AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
177d381963
linux_dsm_epyc7002/drivers/gpu/drm/i915/gt
History
Chris Wilson 2abaad4eb5 drm/i915/gt: Check cacheline is valid before acquiring 
The hwsp_cacheline pointer from i915_request is very, very flimsy. The
i915_request.timeline (and the hwsp_cacheline) are lost upon retiring
(after an RCU grace). Therefore we need to confirm that once we have the
right pointer for the cacheline, it is not in the process of being
retired and disposed of before we attempt to acquire a reference to the
cacheline.

<3>[  547.208237] BUG: KASAN: use-after-free in active_debug_hint+0x6a/0x70 [i915]
<3>[  547.208366] Read of size 8 at addr ffff88822a0d2710 by task gem_exec_parall/2536

<4>[  547.208547] CPU: 3 PID: 2536 Comm: gem_exec_parall Tainted: G     U            5.7.0-rc2-ged7a286b5d02d-kasan_117+ #1
<4>[  547.208556] Hardware name: Dell Inc. XPS 13 9350/, BIOS 1.4.12 11/30/2016
<4>[  547.208564] Call Trace:
<4>[  547.208579]  dump_stack+0x96/0xdb
<4>[  547.208707]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208719]  print_address_description.constprop.6+0x16/0x310
<4>[  547.208841]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208963]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208975]  __kasan_report+0x137/0x190
<4>[  547.209106]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209127]  kasan_report+0x32/0x50
<4>[  547.209257]  ? i915_gemfs_fini+0x40/0x40 [i915]
<4>[  547.209376]  active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209389]  debug_print_object+0xa7/0x220
<4>[  547.209405]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.209426]  debug_object_assert_init+0x297/0x430
<4>[  547.209449]  ? debug_object_free+0x360/0x360
<4>[  547.209472]  ? lock_acquire+0x1ac/0x8a0
<4>[  547.209592]  ? intel_timeline_read_hwsp+0x4f/0x840 [i915]
<4>[  547.209737]  ? i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209861]  i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209990]  ? __live_alloc.isra.15+0xc0/0xc0 [i915]
<4>[  547.210005]  ? rcu_read_lock_sched_held+0xd0/0xd0
<4>[  547.210017]  ? print_usage_bug+0x580/0x580
<4>[  547.210153]  intel_timeline_read_hwsp+0xbc/0x840 [i915]
<4>[  547.210284]  __emit_semaphore_wait+0xd5/0x480 [i915]
<4>[  547.210415]  ? i915_fence_get_timeline_name+0x110/0x110 [i915]
<4>[  547.210428]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.210442]  ? _raw_spin_unlock_irq+0x2a/0x40
<4>[  547.210567]  ? __await_execution.constprop.51+0x2e0/0x570 [i915]
<4>[  547.210706]  i915_request_await_dma_fence+0x8f7/0xc70 [i915]

Fixes: 85bedbf191 ("drm/i915/gt: Eliminate the trylock for reading a timeline's hwsp")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: <stable@vger.kernel.org> # v5.6+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200427093038.29219-1-chris@chris-wilson.co.uk
(cherry picked from commit 2759e39535)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2020-04-27 09:47:40 -07:00
..
selftests
uc drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
debugfs_engines.c
debugfs_engines.h
debugfs_gt_pm.c
debugfs_gt_pm.h
debugfs_gt.c
debugfs_gt.h
gen6_ppgtt.c drm pull for 5.6-rc1 2020-01-30 08:04:01 -08:00
gen6_ppgtt.h
gen6_renderstate.c
gen7_renderclear.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
gen7_renderclear.h drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
gen7_renderstate.c
gen8_ppgtt.c drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
gen8_ppgtt.h
gen8_renderstate.c
gen9_renderstate.c
hsw_clear_kernel.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
intel_breadcrumbs.c drm/i915/gt: Prevent queuing retire workers on the virtual engine 2020-02-07 10:54:49 +00:00
intel_context_param.c drm/i915: Allow userspace to specify ringsize on construction 2020-02-25 19:23:19 +00:00
intel_context_param.h drm/i915: Allow userspace to specify ringsize on construction 2020-02-25 19:23:19 +00:00
intel_context_sseu.c drm/i915/gt: Pull sseu context updates under gt 2020-02-04 10:14:03 +00:00
intel_context_types.h drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_context.c drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_context.h drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_engine_cs.c drm/i915/gen12: Disable preemption timeout 2020-03-12 13:46:01 +00:00
intel_engine_heartbeat.c drm/i915/gt: Fix up missing error propagation for heartbeat pulses 2020-02-18 20:32:21 +00:00
intel_engine_heartbeat.h
intel_engine_pm.c drm/i915/gt: Include a tell-tale for engine parking 2020-01-22 17:10:15 +00:00
intel_engine_pm.h
intel_engine_pool_types.h
intel_engine_pool.c
intel_engine_pool.h
intel_engine_types.h drm/i915/gt: Expose busywait duration to sysfs 2020-02-28 22:03:41 +00:00
intel_engine_user.c drm/i915/gt: Make WARN* drm specific where drm_priv ptr is available 2020-01-22 17:53:37 +02:00
intel_engine_user.h
intel_engine.h drm/i915/gt: Defend against concurrent updates to execlists->active 2020-03-09 20:38:57 +00:00
intel_ggtt.c drm/i915/gt: Fill all the unused space in the GGTT 2020-04-06 10:31:19 -07:00
intel_gpu_commands.h drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
intel_gt_irq.c drm/i915/gt: Hook up CS_MASTER_ERROR_INTERRUPT 2020-01-29 15:16:52 +00:00
intel_gt_irq.h drm/i915/gt: Reorganise gen8+ interrupt handler 2020-01-28 12:30:00 +00:00
intel_gt_pm_irq.c
intel_gt_pm_irq.h
intel_gt_pm.c drm/i915: extract engine WA programming to common resume function 2020-01-31 23:54:12 +00:00
intel_gt_pm.h
intel_gt_requests.c drm/i915/gt: Drop the timeline->mutex as we wait for retirement 2020-03-03 17:30:20 +00:00
intel_gt_requests.h
intel_gt_types.h
intel_gt.c drm/i915/gt: Wait for RCUs frees before asserting idle on unload 2020-03-12 20:47:24 +00:00
intel_gt.h drm/i915/gt: Drop rogue space in the middle of GT_TRACE 2020-01-16 15:41:34 +00:00
intel_gtt.c drm/i915/gt: Pull marking vm as closed underneath the vm->mutex 2020-02-28 12:33:07 +00:00
intel_gtt.h drm/i915/gt: Pull marking vm as closed underneath the vm->mutex 2020-02-28 12:33:07 +00:00
intel_llc_types.h
intel_llc.c drm/i915/gt: Do not attempt to reprogram IA/ring frequencies for dgfx 2020-02-19 22:27:10 +00:00
intel_llc.h
intel_lrc_reg.h drm/i915: Track hw reported context runtime 2020-02-16 15:16:22 +00:00
intel_lrc.c drm/i915/gt: Stage the transfer of the virtual breadcrumb 2020-03-26 10:21:30 -07:00
intel_lrc.h
intel_mocs.c drm/i915/gt: Refactor l3cc/mocs availability 2020-02-19 14:09:18 +00:00
intel_mocs.h
intel_ppgtt.c
intel_rc6_types.h
intel_rc6.c drm/i915/gt: Select the deepest available parking mode for rc6 2020-03-26 10:21:30 -07:00
intel_rc6.h
intel_renderstate.c
intel_renderstate.h
intel_reset_types.h
intel_reset.c drm/i915/gt: Cancel a hung context if already closed 2020-03-26 10:21:30 -07:00
intel_reset.h
intel_ring_submission.c drm/i915/gt: Restrict gen7 w/a batch to Haswell 2020-03-20 07:04:38 -07:00
intel_ring_types.h drm/i915/gt: Avoid resetting ring->head outside of its timeline mutex 2020-02-11 12:03:22 +00:00
intel_ring.c drm/i915/execlists: Always force a context reload when rewinding RING_TAIL 2020-02-07 21:41:46 +00:00
intel_ring.h drm/i915/execlists: Always force a context reload when rewinding RING_TAIL 2020-02-07 21:41:46 +00:00
intel_rps_types.h
intel_rps.c drm/i915/gt: Update PMINTRMSK holding fw 2020-04-20 10:12:36 -07:00
intel_rps.h
intel_sseu.c
intel_sseu.h
intel_timeline_types.h
intel_timeline.c drm/i915/gt: Check cacheline is valid before acquiring 2020-04-27 09:47:40 -07:00
intel_timeline.h
intel_workarounds_types.h drm/i915/gt: Skip rmw for masked registers 2020-02-01 09:21:57 +00:00
intel_workarounds.c drm/i915: Add Wa_1605460711 / Wa_1408767742 to ICL and EHL 2020-03-13 09:03:17 -07:00
intel_workarounds.h
ivb_clear_kernel.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
mock_engine.c drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
mock_engine.h
selftest_context.c
selftest_engine_cs.c
selftest_engine_heartbeat.c drm/i915/selftests: Disable heartbeat around manual pulse tests 2020-02-28 09:25:41 +00:00
selftest_engine_pm.c
selftest_engine.c
selftest_engine.h
selftest_gt_pm.c
selftest_hangcheck.c drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
selftest_llc.c drm/i915/gt: Do not attempt to reprogram IA/ring frequencies for dgfx 2020-02-19 22:27:10 +00:00
selftest_llc.h
selftest_lrc.c drm/i915/selftest: Add more poison patterns 2020-03-13 11:36:34 +00:00
selftest_mocs.c drm/i915/gt: Refactor l3cc/mocs availability 2020-02-19 14:09:18 +00:00
selftest_rc6.c drm/i915/gt: Select the deepest available parking mode for rc6 2020-03-26 10:21:30 -07:00
selftest_rc6.h
selftest_reset.c drm/i915/guc: Kill USES_GUC_SUBMISSION macro 2020-02-20 17:48:03 +00:00
selftest_ring_submission.c drm/i915/gt: Wait for the wa batch to be pinned 2020-03-07 17:10:35 +00:00
selftest_timeline.c drm/i915/selftests: Remove erroneous intel_engine_pm_put 2020-02-09 13:47:26 +00:00
selftest_workarounds.c drm/i915/selftests: Also wait for the scratch buffer to be bound 2020-01-31 15:10:02 +00:00
sysfs_engines.c drm/i915/gt: Expose heartbeat interval via sysfs 2020-02-28 22:03:49 +00:00
sysfs_engines.h drm/i915/gt: Expose engine properties via sysfs 2020-02-28 22:03:19 +00:00