1. 20 Dec, 2022 2 commits
    • Philip Yang's avatar
      drm/amdkfd: Fix double release compute pasid · 41d82649
      Philip Yang authored
      If kfd_process_device_init_vm returns failure after vm is converted to
      compute vm and vm->pasid set to compute pasid, KFD will not take
      pdd->drm_file reference. As a result, drm close file handler maybe
      called to release the compute pasid before KFD process destroy worker to
      release the same pasid and set vm->pasid to zero, this generates below
      WARNING backtrace and NULL pointer access.
      
      Add helper amdgpu_amdkfd_gpuvm_set_vm_pasid and call it at the last step
      of kfd_process_device_init_vm, to ensure vm pasid is the original pasid
      if acquiring vm failed or is the compute pasid with pdd->drm_file
      reference taken to avoid double release same pasid.
      
       amdgpu: Failed to create process VM object
       ida_free called for id=32770 which is not allocated.
       WARNING: CPU: 57 PID: 72542 at ../lib/idr.c:522 ida_free+0x96/0x140
       RIP: 0010:ida_free+0x96/0x140
       Call Trace:
        amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]
        amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]
        drm_file_free.part.13+0x216/0x270 [drm]
        drm_close_helper.isra.14+0x60/0x70 [drm]
        drm_release+0x6e/0xf0 [drm]
        __fput+0xcc/0x280
        ____fput+0xe/0x20
        task_work_run+0x96/0xc0
        do_exit+0x3d0/0xc10
      
       BUG: kernel NULL pointer dereference, address: 0000000000000000
       RIP: 0010:ida_free+0x76/0x140
       Call Trace:
        amdgpu_pasid_free_delayed+0xe1/0x2a0 [amdgpu]
        amdgpu_driver_postclose_kms+0x2d8/0x340 [amdgpu]
        drm_file_free.part.13+0x216/0x270 [drm]
        drm_close_helper.isra.14+0x60/0x70 [drm]
        drm_release+0x6e/0xf0 [drm]
        __fput+0xcc/0x280
        ____fput+0xe/0x20
        task_work_run+0x96/0xc0
        do_exit+0x3d0/0xc10
      Signed-off-by: default avatarPhilip Yang <Philip.Yang@amd.com>
      Reviewed-by: default avatarFelix Kuehling <Felix.Kuehling@amd.com>
      Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      41d82649
    • Philip Yang's avatar
      drm/amdkfd: Fix kfd_process_device_init_vm error handling · cb8dc232
      Philip Yang authored
      Should only destroy the ib_mem and let process cleanup worker to free
      the outstanding BOs. Reset the pointer in pdd->qpd structure, to avoid
      NULL pointer access in process destroy worker.
      
       BUG: kernel NULL pointer dereference, address: 0000000000000010
       Call Trace:
        amdgpu_amdkfd_gpuvm_unmap_gtt_bo_from_kernel+0x46/0xb0 [amdgpu]
        kfd_process_device_destroy_cwsr_dgpu+0x40/0x70 [amdgpu]
        kfd_process_destroy_pdds+0x71/0x190 [amdgpu]
        kfd_process_wq_release+0x2a2/0x3b0 [amdgpu]
        process_one_work+0x2a1/0x600
        worker_thread+0x39/0x3d0
      Signed-off-by: default avatarPhilip Yang <Philip.Yang@amd.com>
      Reviewed-by: default avatarFelix Kuehling <Felix.Kuehling@amd.com>
      Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      cb8dc232
  2. 15 Dec, 2022 38 commits