AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-21 15:48:56 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2759e39535
linux_dsm_epyc7002/drivers/gpu/drm/i915
History
Chris Wilson 2759e39535 drm/i915/gt: Check cacheline is valid before acquiring 
The hwsp_cacheline pointer from i915_request is very, very flimsy. The
i915_request.timeline (and the hwsp_cacheline) are lost upon retiring
(after an RCU grace). Therefore we need to confirm that once we have the
right pointer for the cacheline, it is not in the process of being
retired and disposed of before we attempt to acquire a reference to the
cacheline.

<3>[  547.208237] BUG: KASAN: use-after-free in active_debug_hint+0x6a/0x70 [i915]
<3>[  547.208366] Read of size 8 at addr ffff88822a0d2710 by task gem_exec_parall/2536

<4>[  547.208547] CPU: 3 PID: 2536 Comm: gem_exec_parall Tainted: G     U            5.7.0-rc2-ged7a286b5d02d-kasan_117+ #1
<4>[  547.208556] Hardware name: Dell Inc. XPS 13 9350/, BIOS 1.4.12 11/30/2016
<4>[  547.208564] Call Trace:
<4>[  547.208579]  dump_stack+0x96/0xdb
<4>[  547.208707]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208719]  print_address_description.constprop.6+0x16/0x310
<4>[  547.208841]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208963]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208975]  __kasan_report+0x137/0x190
<4>[  547.209106]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209127]  kasan_report+0x32/0x50
<4>[  547.209257]  ? i915_gemfs_fini+0x40/0x40 [i915]
<4>[  547.209376]  active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209389]  debug_print_object+0xa7/0x220
<4>[  547.209405]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.209426]  debug_object_assert_init+0x297/0x430
<4>[  547.209449]  ? debug_object_free+0x360/0x360
<4>[  547.209472]  ? lock_acquire+0x1ac/0x8a0
<4>[  547.209592]  ? intel_timeline_read_hwsp+0x4f/0x840 [i915]
<4>[  547.209737]  ? i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209861]  i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209990]  ? __live_alloc.isra.15+0xc0/0xc0 [i915]
<4>[  547.210005]  ? rcu_read_lock_sched_held+0xd0/0xd0
<4>[  547.210017]  ? print_usage_bug+0x580/0x580
<4>[  547.210153]  intel_timeline_read_hwsp+0xbc/0x840 [i915]
<4>[  547.210284]  __emit_semaphore_wait+0xd5/0x480 [i915]
<4>[  547.210415]  ? i915_fence_get_timeline_name+0x110/0x110 [i915]
<4>[  547.210428]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.210442]  ? _raw_spin_unlock_irq+0x2a/0x40
<4>[  547.210567]  ? __await_execution.constprop.51+0x2e0/0x570 [i915]
<4>[  547.210706]  i915_request_await_dma_fence+0x8f7/0xc70 [i915]

Fixes: 85bedbf191 ("drm/i915/gt: Eliminate the trylock for reading a timeline's hwsp")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: <stable@vger.kernel.org> # v5.6+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200427093038.29219-1-chris@chris-wilson.co.uk
2020-04-27 11:39:23 +01:00
..
display drm/i915: Split some long lines 2020-04-24 17:59:59 +03:00
gem drm/i915: Only close vma we open 2020-04-24 11:24:45 +01:00
gt drm/i915/gt: Check cacheline is valid before acquiring 2020-04-27 11:39:23 +01:00
gvt drm/i915: Only close vma we open 2020-04-24 11:24:45 +01:00
selftests drm/i915: Only close vma we open 2020-04-24 11:24:45 +01:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
i915_active_types.h
i915_active.c drm/i915: Allow asynchronous waits on the i915_active barriers 2020-04-06 19:48:06 +01:00
i915_active.h drm/i915: Allow asynchronous waits on the i915_active barriers 2020-04-06 19:48:06 +01:00
i915_buddy.c drm/i915/buddy: avoid double list_add 2020-03-06 14:33:08 +00:00
i915_buddy.h
i915_cmd_parser.c
i915_debugfs_params.c
i915_debugfs_params.h
i915_debugfs.c drm/i915/gt: Use the RPM config register to determine clk frequencies 2020-04-24 19:10:17 +01:00
i915_debugfs.h drm/i915: split out display debugfs to a separate file 2020-02-14 13:26:51 +02:00
i915_drv.c drm/i915: Refactor setting dma info to a common helper 2020-04-18 07:49:11 +01:00
i915_drv.h drm/i915: Update DRIVER_DATE to 20200417 2020-04-17 09:35:00 +03:00
i915_fixed.h
i915_gem_evict.c drm/i915/evict: watch out for unevictable nodes 2020-04-08 21:39:48 +01:00
i915_gem_gtt.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_gem_gtt.h
i915_gem.c drm/i915/gem: Drop cached obj->bind_count 2020-04-02 01:17:39 +01:00
i915_gem.h
i915_getparam.c
i915_globals.c
i915_globals.h
i915_gpu_error.c drm/i915: Drop rq->ring->vma peeking from error capture 2020-04-24 22:14:35 +01:00
i915_gpu_error.h drm/i915: Drop rq->ring->vma peeking from error capture 2020-04-24 22:14:35 +01:00
i915_ioc32.c drm/i915: add i915_ioc32.h for compat 2020-03-02 13:32:37 +02:00
i915_ioc32.h drm/i915: add i915_ioc32.h for compat 2020-03-02 13:32:37 +02:00
i915_irq.c Merge drm/drm-next into drm-intel-next-queued 2020-04-16 14:35:16 +03:00
i915_irq.h drm/i915: Convert to CRTC VBLANK callbacks 2020-02-13 13:08:13 +01:00
i915_memcpy.c drm/i915: remove always-defined CONFIG_AS_MOVNTDQA 2020-04-09 00:01:59 +09:00
i915_memcpy.h
i915_mm.c
i915_params.c
i915_params.h drm/i915: Mark i915.reset as unsigned 2020-02-05 18:51:52 +00:00
i915_pci.c drm/i915: Refactor setting dma info to a common helper 2020-04-18 07:49:11 +01:00
i915_perf_types.h drm/i915/perf: Schedule oa_config after modifying the contexts 2020-03-30 18:20:34 +01:00
i915_perf.c drm/i915: Make define for lrc state offset 2020-04-24 00:52:14 +01:00
i915_perf.h
i915_pmu.c drm/i915/pmu: prefer struct drm_device based logging 2020-04-08 13:49:35 +03:00
i915_pmu.h drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_priolist_types.h
i915_pvinfo.h
i915_query.c
i915_query.h
i915_reg.h drm/i915: Use indirect ctx bb to mend CMD_BUF_CCTL 2020-04-25 19:08:56 +01:00
i915_request.c drm/i915: Keep a per-engine request pool 2020-04-03 15:20:03 +01:00
i915_request.h drm/i915: Keep a per-engine request pool 2020-04-03 15:20:03 +01:00
i915_scatterlist.c
i915_scatterlist.h
i915_scheduler_types.h
i915_scheduler.c drm/i915/gt: Include a few tracek for timeslicing 2020-03-31 21:42:12 +01:00
i915_scheduler.h
i915_selftest.h
i915_suspend.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_suspend.h
i915_sw_fence_work.c drm/i915: Immediately execute the fenced work 2020-03-25 13:05:04 +00:00
i915_sw_fence_work.h drm/i915: Immediately execute the fenced work 2020-03-25 13:05:04 +00:00
i915_sw_fence.c drm/i915: Prefer '%ps' for printing function symbol names 2020-03-19 16:18:14 +00:00
i915_sw_fence.h drm/i915/gem: Don't leak non-persistent requests on changing engines 2020-02-11 21:58:39 +00:00
i915_switcheroo.c drm/i915/switcheroo: use struct drm_device based logging 2020-04-08 13:49:35 +03:00
i915_switcheroo.h
i915_syncmap.c
i915_syncmap.h
i915_sysfs.c drm/i915/gt: Expose engine properties via sysfs 2020-02-28 22:03:19 +00:00
i915_sysfs.h
i915_trace_points.c
i915_trace.h
i915_user_extensions.c
i915_user_extensions.h
i915_utils.c drm/i915: Avoid setting timer->expires to 0 2020-04-03 16:33:09 +01:00
i915_utils.h drm/i915: be more solid in checking the alignment 2020-03-11 23:12:39 +02:00
i915_vgpu.c drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
i915_vgpu.h drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
i915_vma_types.h drm/i915/gem: Extract transient execbuf flags from i915_vma 2020-03-03 21:52:51 +00:00
i915_vma.c drm/i915: Only close vma we open 2020-04-24 11:24:45 +01:00
i915_vma.h drm/i915/gt: Make fence revocation unequivocal 2020-04-01 23:34:17 +01:00
intel_device_info.c drm/i915: Refactor setting dma info to a common helper 2020-04-18 07:49:11 +01:00
intel_device_info.h drm/i915: Refactor setting dma info to a common helper 2020-04-18 07:49:11 +01:00
intel_dram.c drm/i915/dram: prefer struct drm_device based logging 2020-04-08 13:49:35 +03:00
intel_dram.h drm/i915: split out intel_dram.[ch] from i915_drv.c 2020-02-27 09:16:01 +02:00
intel_gvt.c drm/i915/gvt: make intel_gvt_active internal to intel_gvt 2020-03-03 17:47:03 +02:00
intel_gvt.h
intel_memory_region.c
intel_memory_region.h
intel_pch.c
intel_pch.h
intel_pm.c drm/i915: drop a bunch of superfluous inlines 2020-04-21 09:31:37 +03:00
intel_pm.h drm/i915: Add pre/post plane updates for SAGV 2020-04-17 20:41:00 +03:00
intel_region_lmem.c
intel_region_lmem.h
intel_runtime_pm.c
intel_runtime_pm.h
intel_sideband.c drm/i915: drop a bunch of superfluous inlines 2020-04-21 09:31:37 +03:00
intel_sideband.h
intel_uncore.c drm/i915/icl: Update forcewake firmware ranges 2020-04-17 19:35:43 +01:00
intel_uncore.h drm/i915/selftests: Measure the energy consumed while in RC6 2020-03-25 11:33:05 +00:00
intel_wakeref.c drm/i915: Extend intel_wakeref to support delayed puts 2020-03-23 12:51:05 +00:00
intel_wakeref.h drm/i915: Extend intel_wakeref to support delayed puts 2020-03-23 12:51:05 +00:00
intel_wopcm.c drm/i915: drop a bunch of superfluous inlines 2020-04-21 09:31:37 +03:00
intel_wopcm.h
Kconfig drm/i915: Update drm/i915 bug filing URL 2020-02-17 21:16:45 +02:00
Kconfig.debug
Kconfig.profile drm/i915/gen12: Disable preemption timeout 2020-03-12 13:46:01 +00:00
Kconfig.unstable
Makefile drm/i915: re-disable -Wframe-address 2020-04-27 09:58:27 +01:00
vlv_suspend.c drm/i915: switch vlv_suspend to use intel uncore register accessors 2020-02-17 11:29:51 +02:00
vlv_suspend.h drm/i915: split out vlv/chv specific suspend/resume code 2020-02-17 11:29:35 +02:00