From f20eba74a2591bd63bf4be252bb65143123d1ff4 Mon Sep 17 00:00:00 2001
From: jsg <jsg@openbsd.org>
Date: Thu, 30 Nov 2023 02:20:12 +0000
Subject: [PATCH] drm/amdkfd: Fix a race condition of vram buffer unref in svm
 code

From Xiaogang Chen
50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e in linux-6.1.y/6.1.64
709c348261618da7ed89d6c303e2ceb9e453ba74 in mainline linux
---
 sys/dev/pci/drm/amd/amdkfd/kfd_svm.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/sys/dev/pci/drm/amd/amdkfd/kfd_svm.c b/sys/dev/pci/drm/amd/amdkfd/kfd_svm.c
index d7e758c86a0..6281d370bb4 100644
--- a/sys/dev/pci/drm/amd/amdkfd/kfd_svm.c
+++ b/sys/dev/pci/drm/amd/amdkfd/kfd_svm.c
@@ -612,8 +612,15 @@ create_bo_failed:
 
 void svm_range_vram_node_free(struct svm_range *prange)
 {
-	svm_range_bo_unref(prange->svm_bo);
-	prange->ttm_res = NULL;
+	/* serialize prange->svm_bo unref */
+	mutex_lock(&prange->lock);
+	/* prange->svm_bo has not been unref */
+	if (prange->ttm_res) {
+		prange->ttm_res = NULL;
+		mutex_unlock(&prange->lock);
+		svm_range_bo_unref(prange->svm_bo);
+	} else
+		mutex_unlock(&prange->lock);
 }
 
 struct amdgpu_device *
-- 
2.20.1