lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <bfcf20f8-1390-4add-bf83-1d3087ac05c9@amd.com>
Date: Fri, 30 Jan 2026 13:39:45 -0600
From: Mario Limonciello <mario.limonciello@....com>
To: Lizhi Hou <lizhi.hou@....com>, ogabbay@...nel.org,
 quic_jhugo@...cinc.com, dri-devel@...ts.freedesktop.org,
 maciej.falkowski@...ux.intel.com
Cc: linux-kernel@...r.kernel.org, max.zhen@....com, sonal.santan@....com
Subject: Re: [PATCH V1] accel/amdxdna: Hold mm structure across
 iommu_sva_unbind_device()

On 1/27/26 6:23 PM, Lizhi Hou wrote:
> Some tests trigger a crash in iommu_sva_unbind_device() due to
> accessing iommu_mm after the associated mm structure has been
> freed.
> 
> Fix this by taking an explicit reference to the mm structure
> after successfully binding the device, and releasing it only
> after the device is unbound. This ensures the mm remains valid
> for the entire SVA bind/unbind lifetime.
> 
> Fixes: be462c97b7df ("accel/amdxdna: Add hardware context")
> Signed-off-by: Lizhi Hou <lizhi.hou@....com>
Reviewed-by: Mario Limonciello (AMD) <superm1@...nel.org>
> ---
>   drivers/accel/amdxdna/amdxdna_pci_drv.c | 3 +++
>   drivers/accel/amdxdna/amdxdna_pci_drv.h | 1 +
>   2 files changed, 4 insertions(+)
> 
> diff --git a/drivers/accel/amdxdna/amdxdna_pci_drv.c b/drivers/accel/amdxdna/amdxdna_pci_drv.c
> index 45f5c12fc67f..fdefd9ec2066 100644
> --- a/drivers/accel/amdxdna/amdxdna_pci_drv.c
> +++ b/drivers/accel/amdxdna/amdxdna_pci_drv.c
> @@ -82,6 +82,8 @@ static int amdxdna_drm_open(struct drm_device *ddev, struct drm_file *filp)
>   		ret = -ENODEV;
>   		goto unbind_sva;
>   	}
> +	client->mm = current->mm;
> +	mmgrab(client->mm);
>   	init_srcu_struct(&client->hwctx_srcu);
>   	xa_init_flags(&client->hwctx_xa, XA_FLAGS_ALLOC);
>   	mutex_init(&client->mm_lock);
> @@ -116,6 +118,7 @@ static void amdxdna_client_cleanup(struct amdxdna_client *client)
>   		drm_gem_object_put(to_gobj(client->dev_heap));
>   
>   	iommu_sva_unbind_device(client->sva);
> +	mmdrop(client->mm);
>   
>   	kfree(client);
>   }
> diff --git a/drivers/accel/amdxdna/amdxdna_pci_drv.h b/drivers/accel/amdxdna/amdxdna_pci_drv.h
> index 6580cb5ec7e2..f08406b8fdf9 100644
> --- a/drivers/accel/amdxdna/amdxdna_pci_drv.h
> +++ b/drivers/accel/amdxdna/amdxdna_pci_drv.h
> @@ -130,6 +130,7 @@ struct amdxdna_client {
>   
>   	struct iommu_sva		*sva;
>   	int				pasid;
> +	struct mm_struct		*mm;
>   };
>   
>   #define amdxdna_for_each_hwctx(client, hwctx_id, entry)		\

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ