[Intel-xe] [PATCH] drm/xe: Do not unbind destroyed vmas
Matthew Brost
matthew.brost at intel.com
Tue May 23 23:30:35 UTC 2023
On Tue, May 23, 2023 at 10:24:12PM +0200, Nirmoy Das wrote:
> Fix a vma UAF when userspace calls unbind ioctl more
> than once.
>
I see the problem, yea this is kinda an issue but will conflict with the
GPUVA series where this is also fixed by removing the async worker.
Is this a problem from any UMDs? If it isn't I'd say defer this until
the GPUVA series.
Matt
> Signed-off-by: Nirmoy Das <nirmoy.das at intel.com>
> ---
> drivers/gpu/drm/xe/xe_vm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c
> index a0306526b269..7a9f1ba432b8 100644
> --- a/drivers/gpu/drm/xe/xe_vm.c
> +++ b/drivers/gpu/drm/xe/xe_vm.c
> @@ -2769,7 +2769,7 @@ static struct xe_vma *vm_unbind_all_lookup_vmas(struct xe_vm *vm,
> xe_bo_assert_held(bo);
>
> list_for_each_entry(vma, &bo->vmas, bo_link) {
> - if (vma->vm != vm)
> + if (vma->vm != vm || vma->destroyed)
> continue;
>
> prep_vma_destroy(vm, vma);
> --
> 2.39.0
>
More information about the Intel-xe
mailing list