Re: [PATCH 12/62] drm/gpusvm.c: Fix a locking bug in an error path
From: Matthew Brost
Date: Mon Feb 23 2026 - 17:22:05 EST
On Mon, Feb 23, 2026 at 02:00:12PM -0800, Bart Van Assche wrote:
> From: Bart Van Assche <bvanassche@xxxxxxx>
>
> Only call drm_gpusvm_notifier_unlock() if drm_gpusvm_notifier_lock() was
> called first. This has been detected by the Clang thread-safety
> analyzer. Compile-tested only.
>
> Cc: Thomas Hellström <thomas.hellstrom@xxxxxxxxxxxxxxx>
> Cc: Matthew Brost <matthew.brost@xxxxxxxxx>
> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@xxxxxxxxx>
> Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx>
> Fixes: f1d08a586482 ("drm/gpusvm: Introduce a function to scan the current migration state")
> Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
> ---
> drivers/gpu/drm/drm_gpusvm.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_gpusvm.c b/drivers/gpu/drm/drm_gpusvm.c
> index 24180bfdf5a2..e9b79ab2f83c 100644
> --- a/drivers/gpu/drm/drm_gpusvm.c
> +++ b/drivers/gpu/drm/drm_gpusvm.c
> @@ -819,7 +819,7 @@ enum drm_gpusvm_scan_result drm_gpusvm_scan_mm(struct drm_gpusvm_range *range,
>
> if (!(pfns[i] & HMM_PFN_VALID)) {
> state = DRM_GPUSVM_SCAN_UNPOPULATED;
> - goto err_free;
> + goto unlock;
Indeed a problem but we have this fixed in drm-tip.
git format-patch -1 d287dee565c3c
'drm/gpusvm: Fix unbalanced unlock in drm_gpusvm_scan_mm'
Not sure which tree you are in but this should propagate up to Linus
during the 7.0 cycle.
Matt
> }
>
> page = hmm_pfn_to_page(pfns[i]);
> @@ -856,9 +856,10 @@ enum drm_gpusvm_scan_result drm_gpusvm_scan_mm(struct drm_gpusvm_range *range,
> i += 1ul << drm_gpusvm_hmm_pfn_to_order(pfns[i], i, npages);
> }
>
> -err_free:
> +unlock:
> drm_gpusvm_notifier_unlock(range->gpusvm);
>
> +err_free:
> kvfree(pfns);
> return state;
> }