Commit 653cea75 authored May 23, 2024 by Philip Yang Committed by Wang Hai May 23, 2024

drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag

stable inclusion
from stable-v5.15.154
commit 5d5f1a7f3b1039925f79c7894f153c2a905201fb
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q94F
CVE: CVE-2024-35817

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5d5f1a7f3b1039925f79c7894f153c2a905201fb



--------------------------------

[ Upstream commit 6c6064cbe58b43533e3451ad6a8ba9736c109ac3 ]

Otherwise after the GTT bo is released, the GTT and gart space is freed
but amdgpu_ttm_backend_unbind will not clear the gart page table entry
and leave valid mapping entry pointing to the stale system page. Then
if GPU access the gart address mistakely, it will read undefined value
instead page fault, harder to debug and reproduce the real issue.

Cc: stable@vger.kernel.org
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

Conflicts:
	drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
[commit 942ab769 wasn't merged, which lead to context conflicts]
Signed-off-by: Wang Hai <wanghai38@huawei.com>

parent db8faa59

drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -1092,6 +1092,7 @@ static int amdgpu_ttm_gart_bind(struct amdgpu_device *adev,
		r = amdgpu_gart_bind(adev, gtt->offset, ttm->num_pages,
		ttm->pages, gtt->ttm.dma_address, flags);
		}
		gtt->bound = true;

		gart_bind_fail:
		if (r)