Re: [PATCH v4] drm/i915/gem: Fix relocation race and simplify VMA lookup

Next message: Marco Pagani: "Re: [PATCH v2] drm/sched: Add test suite for concurrent job submissions"
Previous message: Arseniy Krasnov: "Re: erofs pointer corruption and kernel crash"
In reply to: Yassine Mounir: "[PATCH v4] drm/i915/gem: Fix relocation race and simplify VMA lookup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joonas Lahtinen

Date: Fri Apr 10 2026 - 06:32:19 EST

Quoting Yassine Mounir (2026-04-09 01:49:05)
> Pin the object lifetime in eb_relocate_vma() using i915_gem_object_get()
> and i915_gem_object_put() to prevent a Use-After-Free (UAF) if the
> handle is closed concurrently during relocation.

This has simply not been a bug that could have happened since drm-tip
2021. The vma refcount is taken in the eb_lookup_vma and it is very
thoroughly explained in [1] when the refcount could be missed
historically.

Either this is a pure AI hallucination or you've been running
some older downstream kernel with drm from 2020-2021 without the
proto-ctx changes.

Assessing that is impossible for now as you failed to supply any
relevant dmesg against drm-tip on real hardware or any other proof
about a claimed crash. Log of serial QEMU session where the relevant
driver is not even loaded is not helping.

If you want to continue the discussion here, provide a non AI
generated KASAN splat against drm-tip kernel which you promised multiple
messages ago.

To address a bug in downstream kernel, you should either update your
distro and/or ask the downstream kernel provider to supply a more
up-to-date kernel.

Regards, Joonas

[1] https://lore.kernel.org/intel-gfx/20260409053111.8914-1-joonas.lahtinen@xxxxxxxxxxxxxxx/