[PATCH v2 6/8] drm/amdgpu: Register/unregister fpriv in PASID registry on open/postclose

Mon, 16 Feb 2026 07:50:24 -0800 

Register the render-node drm_file (amdgpu_fpriv) under its PASID once VM
initialization succeeds (so fpriv->vm.pasid is valid).

Unregister in the KMS postclose path while the fpriv is still alive, so
KFD->render eventfd notifications can't dereference freed fpriv entries.

Cc: Harish Kasiviswanathan <[email protected]>
Cc: Felix Kuehling <[email protected]>
Cc: Alex Deucher <[email protected]>
Cc: Christian König <[email protected]>
Signed-off-by: Srinivasan Shanmugam <[email protected]>
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c 
b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
index 66e2ae8b7c8a..2fbc6f424718 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
@@ -1619,6 +1619,13 @@ int amdgpu_driver_open_kms(struct drm_device *dev, 
struct drm_file *file_priv)
        if (r)
                goto error_pasid;
 
+       /*
+        * Register PASID->fpriv mapping only after vm_init succeeds so
+        * fpriv->vm.pasid is valid and teardown paths are consistent.
+        */
+       if (fpriv->vm.pasid)
+               amdgpu_eventfd_pasid_register(fpriv, fpriv->vm.pasid);
+
        drm_exec_init(&exec, DRM_EXEC_IGNORE_DUPLICATES, 0);
        drm_exec_until_all_locked(&exec) {
                r = amdgpu_vm_lock_pd(&fpriv->vm, &exec, 0);
@@ -1703,6 +1710,10 @@ void amdgpu_driver_postclose_kms(struct drm_device *dev,
        if (!fpriv)
                return;
 
+       /* Unregister before fpriv teardown so notifier can't see freed fpriv. 
*/
+       if (fpriv->vm.pasid)
+               amdgpu_eventfd_pasid_unregister(fpriv, fpriv->vm.pasid);
+
        amdgpu_eventfd_registry_fini(fpriv);
 
        pm_runtime_get_sync(dev->dev);
@@ -1722,7 +1733,6 @@ void amdgpu_driver_postclose_kms(struct drm_device *dev,
 
        amdgpu_seq64_unmap(adev, fpriv);
 
-       pasid = fpriv->vm.pasid;
        pd = amdgpu_bo_ref(fpriv->vm.root.bo);
        if (!WARN_ON(amdgpu_bo_reserve(pd, true))) {
                amdgpu_vm_bo_del(adev, fpriv->prt_va);
@@ -1748,7 +1758,6 @@ void amdgpu_driver_postclose_kms(struct drm_device *dev,
        pm_runtime_put_autosuspend(dev->dev);
 }
 
-
 void amdgpu_driver_release_kms(struct drm_device *dev)
 {
        struct amdgpu_device *adev = drm_to_adev(dev);
-- 
2.34.1

Reply via email to