AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-21 15:59:33 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2abaad4eb5
linux_dsm_epyc7002/drivers/gpu/drm/i915
History
Chris Wilson 2abaad4eb5 drm/i915/gt: Check cacheline is valid before acquiring 
The hwsp_cacheline pointer from i915_request is very, very flimsy. The
i915_request.timeline (and the hwsp_cacheline) are lost upon retiring
(after an RCU grace). Therefore we need to confirm that once we have the
right pointer for the cacheline, it is not in the process of being
retired and disposed of before we attempt to acquire a reference to the
cacheline.

<3>[  547.208237] BUG: KASAN: use-after-free in active_debug_hint+0x6a/0x70 [i915]
<3>[  547.208366] Read of size 8 at addr ffff88822a0d2710 by task gem_exec_parall/2536

<4>[  547.208547] CPU: 3 PID: 2536 Comm: gem_exec_parall Tainted: G     U            5.7.0-rc2-ged7a286b5d02d-kasan_117+ #1
<4>[  547.208556] Hardware name: Dell Inc. XPS 13 9350/, BIOS 1.4.12 11/30/2016
<4>[  547.208564] Call Trace:
<4>[  547.208579]  dump_stack+0x96/0xdb
<4>[  547.208707]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208719]  print_address_description.constprop.6+0x16/0x310
<4>[  547.208841]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208963]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208975]  __kasan_report+0x137/0x190
<4>[  547.209106]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209127]  kasan_report+0x32/0x50
<4>[  547.209257]  ? i915_gemfs_fini+0x40/0x40 [i915]
<4>[  547.209376]  active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209389]  debug_print_object+0xa7/0x220
<4>[  547.209405]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.209426]  debug_object_assert_init+0x297/0x430
<4>[  547.209449]  ? debug_object_free+0x360/0x360
<4>[  547.209472]  ? lock_acquire+0x1ac/0x8a0
<4>[  547.209592]  ? intel_timeline_read_hwsp+0x4f/0x840 [i915]
<4>[  547.209737]  ? i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209861]  i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209990]  ? __live_alloc.isra.15+0xc0/0xc0 [i915]
<4>[  547.210005]  ? rcu_read_lock_sched_held+0xd0/0xd0
<4>[  547.210017]  ? print_usage_bug+0x580/0x580
<4>[  547.210153]  intel_timeline_read_hwsp+0xbc/0x840 [i915]
<4>[  547.210284]  __emit_semaphore_wait+0xd5/0x480 [i915]
<4>[  547.210415]  ? i915_fence_get_timeline_name+0x110/0x110 [i915]
<4>[  547.210428]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.210442]  ? _raw_spin_unlock_irq+0x2a/0x40
<4>[  547.210567]  ? __await_execution.constprop.51+0x2e0/0x570 [i915]
<4>[  547.210706]  i915_request_await_dma_fence+0x8f7/0xc70 [i915]

Fixes: 85bedbf191 ("drm/i915/gt: Eliminate the trylock for reading a timeline's hwsp")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: <stable@vger.kernel.org> # v5.6+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200427093038.29219-1-chris@chris-wilson.co.uk
(cherry picked from commit 2759e39535)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2020-04-27 09:47:40 -07:00
..
display drm/i915/dpcd_bl: Unbreak enable_dpcd_backlight modparam 2020-04-20 10:12:58 -07:00
gem drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() 2020-04-27 09:47:37 -07:00
gt drm/i915/gt: Check cacheline is valid before acquiring 2020-04-27 09:47:40 -07:00
gvt drm/i915/gvt: switch to user vfio_group_pin/upin_pages 2020-04-14 16:30:17 +08:00
oa drm/i915: reimplement header test feature 2020-01-02 12:24:10 +02:00
selftests drm/i915/selftests: Apply a heavy handed flush to i915_active 2020-03-07 00:05:54 +00:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
i915_active_types.h
i915_active.c drm/i915: Extend i915_request_await_active to use all timelines 2020-03-11 10:54:59 +00:00
i915_active.h drm/i915: Extend i915_request_await_active to use all timelines 2020-03-11 10:54:59 +00:00
i915_buddy.c drm/i915/buddy: avoid double list_add 2020-03-06 14:33:08 +00:00
i915_buddy.h
i915_cmd_parser.c drm/i915/cmd_parser: conversion to struct drm_device logging macros. 2020-02-04 11:29:40 +02:00
i915_debugfs_params.c drm/i915: Include the debugfs params header for its own definition 2020-01-17 13:00:16 +00:00
i915_debugfs_params.h drm/i915/params: add i915 parameters to debugfs 2020-01-15 15:10:16 +02:00
i915_debugfs.c drm/i915: Remove debugfs i915_drpc_info and i915_forcewake_domains 2020-03-11 09:47:12 +00:00
i915_debugfs.h drm/i915: split out display debugfs to a separate file 2020-02-14 13:26:51 +02:00
i915_drv.c drm for 5.7-rc1 2020-04-01 15:24:20 -07:00
i915_drv.h drm/i915/tgl: Add Wa_14010477008:tgl 2020-04-20 10:12:32 -07:00
i915_fixed.h
i915_gem_evict.c drm/i915: Drop inspection of execbuf flags during evict 2020-03-03 21:52:51 +00:00
i915_gem_fence_reg.c drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
i915_gem_fence_reg.h
i915_gem_gtt.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_gem_gtt.h drm/i915/gtt: split up i915_gem_gtt 2020-01-07 19:27:36 +00:00
i915_gem.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_gem.h i915 features for v5.6: 2019-12-27 15:25:04 +10:00
i915_getparam.c
i915_globals.c drm/i915: Ratelimit i915_globals_park 2019-12-18 17:38:56 +00:00
i915_globals.h
i915_gpu_error.c drm/i915: Update drm/i915 bug filing URL 2020-02-17 21:16:45 +02:00
i915_gpu_error.h drm/i915: Track hw reported context runtime 2020-02-16 15:16:22 +00:00
i915_ioc32.c drm/i915: add i915_ioc32.h for compat 2020-03-02 13:32:37 +02:00
i915_ioc32.h drm/i915: add i915_ioc32.h for compat 2020-03-02 13:32:37 +02:00
i915_irq.c UAPI Changes: 2020-03-19 10:40:27 +10:00
i915_irq.h drm/i915: Convert to CRTC VBLANK callbacks 2020-02-13 13:08:13 +01:00
i915_memcpy.c drm/i915: remove always-defined CONFIG_AS_MOVNTDQA 2020-04-09 00:01:59 +09:00
i915_memcpy.h
i915_mm.c drm/i915/gem: Extend mmap support for lmem 2020-01-04 17:57:46 +00:00
i915_params.c drm/i915: Remove 'prefault_disable' modparam 2020-01-27 11:45:35 +00:00
i915_params.h drm/i915: Mark i915.reset as unsigned 2020-02-05 18:51:52 +00:00
i915_pci.c drm/i915/tgl: Remove require_force_probe protection 2020-03-13 14:26:09 -07:00
i915_perf_types.h drm/i915/perf: Reintroduce wait on OA configuration completion 2020-03-04 13:49:26 +02:00
i915_perf.c drm/i915/perf: Do not clear pollin for small user read buffers 2020-04-13 14:09:48 -07:00
i915_perf.h drm/i915/perf: Register sysctl path globally 2019-12-13 20:16:23 +00:00
i915_pmu.c drm/i915/pmu: Avoid using globals for PMU events 2020-02-26 14:07:50 +02:00
i915_pmu.h drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_priolist_types.h
i915_pvinfo.h
i915_query.c
i915_query.h
i915_reg.h drm/i915: fix Sphinx build duplicate label warning 2020-04-20 10:12:53 -07:00
i915_request.c drm/i915: Defer semaphore priority bumping to a workqueue 2020-03-11 23:12:39 +02:00
i915_request.h drm/i915: Defer semaphore priority bumping to a workqueue 2020-03-11 23:12:39 +02:00
i915_scatterlist.c
i915_scatterlist.h
i915_scheduler_types.h
i915_scheduler.c drm/i915: Tweak scheduler's kick_submission() 2020-03-10 23:12:38 +00:00
i915_scheduler.h
i915_selftest.h
i915_suspend.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
i915_suspend.h
i915_sw_fence_work.c drm/i915: Unpin vma->obj on early error 2019-12-18 10:13:03 +00:00
i915_sw_fence_work.h
i915_sw_fence.c drm/i915/gem: Don't leak non-persistent requests on changing engines 2020-02-11 21:58:39 +00:00
i915_sw_fence.h drm/i915/gem: Don't leak non-persistent requests on changing engines 2020-02-11 21:58:39 +00:00
i915_switcheroo.c drm: Avoid drm_global_mutex for simple inc/dec of dev->open_count 2020-01-24 17:41:34 +00:00
i915_switcheroo.h
i915_syncmap.c
i915_syncmap.h
i915_sysfs.c drm/i915/gt: Expose engine properties via sysfs 2020-02-28 22:03:19 +00:00
i915_sysfs.h
i915_trace_points.c
i915_trace.h drm/i915/trace: i915_request.prio is a signed value 2020-01-28 15:53:36 +00:00
i915_user_extensions.c
i915_user_extensions.h
i915_utils.c drm/i915: Force DPCD backlight mode on X1 Extreme 2nd Gen 4K AMOLED panel 2020-03-03 20:34:32 -05:00
i915_utils.h drm/i915: be more solid in checking the alignment 2020-03-11 23:12:39 +02:00
i915_vgpu.c drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
i915_vgpu.h drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
i915_vma_types.h drm/i915/gem: Extract transient execbuf flags from i915_vma 2020-03-03 21:52:51 +00:00
i915_vma.c drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() 2020-04-27 09:47:37 -07:00
i915_vma.h drm/i915: Use the async worker to avoid reclaim tainting the ggtt->mutex 2020-01-30 21:35:43 +00:00
intel_device_info.c drm/i915: significantly reduce the use of <drm/i915_drm.h> 2020-02-27 08:35:09 +02:00
intel_device_info.h drm/i915: Read rawclk_freq earlier 2020-02-19 14:09:18 +00:00
intel_dram.c drm/i915/dram: hide the dram structs better 2020-03-02 13:32:27 +02:00
intel_dram.h drm/i915: split out intel_dram.[ch] from i915_drv.c 2020-02-27 09:16:01 +02:00
intel_gvt.c drm/i915/gvt: make intel_gvt_active internal to intel_gvt 2020-03-03 17:47:03 +02:00
intel_gvt.h
intel_memory_region.c drm/i915: convert to new logging macros in i915/intel_memory_region.c 2020-01-17 17:44:19 +02:00
intel_memory_region.h drm/i915: lookup for mem_region of a mem_type 2020-01-05 01:08:09 +00:00
intel_pch.c drm/i915: Make WARN* drm specific where drm_priv ptr is available 2020-01-22 17:54:33 +02:00
intel_pch.h
intel_pm.c drm/i915: Implement display w/a 1140 for glk/cnl 2020-03-05 15:53:33 +02:00
intel_pm.h drm/i915: Manipulate DBuf slices properly 2020-02-05 19:19:23 +02:00
intel_region_lmem.c drm/i915/lmem: use new struct drm_device based logging macros. 2020-01-10 16:11:04 +02:00
intel_region_lmem.h
intel_runtime_pm.c
intel_runtime_pm.h
intel_sideband.c drm for 5.7-rc1 2020-04-01 15:24:20 -07:00
intel_sideband.h
intel_uncore.c drm/i915: Make WARN* drm specific where uncore or stream ptr is available 2020-01-22 17:57:39 +02:00
intel_uncore.h
intel_wakeref.c drm/i915/gt: Flush ongoing retires during wait_for_idle 2020-01-03 00:33:07 +00:00
intel_wakeref.h drm/i915/gt: Flush ongoing retires during wait_for_idle 2020-01-03 00:33:07 +00:00
intel_wopcm.c
intel_wopcm.h
Kconfig drm/i915: Update drm/i915 bug filing URL 2020-02-17 21:16:45 +02:00
Kconfig.debug
Kconfig.profile drm/i915/gen12: Disable preemption timeout 2020-03-12 13:46:01 +00:00
Kconfig.unstable
Makefile drm/i915: remove always-defined CONFIG_AS_MOVNTDQA 2020-04-09 00:01:59 +09:00
vlv_suspend.c drm/i915: switch vlv_suspend to use intel uncore register accessors 2020-02-17 11:29:51 +02:00
vlv_suspend.h drm/i915: split out vlv/chv specific suspend/resume code 2020-02-17 11:29:35 +02:00