HMM related use-after-free with amdgpu

[Jason Gunthorpe]

On Tue, Jul 16, 2019 at 10:10:46PM +0000, Kuehling, Felix wrote:
> On 2019-07-16 1:04 p.m., Michel Dänzer wrote:
> > On 2019-07-16 6:35 p.m., Jason Gunthorpe wrote:
> >> On Tue, Jul 16, 2019 at 06:31:09PM +0200, Michel Dänzer wrote:
> >>> On 2019-07-15 7:25 p.m., Jason Gunthorpe wrote:
> >>>> On Mon, Jul 15, 2019 at 06:51:06PM +0200, Michel Dänzer wrote:
> >>>>> With a KASAN enabled kernel built from amd-staging-drm-next, the
> >>>>> attached use-after-free is pretty reliably detected during a piglit gpu run.
> >>>> Does this branch you are testing have the hmm.git merged? I think from
> >>>> the name it does not?
> >>> Indeed, no.
> >>>
> >>>
> >>>> Use after free's of this nature were something that was fixed in
> >>>> hmm.git..
> >>>>
> >>>> I don't see an obvious way you can hit something like this with the
> >>>> new code arrangement..
> >>> I tried merging the hmm-devmem-cleanup.4 changes[0] into my 5.2.y +
> >>> drm-next for 5.3 kernel. While the result didn't hit the problem, all
> >>> GL_AMD_pinned_memory piglit tests failed, so I suspect the problem was
> >>> simply avoided by not actually hitting the HMM related functionality.
> >>>
> >>> It's possible that I made a mistake in merging the changes, or that I
> >>> missed some other required changes. But it's also possible that the HMM
> >>> changes broke the corresponding user-pointer functionality in amdgpu.
> >> Not sure, this was all Tested by the AMD team so it should work, I
> >> hope.
> > It can't, due to the issue pointed out by Linus in the "drm pull for
> > 5.3-rc1" thread: DRM_AMDGPU_USERPTR still depends on ARCH_HAS_HMM, which
> > no longer exists, so it can't be enabled.
> 
> As far as I can tell, Linus fixed this up in his merge commit 
> be8454afc50f43016ca8b6130d9673bdd0bd56ec. Jason, is hmm.git going to get 
> rebased or merge to pick up the amdgpu changes for HMM from master?

It will be reset to -rc1 when it comes out, then we start all over
again.

Jason