Commit 975bc3ea authored by Arvind Yadav's avatar Arvind Yadav Committed by Matthew Brost
Browse files

drm/xe/bo: Block mmap of DONTNEED/purged BOs 



Don't allow new CPU mmaps to BOs marked DONTNEED or PURGED.
DONTNEED BOs can have their contents discarded at any time, making
CPU access undefined behavior. PURGED BOs have no backing store and
are permanently invalid.

Return -EBUSY for DONTNEED BOs (temporary purgeable state) and
-EINVAL for purged BOs (permanent, no backing store).

The mmap offset ioctl now checks the BO's purgeable state before
allowing userspace to establish a new CPU mapping. This prevents
the race where userspace gets a valid offset but the BO is purged
before actual faulting begins.

Existing mmaps (established before DONTNEED) may still work until
pages are purged, at which point CPU faults fail with SIGBUS.

Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
Reviewed-by: default avatarMatthew Brost <matthew.brost@intel.com>
Signed-off-by: default avatarArvind Yadav <arvind.yadav@intel.com>
Signed-off-by: default avatarMatthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20260326130843.3545241-9-arvind.yadav@intel.com
parent 63cf199c

drivers/gpu/drm/xe/xe_bo.c

+26 −1
Original line number Diff line number Diff line
@@ -2168,10 +2168,35 @@ static const struct vm_operations_struct xe_gem_vm_ops = { 
	.access = xe_bo_vm_access,

};



static int xe_gem_object_mmap(struct drm_gem_object *obj, struct vm_area_struct *vma)

{

	struct xe_bo *bo = gem_to_xe_bo(obj);

	int err = 0;



	/*

	 * Reject mmap of purgeable BOs. DONTNEED BOs can be purged

	 * at any time, making CPU access undefined behavior. Purged BOs have

	 * no backing store and are permanently invalid.

	 */

	err = xe_bo_lock(bo, true);

	if (err)

		return err;



	if (xe_bo_madv_is_dontneed(bo))

		err = -EBUSY;

	else if (xe_bo_is_purged(bo))

		err = -EINVAL;

	xe_bo_unlock(bo);

	if (err)

		return err;



	return drm_gem_ttm_mmap(obj, vma);

}



static const struct drm_gem_object_funcs xe_gem_object_funcs = {

	.free = xe_gem_object_free,

	.close = xe_gem_object_close,

	.mmap = drm_gem_ttm_mmap,

	.mmap = xe_gem_object_mmap,

	.export = xe_gem_prime_export,

	.vm_ops = &xe_gem_vm_ops,

};