From: Yifan Zhang <yifan1.zhang@amd.com>
Date: Sat, 14 Aug 2021 17:53:14 +0800
Subject: drm/amdkfd: fix KFDSVMRangeTest.PartialUnmapSysMemTest fails
Git-commit: 9c152f54d9f6abdc9dd0817d8634c3ea0842c1c4
Patch-mainline: v5.16-rc1
References: jsc#PED-1294, bsc#1204363, CVE-2022-3523
[ RUN ] KFDSVMRangeTest.PartialUnmapSysMemTest
/home/yifan/brahma/libhsakmt/tests/kfdtest/src/KFDTestUtil.cpp:245: Failure
Value of: (hsaKmtAllocMemory(m_Node, m_Size, m_Flags, &m_pBuf))
Actual: 1
Expected: HSAKMT_STATUS_SUCCESS
Which is: 0
/home/yifan/brahma/libhsakmt/tests/kfdtest/src/KFDTestUtil.cpp:248: Failure
Value of: (hsaKmtMapMemoryToGPUNodes(m_pBuf, m_Size, __null, mapFlags, 1, &m_Node))
Actual: 1
Expected: HSAKMT_STATUS_SUCCESS
Which is: 0
/home/yifan/brahma/libhsakmt/tests/kfdtest/src/KFDTestUtil.cpp:306: Failure
Expected: ((void *)__null) != (ptr), actual: NULL vs NULL
Segmentation fault (core dumped)
[ ] Profile: Full Test
[ ] HW capabilities: 0x9
kernel log:
[ 102.029150] ret_from_fork+0x22/0x30
[ 102.029158] ---[ end trace 15c34e782714f9a3 ]---
[ 3613.603598] amdgpu: Address: 0x7f7149ccc000 already allocated by SVM
[ 3613.610620] show_signal_msg: 27 callbacks suppressed
These is race with deferred actions from previous memory map
changes (e.g. munmap).Flush pending deffered work to avoid such case.
Signed-off-by: Yifan Zhang <yifan1.zhang@amd.com>
Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
---
drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
@@ -1261,7 +1261,12 @@ static int kfd_ioctl_alloc_memory_of_gpu
return -EINVAL;
#if IS_ENABLED(CONFIG_HSA_AMD_SVM)
+ /* Flush pending deferred work to avoid racing with deferred actions
+ * from previous memory map changes (e.g. munmap).
+ */
+ svm_range_list_lock_and_flush_work(svms, current->mm);
mutex_lock(&svms->lock);
+ mmap_write_unlock(current->mm);
if (interval_tree_iter_first(&svms->objects,
args->va_addr >> PAGE_SHIFT,
(args->va_addr + args->size - 1) >> PAGE_SHIFT)) {