diff options
| author | Xiaogang Chen <[email protected]> | 2023-09-27 11:20:28 -0500 |
|---|---|---|
| committer | Alex Deucher <[email protected]> | 2023-09-28 15:44:29 -0400 |
| commit | 709c348261618da7ed89d6c303e2ceb9e453ba74 (patch) | |
| tree | ae1ce3b6a0794dde0477a546e2e5547f120b559e | |
| parent | 003048ddf44b1a6cfa57afa5a0cf40673e13f1ba (diff) | |
drm/amdkfd: Fix a race condition of vram buffer unref in svm code
prange->svm_bo unref can happen in both mmu callback and a callback after
migrate to system ram. Both are async call in different tasks. Sync svm_bo
unref operation to avoid random "use-after-free".
Signed-off-by: Xiaogang Chen <[email protected]>
Reviewed-by: Philip Yang <[email protected]>
Reviewed-by: Jesse Zhang <[email protected]>
Tested-by: Jesse Zhang <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
| -rw-r--r-- | drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c index 58cca80589ae..1d5f91678fa9 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_svm.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_svm.c @@ -637,8 +637,15 @@ create_bo_failed: void svm_range_vram_node_free(struct svm_range *prange) { - svm_range_bo_unref(prange->svm_bo); - prange->ttm_res = NULL; + /* serialize prange->svm_bo unref */ + mutex_lock(&prange->lock); + /* prange->svm_bo has not been unref */ + if (prange->ttm_res) { + prange->ttm_res = NULL; + mutex_unlock(&prange->lock); + svm_range_bo_unref(prange->svm_bo); + } else + mutex_unlock(&prange->lock); } struct kfd_node * |