[PATCH v2 0/4] Have xe_vm and xe_exec_queue take references to xef
Umesh Nerlige Ramappa
umesh.nerlige.ramappa at intel.com
Tue Jul 9 00:28:31 UTC 2024
xe_file_close triggers an asynchronous queue cleanup and then frees up
the xef object. Since queue cleanup flushes all pending jobs and the KMD
stores client usage stats into the xef object after jobs are flushed, we
see a use-after-free for the xef object. Resolve this by taking a
reference to xef from xe_exec_queue.
Issue: https://gitlab.freedesktop.org/drm/xe/kernel/issues/1908
The series adds xef refcounting and ensures all consumers of xef take a
ref to it.
v2:
- Include review comments from v1
- Squash patch 3 and 5 from v1 to add Fixes/Closes tags
Note: Patches 1 - 3 can be merged independently
Signed-off-by: Umesh Nerlige Ramappa <umesh.nerlige.ramappa at intel.com>
Umesh Nerlige Ramappa (4):
drm/xe: Move part of xe_file cleanup to a helper
drm/xe: Add ref counting for xe_file
drm/xe: Take a ref to xe file when user creates a VM
drm/xe: Fix use after free when client stats are captured
drivers/gpu/drm/xe/xe_device.c | 56 +++++++++++++++++++-----
drivers/gpu/drm/xe/xe_device.h | 3 ++
drivers/gpu/drm/xe/xe_device_types.h | 3 ++
drivers/gpu/drm/xe/xe_drm_client.c | 5 +--
drivers/gpu/drm/xe/xe_exec_queue.c | 10 ++++-
drivers/gpu/drm/xe/xe_exec_queue_types.h | 7 ++-
drivers/gpu/drm/xe/xe_vm.c | 6 ++-
7 files changed, 69 insertions(+), 21 deletions(-)
--
2.38.1
More information about the Intel-xe
mailing list