Christian König wrote:
>> Otherwise we might run into a use after free during bulk move.
>>
>> Signed-off-by: Christian König <christian.koenig at amd.com>
> 
> Is this patch able to fix the KASAN?
> [   66.143009] ==================================================================
> [   66.143254] BUG: KASAN: use-after-free in ttm_bo_bulk_move_lru_tail+0x2b/0x100 [ttm]
> [   66.143263] Read of size 8 at addr ffff8801f193d550 by task gnome-shel:cs0/4194
> 
> Tom, may we have your tested-by?
> 
> Reviewed-by: Huang Rui <ray.huang at amd.com>

Hi Ray,

I had tested this patch and it failed to survive a piglit run.  The only 
fix so far was to completely disable bulk moves with this:

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c 
b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
index ea5e277ae038..ab244a726ad9 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
@@ -397,7 +397,7 @@ void amdgpu_vm_move_to_lru_tail(struct amdgpu_device 
*adev,
         }
         spin_unlock(&glob->lru_lock);

-       vm->bulk_moveable = true;
+//     vm->bulk_moveable = true;
  }

  /**


Tom

> 
>> ---
>>   drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
>> index ea5e277ae038..ed1e6abda391 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
>> @@ -2513,8 +2513,12 @@ void amdgpu_vm_bo_rmv(struct amdgpu_device *adev,
>>   		      struct amdgpu_bo_va *bo_va)
>>   {
>>   	struct amdgpu_bo_va_mapping *mapping, *next;
>> +	struct amdgpu_bo *bo = bo_va->base.bo;
>>   	struct amdgpu_vm *vm = bo_va->base.vm;
>>   
>> +	if (bo && bo->tbo.resv == vm->root.base.bo->tbo.resv)
>> +		vm->bulk_moveable = false;
>> +
>>   	list_del(&bo_va->base.bo_list);
>>   
>>   	spin_lock(&vm->invalidated_lock);
>> -- 
>> 2.17.1
>>
>> _______________________________________________
>> amd-gfx mailing list
>> amd-gfx at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/amd-gfx

More information about the amd-gfx mailing list