Commit 9a16fdf5 authored Mar 26, 2026 by Arvind Yadav Committed by Matthew Brost Mar 26, 2026

drm/xe/bo: Block CPU faults to purgeable buffer objects



Block CPU page faults to buffer objects marked as purgeable (DONTNEED)
or already purged. Once a BO is marked DONTNEED, its contents can be
discarded by the kernel at any time, making access undefined behavior.
Return VM_FAULT_SIGBUS immediately to fail consistently instead of
allowing erratic behavior where access sometimes works (if not yet
purged) and sometimes fails (if purged).

For DONTNEED BOs:
- Block new CPU faults with SIGBUS to prevent undefined behavior.
- Existing CPU PTEs may still work until TLB flush, but new faults
  fail immediately.

For PURGED BOs:
- Backing store has been reclaimed, making CPU access invalid.
- Without this check, accessing existing mmap mappings would trigger
  xe_bo_fault_migrate() on freed backing store, causing kernel hangs
  or crashes.

The purgeable check is added to both CPU fault paths:
- Fastpath (xe_bo_cpu_fault_fastpath): Returns VM_FAULT_SIGBUS
  immediately under dma-resv lock, preventing attempts to
  migrate/validate DONTNEED/purged pages.
- Slowpath (xe_bo_cpu_fault): Returns -EFAULT under drm_exec lock,
  converted to VM_FAULT_SIGBUS.

Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Signed-off-by: Arvind Yadav <arvind.yadav@intel.com>
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20260326130843.3545241-5-arvind.yadav@intel.com

parent ad9843aa

drivers/gpu/drm/xe/xe_bo.c

+19 −0

Original line number	Diff line number	Diff line
		@@ -1982,6 +1982,16 @@ static vm_fault_t xe_bo_cpu_fault_fastpath(struct vm_fault *vmf, struct xe_devic
		if (!dma_resv_trylock(tbo->base.resv))
		goto out_validation;

		/*
		* Reject CPU faults to purgeable BOs. DONTNEED BOs can be purged
		* at any time, and purged BOs have no backing store. Either case
		* is undefined behavior for CPU access.
		*/
		if (xe_bo_madv_is_dontneed(bo) \|\| xe_bo_is_purged(bo)) {
		ret = VM_FAULT_SIGBUS;
		goto out_unlock;
		}

		if (xe_ttm_bo_is_imported(tbo)) {
		ret = VM_FAULT_SIGBUS;
		drm_dbg(&xe->drm, "CPU trying to access an imported buffer object.\n");
		@@ -2072,6 +2082,15 @@ static vm_fault_t xe_bo_cpu_fault(struct vm_fault *vmf)
		if (err)
		break;

		/*
		* Reject CPU faults to purgeable BOs. DONTNEED BOs can be
		* purged at any time, and purged BOs have no backing store.
		*/
		if (xe_bo_madv_is_dontneed(bo) \|\| xe_bo_is_purged(bo)) {
		err = -EFAULT;
		break;
		}

		if (xe_ttm_bo_is_imported(tbo)) {
		err = -EFAULT;
		drm_dbg(&xe->drm, "CPU trying to access an imported buffer object.\n");