On Fri, Nov 28, 2025 at 03:24:03PM +0100, Boris Brezillon wrote:
On Fri, 28 Nov 2025 14:14:15 +0000 Alice Ryhl aliceryhl@google.com wrote:
When calling drm_gpuvm_bo_obtain_prealloc() and using immediate mode, this may result in a call to ops->vm_bo_free(vm_bo) while holding the GEMs gpuva mutex. This is a problem if ops->vm_bo_free(vm_bo) performs any operations that are not safe in the fence signalling critical path, and it turns out that Panthor (the only current user of the method) calls drm_gem_shmem_unpin() which takes a resv lock internally.
This constitutes both a violation of signalling safety and lock inversion. To fix this, we modify the method to internally take the GEMs gpuva mutex so that the mutex can be unlocked before freeing the preallocated vm_bo.
Note that this modification introduces a requirement that the driver uses immediate mode to call drm_gpuvm_bo_obtain_prealloc() as it would otherwise take the wrong lock.
Signed-off-by: Alice Ryhl aliceryhl@google.com
Reviewed-by: Boris Brezillon boris.brezillon@collabora.com
Should we add a Fixes tag?
Yeah, let's add:
Fixes: 63e919a31625 ("panthor: use drm_gpuva_unlink_defer()")
Alice