]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 77ff27f)
drm/xe/xe_sync: avoid race during ufence signaling
authorZbigniew Kempczyński <zbigniew.kempczynski@intel.com>
Wed, 20 Aug 2025 08:39:04 +0000 (10:39 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 4 Sep 2025 13:31:48 +0000 (15:31 +0200)
[ Upstream commit 04e1f683cd28dc9407b238543871a6e09a570dc0 ]

Marking ufence as signalled after copy_to_user() is too late.
Worker thread which signals ufence by memory write might be raced
with another userspace vm-bind call. In map/unmap scenario unmap
may still see ufence is not signalled causing -EBUSY. Change the
order of marking / write to user-fence fixes this issue.

Fixes: 977e5b82e090 ("drm/xe: Expose user fence from xe_sync_entry")
Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5536
Signed-off-by: Zbigniew Kempczyński <zbigniew.kempczynski@intel.com>
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Link: https://lore.kernel.org/r/20250820083903.2109891-2-zbigniew.kempczynski@intel.com
(cherry picked from commit 8ae04fe9ffc93d6bc3bc63ac08375427d69cee06)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/gpu/drm/xe/xe_sync.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/xe/xe_sync.c b/drivers/gpu/drm/xe/xe_sync.c
index b0684e6d2047b1f7348580a3073b87b5d82ba33c..dd7bd766ae18454b1bbbcd0400f8afd8ee41c75c 100644 (file)
--- a/drivers/gpu/drm/xe/xe_sync.c
+++ b/drivers/gpu/drm/xe/xe_sync.c
@@ -77,6 +77,7 @@ static void user_fence_worker(struct work_struct *w)
 {
        struct xe_user_fence *ufence = container_of(w, struct xe_user_fence, worker);
 
+       WRITE_ONCE(ufence->signalled, 1);
        if (mmget_not_zero(ufence->mm)) {
                kthread_use_mm(ufence->mm);
                if (copy_to_user(ufence->addr, &ufence->value, sizeof(ufence->value)))
@@ -89,7 +90,6 @@ static void user_fence_worker(struct work_struct *w)
         * Wake up waiters only after updating the ufence state, allowing the UMD
         * to safely reuse the same ufence without encountering -EBUSY errors.
         */
-       WRITE_ONCE(ufence->signalled, 1);
        wake_up_all(&ufence->xe->ufence_wq);
        user_fence_put(ufence);
 }
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git