HMM related use-after-free with amdgpu
Michel Dänzer
michel at daenzer.net
Wed Jul 17 07:47:02 UTC 2019
On 2019-07-17 12:10 a.m., Kuehling, Felix wrote:
> On 2019-07-16 1:04 p.m., Michel Dänzer wrote:
>> On 2019-07-16 6:35 p.m., Jason Gunthorpe wrote:
>>> On Tue, Jul 16, 2019 at 06:31:09PM +0200, Michel Dänzer wrote:
>>>> On 2019-07-15 7:25 p.m., Jason Gunthorpe wrote:
>>>>> On Mon, Jul 15, 2019 at 06:51:06PM +0200, Michel Dänzer wrote:
>>>>>> With a KASAN enabled kernel built from amd-staging-drm-next, the
>>>>>> attached use-after-free is pretty reliably detected during a piglit gpu run.
>>>>> Does this branch you are testing have the hmm.git merged? I think from
>>>>> the name it does not?
>>>> Indeed, no.
>>>>
>>>>
>>>>> Use after free's of this nature were something that was fixed in
>>>>> hmm.git..
>>>>>
>>>>> I don't see an obvious way you can hit something like this with the
>>>>> new code arrangement..
>>>> I tried merging the hmm-devmem-cleanup.4 changes[0] into my 5.2.y +
>>>> drm-next for 5.3 kernel. While the result didn't hit the problem, all
>>>> GL_AMD_pinned_memory piglit tests failed, so I suspect the problem was
>>>> simply avoided by not actually hitting the HMM related functionality.
>>>>
>>>> It's possible that I made a mistake in merging the changes, or that I
>>>> missed some other required changes. But it's also possible that the HMM
>>>> changes broke the corresponding user-pointer functionality in amdgpu.
>>> Not sure, this was all Tested by the AMD team so it should work, I
>>> hope.
>> It can't, due to the issue pointed out by Linus in the "drm pull for
>> 5.3-rc1" thread: DRM_AMDGPU_USERPTR still depends on ARCH_HAS_HMM, which
>> no longer exists, so it can't be enabled.
>
> As far as I can tell, Linus fixed this up in his merge commit
> be8454afc50f43016ca8b6130d9673bdd0bd56ec.
Ah! That's the piece I was missing, since I had merged the drm-next
changes before Linus did. Thanks Felix.
Note that AFAICT it was basically luck that Linus noticed this and fixed
it up. It would be better not to push our luck like this. :)
--
Earthling Michel Dänzer | https://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the amd-gfx
mailing list