Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp982623pxf; Thu, 1 Apr 2021 20:22:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCQYdwOZNnYGc95CH2ayBz1lPorxVmqdNMFZGKI9yzSHk2rQxLpsNhvR+CSngdGOfaEWk4 X-Received: by 2002:a05:6e02:781:: with SMTP id q1mr9468398ils.59.1617333777338; Thu, 01 Apr 2021 20:22:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617333777; cv=none; d=google.com; s=arc-20160816; b=zfdvwdLWfo6bffgtaSAvTUBc5xD4xfZx7oFWgqFAZvDDYVuj2QMWl3zDCWPGWnuPkN g23IMW6ws3yp0VYt86fWRxv5EnmbMD9DT1gA+LfLYgiQ15q9bZ1f35tbMYhpxajEdQTP i9yBf2DF7fdlbDkY/hBMQy3xCjSJxn+LaSXgvEuNzPeTcMdaWUtWZIbvhJp7oiR8xUMr +8JBJSofYg2RAVK+9JRaZAMfZjlkX4Mb6Js7Wbhy8vbHPZrO/MOjcTG3Co6dMM2LMqGA qFD+UX8aWl9yggt+hFJR8KxVM5EbR7lwjAsClVIimyaQz9lQYa1MFoVl2fpV5cLy0g71 b6vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=6Kim097pCo81vc2sXbpdlitPc6VpRrbnKVChlbFJMpA=; b=YLTbuR3HxuM6wuiZR6rAo30xqpCtoIy1f9bOhZKDlcIoVfhAEEuJR+8+eszaMOkVnI DQaGPrcQpaD6HPTqU2AEwkGhwJk3VtHm1qpLD1zQ2RhKTYcDSqZ2w8bl7BeFik/jRWxF Xnl8OF4gmztXgFOjJszVCzUDuYg3WG39zOonIHKQ5ac22R58OPlbh6HDw2BsVU40MnUu s7xefXxPn0MpVjLXoA4KzP83YTRruh2SLwm1dwCL4XmidUrJe/9sq3GkHOymIbEfwjh3 lhIhVIe0kObwrwQvT7quTnJUW7jnb3ZpyvIFigPg1d/zTAtaz17WDm0pBME0ZGrUX7hS N/8w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@126.com header.s=s110527 header.b=BIuE9AoU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=126.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d5si7791608iow.45.2021.04.01.20.22.42; Thu, 01 Apr 2021 20:22:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@126.com header.s=s110527 header.b=BIuE9AoU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=126.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234047AbhDBDVP (ORCPT + 99 others); Thu, 1 Apr 2021 23:21:15 -0400 Received: from m15114.mail.126.com ([220.181.15.114]:50944 "EHLO m15114.mail.126.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233665AbhDBDVO (ORCPT ); Thu, 1 Apr 2021 23:21:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=126.com; s=s110527; h=From:Subject:Date:Message-Id; bh=6Kim097pCo81vc2sXb pdlitPc6VpRrbnKVChlbFJMpA=; b=BIuE9AoUHmnIDE0Or9/Y9WXO0ZhvHoZnS1 rj9YOCFzwDuH7G50yuOWmwSqq77CC415Tg9cfxQh9+XLc1ZLLx30DIzIbIH5Juop MH0unEdZlhx23xThqHpg+Kt4zdjuODwe7zV0RD6A4aO7QHyKfYRVvqF/6vBJTnVA vwPXPwWM4= Received: from localhost.localdomain.localdomain (unknown [182.150.46.145]) by smtp7 (Coremail) with SMTP id DsmowABHgnQfjWZgWTR9PQ--.23034S2; Fri, 02 Apr 2021 11:18:56 +0800 (CST) From: Qu Huang To: alexander.deucher@amd.com, christian.koenig@amd.com, airlied@linux.ie, daniel@ffwll.ch, sumit.semwal@linaro.org, airlied@redhat.com, ray.huang@amd.com, Mihir.Patel@amd.com, nirmoy.aiemd@gmail.com Cc: amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, linaro-mm-sig@lists.linaro.org, jinsdb@126.com Subject: [PATCH] drm/amdgpu: Fix a potential sdma invalid access Date: Fri, 2 Apr 2021 11:18:47 +0800 Message-Id: <1617333527-89782-1-git-send-email-jinsdb@126.com> X-Mailer: git-send-email 1.8.3.1 X-CM-TRANSID: DsmowABHgnQfjWZgWTR9PQ--.23034S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7ZrykXFW3CF1fur4fuF45Wrg_yoW8WF1DpF s5GFy2kr1UZw47XrWDZF4kX3s0k3Z3XFy8GF4av3ZIqw13XF98XFyrJFW3tF17XF4xursF qF1vk3yfu3Wj9F7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x0zRAsqAUUUUU= X-Originating-IP: [182.150.46.145] X-CM-SenderInfo: pmlq2vbe6rjloofrz/1tbigQBoDlpECr--IAAAsT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Before dma_resv_lock(bo->base.resv, NULL) in amdgpu_bo_release_notify(), the bo->base.resv lock may be held by ttm_mem_evict_first(), and the VRAM mem will be evicted, mem region was replaced by Gtt mem region. amdgpu_bo_release_notify() will then hold the bo->base.resv lock, and SDMA will get an invalid address in amdgpu_fill_buffer(), resulting in a VMFAULT or memory corruption. To avoid it, we have to hold bo->base.resv lock first, and check whether the mem.mem_type is TTM_PL_VRAM. Signed-off-by: Qu Huang --- drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c index 4b29b82..8018574 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c @@ -1300,12 +1300,16 @@ void amdgpu_bo_release_notify(struct ttm_buffer_object *bo) if (bo->base.resv == &bo->base._resv) amdgpu_amdkfd_remove_fence_on_pt_pd_bos(abo); - if (bo->mem.mem_type != TTM_PL_VRAM || !bo->mem.mm_node || - !(abo->flags & AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE)) + if (!(abo->flags & AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE)) return; dma_resv_lock(bo->base.resv, NULL); + if (bo->mem.mem_type != TTM_PL_VRAM || !bo->mem.mm_node) { + dma_resv_unlock(bo->base.resv); + return; + } + r = amdgpu_fill_buffer(abo, AMDGPU_POISON, bo->base.resv, &fence); if (!WARN_ON(r)) { amdgpu_bo_fence(abo, fence, false); -- 1.8.3.1