* [PATCH v9 0/2] drm/i915/selftests: Use safe userspace memory for mappings @ 2026-05-07 14:24 Krzysztof Karas 2026-05-07 14:24 ` [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation Krzysztof Karas 2026-05-07 14:24 ` [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present Krzysztof Karas 0 siblings, 2 replies; 6+ messages in thread From: Krzysztof Karas @ 2026-05-07 14:24 UTC (permalink / raw) To: intel-gfx Cc: Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec, Janusz Krzysztofik, Krzysztof Karas Test-with: 20260330102400.1157658-1-krzysztof.karas@intel.com Currently, i915 selftests use unknown process's address space to perform mappings to userspace memory. This is problematic, because there is no control over lifetime of the memory of such task, so the test would occasionally borrow memory scheduled for or in the middle of a cleanup causing SIGBUS errors. Utilize user-provided PID of running userspace process to perfofm mapping in a safe environment. Krzysztof Karas (2): drm/i915/selftests: Prevent userspace mapping invalidation drm/i915/selftests: Run vma tests only if current->mm is present .../drm/i915/gem/selftests/i915_gem_mman.c | 16 ++--- drivers/gpu/drm/i915/i915_selftest.h | 1 + .../gpu/drm/i915/selftests/i915_selftest.c | 68 ++++++++++++++++++- 3 files changed, 76 insertions(+), 9 deletions(-) -- 2.34.1 ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation 2026-05-07 14:24 [PATCH v9 0/2] drm/i915/selftests: Use safe userspace memory for mappings Krzysztof Karas @ 2026-05-07 14:24 ` Krzysztof Karas 2026-05-07 14:54 ` Janusz Krzysztofik 2026-05-07 14:24 ` [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present Krzysztof Karas 1 sibling, 1 reply; 6+ messages in thread From: Krzysztof Karas @ 2026-05-07 14:24 UTC (permalink / raw) To: intel-gfx Cc: Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec, Janusz Krzysztofik, Krzysztof Karas Migration testing in i915 assumes current task's address space to allocate new userspace mapping and uses it without registering real user for that address space in mm_struct. On single NUMA node setups PCI probe executes in the same context as userspace process calling the test (i915_selftest from IGT), but when multiple nodes are available, the PCI code puts probe into a kernel workqueue. This switches execution to a kworker, which does not have its own address space in userspace and must borrow such memory from another process, so "current->active_mm" is unknown at the start of the test. It was observed that mm->mm_users would occasionally be 0 or drop to 0 during the test due to short delay between scheduling and executing work in forked process, which reaped userspace mappings, further leading to failures upon reading from userland memory. Prevent this by adding a PID parameter to a trusted task, so its mm struct may be used if needed. Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14204 Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com> --- v7 (Andi): * Add missing mm reference release on error path. v8: * Keep reference to mm open for the duration of test for readability. (Sebastian) * Be paranoic and explicit about keeping the mm reference, so we are **really** sure about userspace mappings not diappearing. v9: * Drop "Fixes" tag. (Andi) * Revert to using a separate function for mm acquisition. (Andi) * Keep kthread_use/unuse and mmget/mmput calls symmetric. (Janusz) drivers/gpu/drm/i915/i915_selftest.h | 1 + .../gpu/drm/i915/selftests/i915_selftest.c | 68 ++++++++++++++++++- 2 files changed, 68 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_selftest.h b/drivers/gpu/drm/i915/i915_selftest.h index 72922028f4ba..e29ca298e7eb 100644 --- a/drivers/gpu/drm/i915/i915_selftest.h +++ b/drivers/gpu/drm/i915/i915_selftest.h @@ -35,6 +35,7 @@ struct i915_selftest { unsigned long timeout_jiffies; unsigned int timeout_ms; unsigned int random_seed; + unsigned int userspace_pid; char *filter; int mock; int live; diff --git a/drivers/gpu/drm/i915/selftests/i915_selftest.c b/drivers/gpu/drm/i915/selftests/i915_selftest.c index 8460f0a70d04..1e8494bab14b 100644 --- a/drivers/gpu/drm/i915/selftests/i915_selftest.c +++ b/drivers/gpu/drm/i915/selftests/i915_selftest.c @@ -181,11 +181,48 @@ __wait_gsc_huc_load_completed(struct drm_i915_private *i915) pr_warn(DRIVER_NAME "Timed out waiting for huc load via GSC!\n"); } +static struct mm_struct * +get_mm(int u_pid_nr) +{ + struct pid *u_pid = find_get_pid(u_pid_nr); + struct task_struct *task = NULL; + struct mm_struct *mm = NULL; + + if (!u_pid) { + pr_warn("Could not find PID: %d\n", u_pid_nr); + return NULL; + } + + task = get_pid_task(u_pid, PIDTYPE_PID); + put_pid(u_pid); + if (!task) { + pr_warn("Could not find task for PID: %d\n", u_pid_nr); + return NULL; + } + + if (task->flags & PF_KTHREAD) { + pr_warn("Task not in userspace: %d\n", u_pid_nr); + put_task_struct(task); + return NULL; + } + + mm = get_task_mm(task); + put_task_struct(task); + if (!mm) { + pr_warn("Could not find address space of task with PID: %d\n", u_pid_nr); + return NULL; + } + + return mm; +} + static int __run_selftests(const char *name, struct selftest *st, unsigned int count, void *data) { + int u_pid_nr = i915_selftest.userspace_pid; + struct mm_struct *mm = NULL; int err = 0; while (!i915_selftest.random_seed) @@ -201,14 +238,36 @@ static int __run_selftests(const char *name, pr_info(DRIVER_NAME ": Performing %s selftests with st_random_seed=0x%x st_timeout=%u\n", name, i915_selftest.random_seed, i915_selftest.timeout_ms); + /* + * If we are running in a kthread on a multi NUMA system and the user passed + * a valid PID of a userspace task, then we may borrow its address space + * to prepare a safe environment for the mmap selftests. + */ + if (!current->mm) { + mm = get_mm(u_pid_nr); + if (mm) { + kthread_use_mm(mm); + if (unlikely(!current->mm)) { + mmput(mm); + mm = NULL; + pr_warn("Could not set mm as current->mm\n"); + } + } + } + /* Tests are listed in order in i915_*_selftests.h */ for (; count--; st++) { if (!st->enabled) continue; cond_resched(); - if (signal_pending(current)) + if (signal_pending(current)) { + if (mm) { + kthread_unuse_mm(mm); + mmput_async(mm); + } return -EINTR; + } pr_info(DRIVER_NAME ": Running %s\n", st->name); if (data) @@ -226,6 +285,11 @@ static int __run_selftests(const char *name, st->name, err)) err = -1; + if (mm) { + kthread_unuse_mm(mm); + mmput_async(mm); + } + return err; } @@ -507,6 +571,8 @@ void igt_hexdump(const void *buf, size_t len) module_param_named(st_random_seed, i915_selftest.random_seed, uint, 0400); module_param_named(st_timeout, i915_selftest.timeout_ms, uint, 0400); module_param_named(st_filter, i915_selftest.filter, charp, 0400); +module_param_named(st_userspace_pid, i915_selftest.userspace_pid, uint, 0400); +MODULE_PARM_DESC(st_userspace_pid, "For usage in tests that map userspace memory and require address space with controllable lifetime."); module_param_named_unsafe(mock_selftests, i915_selftest.mock, int, 0400); MODULE_PARM_DESC(mock_selftests, "Run selftests before loading, using mock hardware (0:disabled [default], 1:run tests then load driver, -1:run tests then leave dummy module)"); -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation 2026-05-07 14:24 ` [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation Krzysztof Karas @ 2026-05-07 14:54 ` Janusz Krzysztofik 2026-05-08 6:31 ` Krzysztof Karas 0 siblings, 1 reply; 6+ messages in thread From: Janusz Krzysztofik @ 2026-05-07 14:54 UTC (permalink / raw) To: Krzysztof Karas, intel-gfx Cc: Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec Hi Krzysztof, On Thu, 2026-05-07 at 14:24 +0000, Krzysztof Karas wrote: > Migration testing in i915 assumes current task's address space > to allocate new userspace mapping and uses it without > registering real user for that address space in mm_struct. > On single NUMA node setups PCI probe executes in the same > context as userspace process calling the test (i915_selftest > from IGT), but when multiple nodes are available, the PCI code > puts probe into a kernel workqueue. This switches execution to > a kworker, which does not have its own address space in > userspace and must borrow such memory from another process, so > "current->active_mm" is unknown at the start of the test. > > It was observed that mm->mm_users would occasionally be 0 > or drop to 0 during the test due to short delay between > scheduling and executing work in forked process, which reaped > userspace mappings, further leading to failures upon reading > from userland memory. > > Prevent this by adding a PID parameter to a trusted task, so its > mm struct may be used if needed. > > Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14204 > Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com> > --- > v7 (Andi): > * Add missing mm reference release on error path. > > v8: > * Keep reference to mm open for the duration of test for > readability. (Sebastian) > * Be paranoic and explicit about keeping the mm reference, > so we are **really** sure about userspace mappings not > diappearing. > > v9: > * Drop "Fixes" tag. (Andi) > * Revert to using a separate function for mm acquisition. (Andi) > * Keep kthread_use/unuse and mmget/mmput calls symmetric. (Janusz) > > drivers/gpu/drm/i915/i915_selftest.h | 1 + > .../gpu/drm/i915/selftests/i915_selftest.c | 68 ++++++++++++++++++- > 2 files changed, 68 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/i915/i915_selftest.h b/drivers/gpu/drm/i915/i915_selftest.h > index 72922028f4ba..e29ca298e7eb 100644 > --- a/drivers/gpu/drm/i915/i915_selftest.h > +++ b/drivers/gpu/drm/i915/i915_selftest.h > @@ -35,6 +35,7 @@ struct i915_selftest { > unsigned long timeout_jiffies; > unsigned int timeout_ms; > unsigned int random_seed; > + unsigned int userspace_pid; > char *filter; > int mock; > int live; > diff --git a/drivers/gpu/drm/i915/selftests/i915_selftest.c b/drivers/gpu/drm/i915/selftests/i915_selftest.c > index 8460f0a70d04..1e8494bab14b 100644 > --- a/drivers/gpu/drm/i915/selftests/i915_selftest.c > +++ b/drivers/gpu/drm/i915/selftests/i915_selftest.c > @@ -181,11 +181,48 @@ __wait_gsc_huc_load_completed(struct drm_i915_private *i915) > pr_warn(DRIVER_NAME "Timed out waiting for huc load via GSC!\n"); > } > > +static struct mm_struct * > +get_mm(int u_pid_nr) > +{ > + struct pid *u_pid = find_get_pid(u_pid_nr); What happens here if the st_userspace_pid module parameter is not provided? > + struct task_struct *task = NULL; > + struct mm_struct *mm = NULL; > + > + if (!u_pid) { > + pr_warn("Could not find PID: %d\n", u_pid_nr); > + return NULL; > + } > + > + task = get_pid_task(u_pid, PIDTYPE_PID); > + put_pid(u_pid); > + if (!task) { > + pr_warn("Could not find task for PID: %d\n", u_pid_nr); > + return NULL; > + } > + > + if (task->flags & PF_KTHREAD) { > + pr_warn("Task not in userspace: %d\n", u_pid_nr); > + put_task_struct(task); > + return NULL; > + } > + > + mm = get_task_mm(task); > + put_task_struct(task); > + if (!mm) { > + pr_warn("Could not find address space of task with PID: %d\n", u_pid_nr); > + return NULL; > + } > + > + return mm; > +} > + > static int __run_selftests(const char *name, > struct selftest *st, > unsigned int count, > void *data) > { > + int u_pid_nr = i915_selftest.userspace_pid; > + struct mm_struct *mm = NULL; > int err = 0; > > while (!i915_selftest.random_seed) > @@ -201,14 +238,36 @@ static int __run_selftests(const char *name, > pr_info(DRIVER_NAME ": Performing %s selftests with st_random_seed=0x%x st_timeout=%u\n", > name, i915_selftest.random_seed, i915_selftest.timeout_ms); > > + /* > + * If we are running in a kthread on a multi NUMA system and the user passed > + * a valid PID of a userspace task, then we may borrow its address space > + * to prepare a safe environment for the mmap selftests. > + */ > + if (!current->mm) { I think this condition should also check for a valid u_pid_nr. To avoid ambiguity, maybe the i915_selftest.userspace_pid attribute should be initialized to a negative value by default (when not overwritten with the corresponding module parameter). There is no point in submitting any warnings from here if the module parameter is not provided, I believe. Other than that, LGTM. Thanks, Janusz > + mm = get_mm(u_pid_nr); > + if (mm) { > + kthread_use_mm(mm); > + if (unlikely(!current->mm)) { > + mmput(mm); > + mm = NULL; > + pr_warn("Could not set mm as current->mm\n"); > + } > + } > + } > + > /* Tests are listed in order in i915_*_selftests.h */ > for (; count--; st++) { > if (!st->enabled) > continue; > > cond_resched(); > - if (signal_pending(current)) > + if (signal_pending(current)) { > + if (mm) { > + kthread_unuse_mm(mm); > + mmput_async(mm); > + } > return -EINTR; > + } > > pr_info(DRIVER_NAME ": Running %s\n", st->name); > if (data) > @@ -226,6 +285,11 @@ static int __run_selftests(const char *name, > st->name, err)) > err = -1; > > + if (mm) { > + kthread_unuse_mm(mm); > + mmput_async(mm); > + } > + > return err; > } > > @@ -507,6 +571,8 @@ void igt_hexdump(const void *buf, size_t len) > module_param_named(st_random_seed, i915_selftest.random_seed, uint, 0400); > module_param_named(st_timeout, i915_selftest.timeout_ms, uint, 0400); > module_param_named(st_filter, i915_selftest.filter, charp, 0400); > +module_param_named(st_userspace_pid, i915_selftest.userspace_pid, uint, 0400); > +MODULE_PARM_DESC(st_userspace_pid, "For usage in tests that map userspace memory and require address space with controllable lifetime."); > > module_param_named_unsafe(mock_selftests, i915_selftest.mock, int, 0400); > MODULE_PARM_DESC(mock_selftests, "Run selftests before loading, using mock hardware (0:disabled [default], 1:run tests then load driver, -1:run tests then leave dummy module)"); ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation 2026-05-07 14:54 ` Janusz Krzysztofik @ 2026-05-08 6:31 ` Krzysztof Karas 0 siblings, 0 replies; 6+ messages in thread From: Krzysztof Karas @ 2026-05-08 6:31 UTC (permalink / raw) To: Janusz Krzysztofik Cc: intel-gfx, Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec Hi Janusz, [...] > > +++ b/drivers/gpu/drm/i915/selftests/i915_selftest.c > > @@ -181,11 +181,48 @@ __wait_gsc_huc_load_completed(struct drm_i915_private *i915) > > pr_warn(DRIVER_NAME "Timed out waiting for huc load via GSC!\n"); > > } > > > > +static struct mm_struct * > > +get_mm(int u_pid_nr) > > +{ > > + struct pid *u_pid = find_get_pid(u_pid_nr); > > What happens here if the st_userspace_pid module parameter is not provided? Hmm, good catch, let's be paranoid about the usage and make the intent clear. [...] > > static int __run_selftests(const char *name, > > struct selftest *st, > > unsigned int count, > > void *data) > > { > > + int u_pid_nr = i915_selftest.userspace_pid; > > + struct mm_struct *mm = NULL; > > int err = 0; > > > > while (!i915_selftest.random_seed) > > @@ -201,14 +238,36 @@ static int __run_selftests(const char *name, > > pr_info(DRIVER_NAME ": Performing %s selftests with st_random_seed=0x%x st_timeout=%u\n", > > name, i915_selftest.random_seed, i915_selftest.timeout_ms); > > > > + /* > > + * If we are running in a kthread on a multi NUMA system and the user passed > > + * a valid PID of a userspace task, then we may borrow its address space > > + * to prepare a safe environment for the mmap selftests. > > + */ > > + if (!current->mm) { > > I think this condition should also check for a valid u_pid_nr. To avoid > ambiguity, maybe the i915_selftest.userspace_pid attribute should be > initialized to a negative value by default (when not overwritten with the > corresponding module parameter). There is no point in submitting any > warnings from here if the module parameter is not provided, I believe. I like the init to a negative value. I'll also guard agains PID 0, because that is not a value we are interested in, so anything positive is acceptable (I am checking if this is a userspace process later anyway). Thanks for your review. -- Best Regards, Krzysztof ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present 2026-05-07 14:24 [PATCH v9 0/2] drm/i915/selftests: Use safe userspace memory for mappings Krzysztof Karas 2026-05-07 14:24 ` [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation Krzysztof Karas @ 2026-05-07 14:24 ` Krzysztof Karas 2026-05-07 14:33 ` Janusz Krzysztofik 1 sibling, 1 reply; 6+ messages in thread From: Krzysztof Karas @ 2026-05-07 14:24 UTC (permalink / raw) To: intel-gfx Cc: Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec, Janusz Krzysztofik, Krzysztof Karas This set of tests require userspace memory to map objects, so run them only if this that memory is available. Reviewed-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com> Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com> Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com> --- .../gpu/drm/i915/gem/selftests/i915_gem_mman.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c index 9d454d0b46f2..d01acfb7d93d 100644 --- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c +++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c @@ -1847,11 +1847,12 @@ static int igt_mmap_revoke(void *arg) int i915_gem_mman_live_selftests(struct drm_i915_private *i915) { int ret; - bool unuse_mm = false; static const struct i915_subtest tests[] = { SUBTEST(igt_partial_tiling), SUBTEST(igt_smoke_tiling), SUBTEST(igt_mmap_offset_exhaustion), + }; + static const struct i915_subtest vma_tests[] = { SUBTEST(igt_mmap), SUBTEST(igt_mmap_migrate), SUBTEST(igt_mmap_access), @@ -1859,15 +1860,14 @@ int i915_gem_mman_live_selftests(struct drm_i915_private *i915) SUBTEST(igt_mmap_gpu), }; - if (!current->mm) { - kthread_use_mm(current->active_mm); - unuse_mm = true; - } - ret = i915_live_subtests(tests, i915); + if (ret) + return ret; - if (unuse_mm) - kthread_unuse_mm(current->active_mm); + if (current->mm) + ret = i915_live_subtests(vma_tests, i915); + else + pr_warn("No current->mm to safely borrow userspace memory from. Skipping VMA tests.\n"); return ret; } -- 2.34.1 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present 2026-05-07 14:24 ` [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present Krzysztof Karas @ 2026-05-07 14:33 ` Janusz Krzysztofik 0 siblings, 0 replies; 6+ messages in thread From: Janusz Krzysztofik @ 2026-05-07 14:33 UTC (permalink / raw) To: Krzysztof Karas, intel-gfx Cc: Andi Shyti, Sebastian Brzezinka, Krzysztof Niemiec On Thu, 2026-05-07 at 14:24 +0000, Krzysztof Karas wrote: > This set of tests require userspace memory to map objects, so > run them only if this that memory is available. > > Reviewed-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com> > Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com> > Signed-off-by: Krzysztof Karas <krzysztof.karas@intel.com> Reviewed-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com> > --- > .../gpu/drm/i915/gem/selftests/i915_gem_mman.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) > > diff --git a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c > index 9d454d0b46f2..d01acfb7d93d 100644 > --- a/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c > +++ b/drivers/gpu/drm/i915/gem/selftests/i915_gem_mman.c > @@ -1847,11 +1847,12 @@ static int igt_mmap_revoke(void *arg) > int i915_gem_mman_live_selftests(struct drm_i915_private *i915) > { > int ret; > - bool unuse_mm = false; > static const struct i915_subtest tests[] = { > SUBTEST(igt_partial_tiling), > SUBTEST(igt_smoke_tiling), > SUBTEST(igt_mmap_offset_exhaustion), > + }; > + static const struct i915_subtest vma_tests[] = { > SUBTEST(igt_mmap), > SUBTEST(igt_mmap_migrate), > SUBTEST(igt_mmap_access), > @@ -1859,15 +1860,14 @@ int i915_gem_mman_live_selftests(struct drm_i915_private *i915) > SUBTEST(igt_mmap_gpu), > }; > > - if (!current->mm) { > - kthread_use_mm(current->active_mm); > - unuse_mm = true; > - } > - > ret = i915_live_subtests(tests, i915); > + if (ret) > + return ret; > > - if (unuse_mm) > - kthread_unuse_mm(current->active_mm); > + if (current->mm) > + ret = i915_live_subtests(vma_tests, i915); > + else > + pr_warn("No current->mm to safely borrow userspace memory from. Skipping VMA tests.\n"); > > return ret; > } ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-08 6:31 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-05-07 14:24 [PATCH v9 0/2] drm/i915/selftests: Use safe userspace memory for mappings Krzysztof Karas 2026-05-07 14:24 ` [PATCH v9 1/2] drm/i915/selftests: Prevent userspace mapping invalidation Krzysztof Karas 2026-05-07 14:54 ` Janusz Krzysztofik 2026-05-08 6:31 ` Krzysztof Karas 2026-05-07 14:24 ` [PATCH v9 2/2] drm/i915/selftests: Run vma tests only if current->mm is present Krzysztof Karas 2026-05-07 14:33 ` Janusz Krzysztofik
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox