✓ CI.checkpatch: success for series starting with [1/2] Revert "drm/xe/vm: drop vm->destroy_work" (rev2)

Patchwork patchwork at emeril.freedesktop.org
Tue Apr 23 16:04:08 UTC 2024 

== Series Details ==

Series: series starting with [1/2] Revert "drm/xe/vm: drop vm->destroy_work" (rev2)
URL   : https://patchwork.freedesktop.org/series/132756/
State : success

== Summary ==

+ KERNEL=/kernel
+ git clone https://gitlab.freedesktop.org/drm/maintainer-tools mt
Cloning into 'mt'...
warning: redirecting to https://gitlab.freedesktop.org/drm/maintainer-tools.git/
+ git -C mt rev-list -n1 origin/master
0daf0be5bb95eb0a0e42275e00a0e42d8d8fd543
+ cd /kernel
+ git config --global --add safe.directory /kernel
+ git log -n1
commit 3012fe112a0780da3e8ed0e23e6f1ea0c804c29c
Author: Matthew Auld <matthew.auld at intel.com>
Date:   Tue Apr 23 08:47:23 2024 +0100

    drm/xe/vm: prevent UAF in rebind_work_func()
    
    We flush the rebind worker during the vm close phase, however in places
    like preempt_fence_work_func() we seem to queue the rebind worker
    without first checking if the vm has already been closed.  The concern
    here is the vm being closed with the worker flushed, but then being
    rearmed later, which looks like potential uaf, since there is no actual
    refcounting to track the queued worker. We can't take the vm->lock here
    in preempt_rebind_work_func() to first check if the vm is closed since
    that will deadlock, so instead flush the worker again when the vm
    refcount reaches zero.
    
    v2:
     - Grabbing vm->lock in the preempt worker creates a deadlock, so
       checking the closed state is tricky. Instead flush the worker when
       the refcount reaches zero. It should be impossible to queue the
       preempt worker without already holding vm ref.
    
    Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1676
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1591
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1304
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1249
    Signed-off-by: Matthew Auld <matthew.auld at intel.com>
    Cc: Matthew Brost <matthew.brost at intel.com>
    Cc: <stable at vger.kernel.org> # v6.8+
+ /mt/dim checkpatch d3158dfc418559bcd958bae7af47374e38d6f468 drm-intel
02706f940276 Revert "drm/xe/vm: drop vm->destroy_work"
3012fe112a07 drm/xe/vm: prevent UAF in rebind_work_func()

More information about the Intel-xe mailing list