HMM related use-after-free with amdgpu
Michel Dänzer
michel at daenzer.net
Tue Jul 16 17:04:52 UTC 2019
On 2019-07-16 6:35 p.m., Jason Gunthorpe wrote:
> On Tue, Jul 16, 2019 at 06:31:09PM +0200, Michel Dänzer wrote:
>> On 2019-07-15 7:25 p.m., Jason Gunthorpe wrote:
>>> On Mon, Jul 15, 2019 at 06:51:06PM +0200, Michel Dänzer wrote:
>>>>
>>>> With a KASAN enabled kernel built from amd-staging-drm-next, the
>>>> attached use-after-free is pretty reliably detected during a piglit gpu run.
>>>
>>> Does this branch you are testing have the hmm.git merged? I think from
>>> the name it does not?
>>
>> Indeed, no.
>>
>>
>>> Use after free's of this nature were something that was fixed in
>>> hmm.git..
>>>
>>> I don't see an obvious way you can hit something like this with the
>>> new code arrangement..
>>
>> I tried merging the hmm-devmem-cleanup.4 changes[0] into my 5.2.y +
>> drm-next for 5.3 kernel. While the result didn't hit the problem, all
>> GL_AMD_pinned_memory piglit tests failed, so I suspect the problem was
>> simply avoided by not actually hitting the HMM related functionality.
>>
>> It's possible that I made a mistake in merging the changes, or that I
>> missed some other required changes. But it's also possible that the HMM
>> changes broke the corresponding user-pointer functionality in amdgpu.
>
> Not sure, this was all Tested by the AMD team so it should work, I
> hope.
It can't, due to the issue pointed out by Linus in the "drm pull for
5.3-rc1" thread: DRM_AMDGPU_USERPTR still depends on ARCH_HAS_HMM, which
no longer exists, so it can't be enabled.
Fixing that up manually, it successfully finished a piglit run with that
functionality enabled as well.
--
Earthling Michel Dänzer | https://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the amd-gfx
mailing list