mirror of
git://nv-tegra.nvidia.com/linux-nvgpu.git
synced 2025-12-22 17:36:20 +03:00
5fd301c61b
CTS test dEQP-VK.api.object_management.max_concurrent.device_group crashes with invalid userspace memory access. Currently, nvgpu_submit_prepare_syncs() races with nvgpu_channel_clean_up_jobs() and this race condition is exposed when aggressive_sync_destroy_thresh is set to non-zero value. nvgpu_submit_prepare_syncs() gets ref for c->sync to submit job and releases channel sync_lock immediately. Meanwhile, nvgpu_worker_poll_work() triggers nvgpu_channel_clean_up_jobs(), which destroys ref'd c->sync pointer. Channel sync is deleted by nvgpu_channel_clean_up_jobs() only if aggressive_sync_destroy_thresh is non-zero. So, nvgpu_channel_clean_up_jobs() and nvgpu_submit_prepare_syncs() will race only in this scenario. Hence, if aggressive_sync_destroy_thresh value is non-zero, this patch protects channel's sync pointer by holding channel sync_lock during complete execution of nvgpu_submit_prepare_syncs(). Bug 2613870 Change-Id: I030d8df7af10d4ed86f921b5cf60de2b1d60e5d3 Signed-off-by: Vedashree Vidwans <vvidwans@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/2181360 Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com> Tested-by: mobile promotions <svcmobile_promotions@nvidia.com>
18 KiB
18 KiB