HMM related use-after-free with amdgpu
Felix.Kuehling at amd.com
Tue Jul 16 22:10:46 UTC 2019
On 2019-07-16 1:04 p.m., Michel Dänzer wrote:
> On 2019-07-16 6:35 p.m., Jason Gunthorpe wrote:
>> On Tue, Jul 16, 2019 at 06:31:09PM +0200, Michel Dänzer wrote:
>>> On 2019-07-15 7:25 p.m., Jason Gunthorpe wrote:
>>>> On Mon, Jul 15, 2019 at 06:51:06PM +0200, Michel Dänzer wrote:
>>>>> With a KASAN enabled kernel built from amd-staging-drm-next, the
>>>>> attached use-after-free is pretty reliably detected during a piglit gpu run.
>>>> Does this branch you are testing have the hmm.git merged? I think from
>>>> the name it does not?
>>> Indeed, no.
>>>> Use after free's of this nature were something that was fixed in
>>>> I don't see an obvious way you can hit something like this with the
>>>> new code arrangement..
>>> I tried merging the hmm-devmem-cleanup.4 changes into my 5.2.y +
>>> drm-next for 5.3 kernel. While the result didn't hit the problem, all
>>> GL_AMD_pinned_memory piglit tests failed, so I suspect the problem was
>>> simply avoided by not actually hitting the HMM related functionality.
>>> It's possible that I made a mistake in merging the changes, or that I
>>> missed some other required changes. But it's also possible that the HMM
>>> changes broke the corresponding user-pointer functionality in amdgpu.
>> Not sure, this was all Tested by the AMD team so it should work, I
> It can't, due to the issue pointed out by Linus in the "drm pull for
> 5.3-rc1" thread: DRM_AMDGPU_USERPTR still depends on ARCH_HAS_HMM, which
> no longer exists, so it can't be enabled.
As far as I can tell, Linus fixed this up in his merge commit
be8454afc50f43016ca8b6130d9673bdd0bd56ec. Jason, is hmm.git going to get
rebased or merge to pick up the amdgpu changes for HMM from master?
> Fixing that up manually, it successfully finished a piglit run with that
> functionality enabled as well.
More information about the amd-gfx