From: sashiko-bot@kernel.org
To: "Honglei Huang" <honghuan@amd.com>
Cc: dri-devel@lists.freedesktop.org
Subject: Re: [PATCH v8 4/5] drm/gpusvm: move struct drm_gpusvm_pages out of struct drm_gpusvm_range
Date: Tue, 30 Jun 2026 03:58:13 +0000 [thread overview]
Message-ID: <20260630035814.714271F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260630033132.361144-5-honghuan@amd.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
Pre-existing issues:
- [High] Device memory mappings created via `dpagemap->ops->device_map()` are permanently leaked on the error path of `drm_gpusvm_get_pages()`.
--
commit 5200250940d89eac5e1be4b8695f694419586335
Author: Honglei Huang <honghuan@amd.com>
drm/gpusvm: move struct drm_gpusvm_pages out of struct drm_gpusvm_range
This patch separates physical pages from the MM VA range in the DRM GPU SVM
framework. It moves the drm_gpusvm_pages object out of drm_gpusvm_range,
allowing drivers to directly manage MM and device physical pages. The range
level wrappers are replaced with helpers that operate directly on a driver
owned pages object.
> diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c
> index b0e9a2db10803..e0fd0b2fcc5ee 100644
> --- a/drivers/gpu/drm/drm_gpusvm.c
> +++ b/drivers/gpu/drm/drm_gpusvm.c
[ ... ]
> @@ -1638,29 +1695,6 @@ int drm_gpusvm_get_pages(struct drm_gpusvm *gpusvm,
> }
> EXPORT_SYMBOL_GPL(drm_gpusvm_get_pages);
[Severity: High]
This is a pre-existing issue, but does this error path permanently leak
device memory mappings?
If drm_gpusvm_get_pages() maps the first part of a memory range using
device_map(), but then hits a page with a different pagemap (or crosses a
zone device data boundary):
drivers/gpu/drm/drm_gpusvm.c:drm_gpusvm_get_pages() {
...
if (pagemap != page_pgmap(page)) {
if (pagemap) {
err = -EOPNOTSUPP;
goto err_unmap;
}
...
}
It jumps to err_unmap before svm_pages->dpagemap is set.
When it calls __drm_gpusvm_unmap_pages() to clean up:
drivers/gpu/drm/drm_gpusvm.c:__drm_gpusvm_unmap_pages() {
...
else if (dpagemap && dpagemap->ops->device_unmap)
dpagemap->ops->device_unmap(dpagemap, dev, addr);
...
}
Because dpagemap evaluates to NULL on this error path, device_unmap() is
skipped, which appears to leak the previously mapped resources.
Could a local user repeatedly trigger this error path to exhaust device or
IOMMU resources?
[ ... ]
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260630033132.361144-1-honghuan@amd.com?part=4
next prev parent reply other threads:[~2026-06-30 3:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-29 2:29 [PATCH v7 0/5] drm/gpusvm: split MM and device state across gpusvm/range/pages Honglei Huang
2026-06-29 2:29 ` [PATCH v7 1/5] drm/gpusvm: split MM state flags out of drm_gpusvm_pages_flags Honglei Huang
2026-06-29 2:29 ` [PATCH v7 2/5] drm/gpusvm: embed struct drm_device into drm_gpusvm_pages Honglei Huang
2026-06-29 2:29 ` [PATCH v7 3/5] drm/xe: have xe_svm_range embed one drm_gpusvm_pages Honglei Huang
2026-06-29 2:29 ` [PATCH v7 4/5] drm/gpusvm: move struct drm_gpusvm_pages out of struct drm_gpusvm_range Honglei Huang
2026-06-29 16:27 ` Matthew Brost
2026-06-29 2:29 ` [PATCH v7 5/5] drm/gpusvm: let the drm_gpusvm core context purely MM level Honglei Huang
2026-06-29 18:51 ` ✗ CI.KUnit: failure for drm/gpusvm: split MM and device state across gpusvm/range/pages (rev2) Patchwork
2026-06-30 3:31 ` [PATCH v8 0/5] drm/gpusvm: split MM and device state across gpusvm/range/pages Honglei Huang
2026-06-30 3:31 ` [PATCH v8 1/5] drm/gpusvm: split MM state flags out of drm_gpusvm_pages_flags Honglei Huang
2026-06-30 3:31 ` [PATCH v8 2/5] drm/gpusvm: embed struct drm_device into drm_gpusvm_pages Honglei Huang
2026-06-30 3:47 ` sashiko-bot
2026-06-30 3:31 ` [PATCH v8 3/5] drm/xe: have xe_svm_range embed one drm_gpusvm_pages Honglei Huang
2026-06-30 3:31 ` [PATCH v8 4/5] drm/gpusvm: move struct drm_gpusvm_pages out of struct drm_gpusvm_range Honglei Huang
2026-06-30 3:58 ` sashiko-bot [this message]
2026-06-30 3:31 ` [PATCH v8 5/5] drm/gpusvm: let the drm_gpusvm core context purely MM level Honglei Huang
-- strict thread matches above, loose matches on Subject: below --
2026-06-30 3:37 [PATCH v8 0/5] drm/gpusvm: split MM and device state across gpusvm/range/pages Honglei Huang
2026-06-30 3:37 ` [PATCH v8 4/5] drm/gpusvm: move struct drm_gpusvm_pages out of struct drm_gpusvm_range Honglei Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260630035814.714271F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=honghuan@amd.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.