On Thu, Feb 12, 2026 at 2:32 PM Chen, Xiaogang <[email protected]> wrote: > > [AMD Official Use Only - AMD Internal Distribution Only] > > > Let parent/child process share same vm will cause multiple issues. There is > no use case or need for that. It should be prevented at uses space, not work > around at this specific place in driver. >
I agree that userspace shouldn't to stupid things, but if it does, the kernel needs to gracefully handle it. Alex > > > Regards > > Xiaogang > > > > From: amd-gfx <[email protected]> On Behalf Of > Kasiviswanathan, Harish > Sent: Thursday, February 12, 2026 12:31 PM > To: Liu, Alysa <[email protected]>; [email protected] > Cc: Deucher, Alexander <[email protected]> > Subject: Re: [PATCH] drm/amdgpu: Fix use-after-free race in VM acquire > > > > [AMD Official Use Only - AMD Internal Distribution Only] > > > > Reviewed-by: Harish Kasiviswanathan <[email protected]> > > ________________________________ > > From: Liu, Alysa <[email protected]> > Sent: Thursday, February 5, 2026 11:28 AM > To: [email protected] <[email protected]> > Cc: Deucher, Alexander <[email protected]>; Kasiviswanathan, Harish > <[email protected]>; Liu, Alysa <[email protected]> > Subject: [PATCH] drm/amdgpu: Fix use-after-free race in VM acquire > > > > Replace non-atomic vm->process_info assignment with cmpxchg() > to prevent race when parent/child processes sharing a drm_file > both try to acquire the same VM after fork(). > > Signed-off-by: [email protected] <[email protected]> > --- > drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > index 00ea69baa126..f7b2358a0303 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > @@ -1432,7 +1432,10 @@ static int init_kfd_vm(struct amdgpu_vm *vm, void > **process_info, > *process_info = info; > } > > - vm->process_info = *process_info; > + if (cmpxchg(&vm->process_info, NULL, *process_info) != NULL) { > + ret = -EINVAL; > + goto already_acquired; > + } > > /* Validate page directory and attach eviction fence */ > ret = amdgpu_bo_reserve(vm->root.bo, true); > @@ -1472,6 +1475,7 @@ static int init_kfd_vm(struct amdgpu_vm *vm, void > **process_info, > amdgpu_bo_unreserve(vm->root.bo); > reserve_pd_fail: > vm->process_info = NULL; > +already_acquired: > if (info) { > dma_fence_put(&info->eviction_fence->base); > *process_info = NULL; > -- > 2.34.1
