Fix use-after-free in get_xpu_view_from_cpu_tensor

[chaojun-zhang]

Essential Elements of an Effective PR Description Checklist

• The purpose of the PR, such as "Fix some issue (link existing issues this PR will resolve)".
• The test plan, such as providing test command.
• The test results, such as pasting the results comparison before and after, or e2e results
• (Optional) The necessary documentation update, such as updating supported_models.md and examples for a new model.

PLEASE FILL IN THE PR DESCRIPTION HERE ENSURING ALL CHECKLIST ITEMS ABOVE HAVE BEEN CONSIDERED.

Purpose

Problem
get_xpu_view_from_cpu_tensor creates a zero-copy XPU view over a CPU pinned-memory tensor by storing the raw host_ptr inside XPUHostViewAllocator. However, it held no reference
to the original cpu_tensor, so its reference count could drop to zero and its pinned memory could be freed while the XPU view was still alive — a classic use-after-free.

This is not a theoretical concern. In two real call sites inside vLLM:

• vllm/model_executor/offloader/uva.py — cpu_data is a local variable created via .pin_memory(); after the enclosing function returns, Python GC frees it while p.data (the XPU
  view) still points to its memory.
• vllm/model_executor/model_loader/utils.py — same pattern; cpu_data is a local variable with no other owners.

Fix

XPUHostViewAllocator now holds a torch::Tensor owner_ member that keeps the source tensor's reference count elevated. The owner is stored as an OwnerContext in the DataPtr, so
it lives exactly as long as the XPU view tensor does and is released when the view is destroyed.

Test Plan

pytest -s -v tests/test_uva.py::test_view_lifetime_after_owner_drop

Test Result

(Optional) Documentation Update

BEFORE SUBMITTING, PLEASE READ https://docs.vllm.ai/en/latest/contributing (anything written below this line will be removed by GitHub Actions)

[Copilot]

Pull request overview

Fixes a use-after-free risk where an XPU zero-copy view over a pinned CPU tensor could outlive the CPU tensor that owns the underlying host memory.

Changes:

• Extend XPUHostViewAllocator to retain ownership of the source CPU tensor for the lifetime of the XPU view.
• Store the owner tensor in the c10::DataPtr context so it is released when the view tensor is destroyed.
• Add a regression test that drops the Python reference to the CPU tensor and validates the XPU view remains usable.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File	Description
csrc/xpu_view.cpp	Keeps the source CPU tensor alive by attaching it to the DataPtr context used by the XPU view.
tests/test_uva.py	Adds a regression test for XPU view lifetime after the original CPU tensor reference is dropped.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.