From: Matthew Auld <matthew.auld@intel.com>
To: intel-gfx@lists.freedesktop.org
Cc: dri-devel@lists.freedesktop.org,
"Thomas Hellström" <thomas.hellstrom@linux.intel.com>,
"Christian König" <christian.koenig@amd.com>
Subject: [Intel-gfx] [PATCH v4 01/14] drm/ttm: stop calling tt_swapin in vm_access
Date: Tue, 21 Sep 2021 12:01:08 +0100 [thread overview]
Message-ID: <20210921110121.3783395-1-matthew.auld@intel.com> (raw)
In commit:
commit 09ac4fcb3f255e9225967c75f5893325c116cdbe
Author: Felix Kuehling <Felix.Kuehling@amd.com>
Date: Thu Jul 13 17:01:16 2017 -0400
drm/ttm: Implement vm_operations_struct.access v2
we added the vm_access hook, where we also directly call tt_swapin for
some reason. If something is swapped-out then the ttm_tt must also be
unpopulated, and since access_kmap should also call tt_populate, if
needed, then swapping-in will already be handled there.
If anything, calling tt_swapin directly here would likely always fail
since the tt->pages won't yet be populated, or worse since the tt->pages
array is never actually cleared in unpopulate this might lead to a nasty
uaf.
Fixes: 09ac4fcb3f25 ("drm/ttm: Implement vm_operations_struct.access v2")
Signed-off-by: Matthew Auld <matthew.auld@intel.com>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Christian König <christian.koenig@amd.com>
---
drivers/gpu/drm/ttm/ttm_bo_vm.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_bo_vm.c b/drivers/gpu/drm/ttm/ttm_bo_vm.c
index f56be5bc0861..5b9b7fd01a69 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_vm.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_vm.c
@@ -519,11 +519,6 @@ int ttm_bo_vm_access(struct vm_area_struct *vma, unsigned long addr,
switch (bo->resource->mem_type) {
case TTM_PL_SYSTEM:
- if (unlikely(bo->ttm->page_flags & TTM_PAGE_FLAG_SWAPPED)) {
- ret = ttm_tt_swapin(bo->ttm);
- if (unlikely(ret != 0))
- return ret;
- }
fallthrough;
case TTM_PL_TT:
ret = ttm_bo_vm_access_kmap(bo, offset, buf, len, write);
--
2.26.3
next reply other threads:[~2021-09-21 11:01 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-21 11:01 Matthew Auld [this message]
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 02/14] drm/ttm: stop setting page->index for the ttm_tt Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 03/14] drm/ttm: move ttm_tt_{add, clear}_mapping into amdgpu Matthew Auld
2021-09-21 11:29 ` Christian König
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 04/14] drm/ttm: remove TTM_PAGE_FLAG_NO_RETRY Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 05/14] drm/ttm: s/FLAG_SG/FLAG_EXTERNAL/ Matthew Auld
2021-09-21 11:30 ` Christian König
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 06/14] drm/ttm: add some kernel-doc for TTM_TT_FLAG_* Matthew Auld
2021-09-21 11:33 ` Christian König
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 07/14] drm/ttm: add TTM_TT_FLAG_EXTERNAL_MAPPABLE Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 08/14] drm/i915/gem: Break out some shmem backend utils Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 09/14] drm/i915/ttm: add tt shmem backend Matthew Auld
2021-09-22 12:14 ` Thomas Hellström
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 10/14] drm/i915/ttm: hide shmem objects from TTM LRU Matthew Auld
2021-09-21 11:48 ` Christian König
2021-09-22 13:34 ` Matthew Auld
2021-09-22 13:59 ` Christian König
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 11/14] drm/i915/ttm: use cached system pages when evicting lmem Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 12/14] drm/i915: try to simplify make_{un}shrinkable Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 13/14] drm/i915/ttm: make evicted shmem pages visible to the shrinker Matthew Auld
2021-09-21 11:01 ` [Intel-gfx] [PATCH v4 14/14] drm/i915/ttm: enable shmem tt backend Matthew Auld
2021-09-21 11:28 ` [Intel-gfx] [PATCH v4 01/14] drm/ttm: stop calling tt_swapin in vm_access Christian König
2021-09-21 11:37 ` Thomas Hellström
2021-09-21 11:42 ` Christian König
2021-09-21 12:59 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for series starting with [v4,01/14] " Patchwork
2021-09-21 13:01 ` [Intel-gfx] ✗ Fi.CI.SPARSE: " Patchwork
2021-09-21 13:30 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2021-09-21 16:03 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210921110121.3783395-1-matthew.auld@intel.com \
--to=matthew.auld@intel.com \
--cc=christian.koenig@amd.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=intel-gfx@lists.freedesktop.org \
--cc=thomas.hellstrom@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox