[AMD Official Use Only - AMD Internal Distribution Only] Let parent/child process share same vm will cause multiple issues. There is no use case or need for that. It should be prevented at uses space, not work around at this specific place in driver.
Regards Xiaogang From: amd-gfx <[email protected]> On Behalf Of Kasiviswanathan, Harish Sent: Thursday, February 12, 2026 12:31 PM To: Liu, Alysa <[email protected]>; [email protected] Cc: Deucher, Alexander <[email protected]> Subject: Re: [PATCH] drm/amdgpu: Fix use-after-free race in VM acquire [AMD Official Use Only - AMD Internal Distribution Only] Reviewed-by: Harish Kasiviswanathan <[email protected]<mailto:[email protected]>> ________________________________ From: Liu, Alysa <[email protected]<mailto:[email protected]>> Sent: Thursday, February 5, 2026 11:28 AM To: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> Cc: Deucher, Alexander <[email protected]<mailto:[email protected]>>; Kasiviswanathan, Harish <[email protected]<mailto:[email protected]>>; Liu, Alysa <[email protected]<mailto:[email protected]>> Subject: [PATCH] drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race when parent/child processes sharing a drm_file both try to acquire the same VM after fork(). Signed-off-by: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> --- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c index 00ea69baa126..f7b2358a0303 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c @@ -1432,7 +1432,10 @@ static int init_kfd_vm(struct amdgpu_vm *vm, void **process_info, *process_info = info; } - vm->process_info = *process_info; + if (cmpxchg(&vm->process_info, NULL, *process_info) != NULL) { + ret = -EINVAL; + goto already_acquired; + } /* Validate page directory and attach eviction fence */ ret = amdgpu_bo_reserve(vm->root.bo, true); @@ -1472,6 +1475,7 @@ static int init_kfd_vm(struct amdgpu_vm *vm, void **process_info, amdgpu_bo_unreserve(vm->root.bo); reserve_pd_fail: vm->process_info = NULL; +already_acquired: if (info) { dma_fence_put(&info->eviction_fence->base); *process_info = NULL; -- 2.34.1
