[PATCH] drm/radeon: fix potential racing issue due to mmap_lock
From: Dawei Li
Date: Sun Nov 13 2022 - 07:42:37 EST
Both find_vma() and get_user_pages() need explicit protection of
mmap lock, fix them by mmap_lock and get_user_pages_fast().
Fixes: ddd00e33e17a ("drm/radeon: add userptr flag to limit it to anonymous memory v2")
Fixes: f72a113a71ab ("drm/radeon: add userptr support v8")
Signed-off-by: Dawei Li <set_pte_at@xxxxxxxxxxx>
---
drivers/gpu/drm/radeon/radeon_ttm.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
index d33fec488713..741ea64b9402 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
@@ -351,7 +351,10 @@ static int radeon_ttm_tt_pin_userptr(struct ttm_device *bdev, struct ttm_tt *ttm
to prevent problems with writeback */
unsigned long end = gtt->userptr + (u64)ttm->num_pages * PAGE_SIZE;
struct vm_area_struct *vma;
+
+ mmap_read_lock(gtt->usermm);
vma = find_vma(gtt->usermm, gtt->userptr);
+ mmap_read_unlock(gtt->usermm);
if (!vma || vma->vm_file || vma->vm_end < end)
return -EPERM;
}
@@ -361,8 +364,7 @@ static int radeon_ttm_tt_pin_userptr(struct ttm_device *bdev, struct ttm_tt *ttm
uint64_t userptr = gtt->userptr + pinned * PAGE_SIZE;
struct page **pages = ttm->pages + pinned;
- r = get_user_pages(userptr, num_pages, write ? FOLL_WRITE : 0,
- pages, NULL);
+ r = get_user_pages_fast(userptr, num_pages, write ? FOLL_WRITE : 0, pages);
if (r < 0)
goto release_pages;
--
2.25.1