!9744 Fix CVE-2024-36949 (eed40258) · Commits · EulixOS / Software / Kernel

drivers/gpu/drm/amd/amdkfd/kfd_chardev.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -122,9 +122,6 @@ static int kfd_open(struct inode inode, struct file filep)
		if (IS_ERR(process))
		return PTR_ERR(process);

		if (kfd_is_locked())
		return -EAGAIN;

		dev_dbg(kfd_device, "process %d opened, compat mode (32 bit) - %d\n",
		process->pasid, process->is_32bit_user_mode);

drivers/gpu/drm/amd/amdkfd/kfd_device.c

+17 −10

Original line number	Diff line number	Diff line
		@@ -36,7 +36,7 @@
		* once locked, kfd driver will stop any further GPU execution.
		* create process (open) will return -EAGAIN.
		*/
		static atomic_t kfd_locked = ATOMIC_INIT(0);
		static int kfd_locked;

		#ifdef KFD_SUPPORT_IOMMU_V2
		static const struct kfd_device_info kaveri_device_info = {
		@@ -577,7 +577,7 @@ int kgd2kfd_pre_reset(struct kfd_dev *kfd)

		int kgd2kfd_post_reset(struct kfd_dev *kfd)
		{
		int ret, count;
		int ret;

		if (!kfd->init_complete)
		return 0;
		@@ -587,14 +587,18 @@ int kgd2kfd_post_reset(struct kfd_dev *kfd)
		ret = kfd_resume(kfd);
		if (ret)
		return ret;
		count = atomic_dec_return(&kfd_locked);
		WARN_ONCE(count != 0, "KFD reset ref. error");

		mutex_lock(&kfd_processes_mutex);
		--kfd_locked;
		mutex_unlock(&kfd_processes_mutex);
		return 0;
		}

		bool kfd_is_locked(void)
		{
		return (atomic_read(&kfd_locked) > 0);
		lockdep_assert_held(&kfd_processes_mutex);
		return (kfd_locked > 0);

		}

		void kgd2kfd_suspend(struct kfd_dev *kfd)
		@@ -602,9 +606,11 @@ void kgd2kfd_suspend(struct kfd_dev *kfd)
		if (!kfd->init_complete)
		return;

		mutex_lock(&kfd_processes_mutex);
		/* For first KFD device suspend all the KFD processes */
		if (atomic_inc_return(&kfd_locked) == 1)
		if (++kfd_locked == 1)
		kfd_suspend_all_processes();
		mutex_unlock(&kfd_processes_mutex);

		kfd->dqm->ops.stop(kfd->dqm);

		@@ -613,7 +619,7 @@ void kgd2kfd_suspend(struct kfd_dev *kfd)

		int kgd2kfd_resume(struct kfd_dev *kfd)
		{
		int ret, count;
		int ret;

		if (!kfd->init_complete)
		return 0;
		@@ -622,10 +628,11 @@ int kgd2kfd_resume(struct kfd_dev *kfd)
		if (ret)
		return ret;

		count = atomic_dec_return(&kfd_locked);
		WARN_ONCE(count < 0, "KFD suspend / resume ref. error");
		if (count == 0)
		mutex_lock(&kfd_processes_mutex);
		if (--kfd_locked == 0)
		ret = kfd_resume_all_processes();
		WARN_ONCE(kfd_locked < 0, "KFD suspend / resume ref. error");
		mutex_unlock(&kfd_processes_mutex);

		return ret;
		}

drivers/gpu/drm/amd/amdkfd/kfd_priv.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -148,6 +148,7 @@ extern int noretry;
		* Halt if HWS hang is detected
		*/
		extern int halt_if_hws_hang;
		extern struct mutex kfd_processes_mutex;

		/**
		* enum kfd_sched_policy

drivers/gpu/drm/amd/amdkfd/kfd_process.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -44,7 +44,7 @@ struct mm_struct;
		* Unique/indexed by mm_struct*
		*/
		DEFINE_HASHTABLE(kfd_processes_table, KFD_PROCESS_TABLE_SIZE);
		static DEFINE_MUTEX(kfd_processes_mutex);
		DEFINE_MUTEX(kfd_processes_mutex);

		DEFINE_SRCU(kfd_processes_srcu);

		@@ -220,6 +220,12 @@ struct kfd_process kfd_create_process(struct file filep)
		*/
		mutex_lock(&kfd_processes_mutex);

		if (kfd_is_locked()) {
		mutex_unlock(&kfd_processes_mutex);
		pr_debug("KFD is locked! Cannot create process");
		return ERR_PTR(-EINVAL);
		}

		/* A prior open of /dev/kfd could have already created the process. */
		process = find_process(thread);
		if (process)