HMM related use-after-free with amdgpu
jgg at mellanox.com
Tue Jul 16 17:20:50 UTC 2019
On Tue, Jul 16, 2019 at 07:04:52PM +0200, Michel Dänzer wrote:
> On 2019-07-16 6:35 p.m., Jason Gunthorpe wrote:
> > On Tue, Jul 16, 2019 at 06:31:09PM +0200, Michel Dänzer wrote:
> >> On 2019-07-15 7:25 p.m., Jason Gunthorpe wrote:
> >>> On Mon, Jul 15, 2019 at 06:51:06PM +0200, Michel Dänzer wrote:
> >>>> With a KASAN enabled kernel built from amd-staging-drm-next, the
> >>>> attached use-after-free is pretty reliably detected during a piglit gpu run.
> >>> Does this branch you are testing have the hmm.git merged? I think from
> >>> the name it does not?
> >> Indeed, no.
> >>> Use after free's of this nature were something that was fixed in
> >>> hmm.git..
> >>> I don't see an obvious way you can hit something like this with the
> >>> new code arrangement..
> >> I tried merging the hmm-devmem-cleanup.4 changes into my 5.2.y +
> >> drm-next for 5.3 kernel. While the result didn't hit the problem, all
> >> GL_AMD_pinned_memory piglit tests failed, so I suspect the problem was
> >> simply avoided by not actually hitting the HMM related functionality.
> >> It's possible that I made a mistake in merging the changes, or that I
> >> missed some other required changes. But it's also possible that the HMM
> >> changes broke the corresponding user-pointer functionality in amdgpu.
> > Not sure, this was all Tested by the AMD team so it should work, I
> > hope.
> It can't, due to the issue pointed out by Linus in the "drm pull for
> 5.3-rc1" thread: DRM_AMDGPU_USERPTR still depends on ARCH_HAS_HMM, which
> no longer exists, so it can't be enabled.
Somehow that merge resolution got missed, but I think the AMD folks
must have included it when they did their merge & test.
More information about the amd-gfx