archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 01:04:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

drm/amdgpu: Fix use-after-free race in VM acquire

Browse source 
Replace non-atomic vm->process_info assignment with cmpxchg()
to prevent race when parent/child processes sharing a drm_file
both try to acquire the same VM after fork().

Reviewed-by: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
Signed-off-by: Alysa Liu <Alysa.Liu@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit c7c573275ec20db05be769288a3e3bb2250ec618)
Cc: stable@vger.kernel.org
This commit is contained in:
Alysa Liu 2026-02-05 11:21:45 -05:00 committed by Alex Deucher
parent 68785c5e79
commit 2c1030f2e8
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c
View file

@ -1439,7 +1439,10 @@ static int init_kfd_vm(struct amdgpu_vm *vm, void **process_info,
*process_info = info;
}
vm->process_info = *process_info;
if (cmpxchg(&vm->process_info, NULL, *process_info) != NULL) {
ret = -EINVAL;
goto already_acquired;
}
/* Validate page directory and attach eviction fence */
ret = amdgpu_bo_reserve(vm->root.bo, true);
@ -1479,6 +1482,7 @@ validate_pd_fail:
amdgpu_bo_unreserve(vm->root.bo);
reserve_pd_fail:
vm->process_info = NULL;
already_acquired:
if (info) {
dma_fence_put(&info->eviction_fence->base);
*process_info = NULL;