Three small fixes for the IOVA/DMA unmap path in
__drm_gpusvm_unmap_pages() and the get_pages() error path, all spotted by
AI review:
- Free the whole IOVA reservation on unmap. In a mixed range only the
system pages are linked, so freeing just the linked part leaks the
IOVA reserved for the device pages. Unlink the linked portion and
free the whole reservation. On the get_pages() error path
state_offset is 0, so skip the unlink, also avoiding the
uninitialised dma_addr[0].dir read, allocate dma_addr with the
zeroing kvzalloc_objs().
- Do not route system pages to device_unmap() on the IOVA path. Branch
off addr->proto so only real device pages reach device_unmap().
- Publish dpagemap early to avoid leaking device mappings on the
get_pages() error path. It was only stored on success, so a mid-way
failure left svm_pages->dpagemap NULL and skipped device_unmap().
Assign it when the first device page is mapped.
All three issues are preexisting and independent of the gpusvm MM/device
state split series; they were surfaced by the AI review of that series,
so this series addresses them separately.
V4:
- Add reviewed-by for Matt's review.
V3:
- Add fixes for all patches, add Cc stable.
- Add reviewed by in patch 1.
- Move AI review note into commit message instead of reported by.
V2:
- patch 1: extend the uninitialized dma_addr[0].dir fix into freeing
the whole IOVA reservation, fixing the IOVA leak for mixed ranges
(the earlier version only guarded the direction argument).
- add patch 3: publish dpagemap early to fix the device-mapping leak on
the get_pages() error path.
Honglei Huang (3):
drm/gpusvm: free the whole IOVA reservation on unmap
drm/gpusvm: do not route system pages to device_unmap() on IOVA unmap
drm/gpusvm: publish dpagemap early to avoid device mapping leak on
error
drivers/gpu/drm/drm_gpusvm.c | 53 +++++++++++++++++++++++++-----------
1 file changed, 37 insertions(+), 16 deletions(-)
--
2.34.1