AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-11 05:09:30 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
2abaad4eb5
linux_dsm_epyc7002/drivers/gpu/drm/i915/gt
History
Chris Wilson 2abaad4eb5 drm/i915/gt: Check cacheline is valid before acquiring 
The hwsp_cacheline pointer from i915_request is very, very flimsy. The
i915_request.timeline (and the hwsp_cacheline) are lost upon retiring
(after an RCU grace). Therefore we need to confirm that once we have the
right pointer for the cacheline, it is not in the process of being
retired and disposed of before we attempt to acquire a reference to the
cacheline.

<3>[  547.208237] BUG: KASAN: use-after-free in active_debug_hint+0x6a/0x70 [i915]
<3>[  547.208366] Read of size 8 at addr ffff88822a0d2710 by task gem_exec_parall/2536

<4>[  547.208547] CPU: 3 PID: 2536 Comm: gem_exec_parall Tainted: G     U            5.7.0-rc2-ged7a286b5d02d-kasan_117+ #1
<4>[  547.208556] Hardware name: Dell Inc. XPS 13 9350/, BIOS 1.4.12 11/30/2016
<4>[  547.208564] Call Trace:
<4>[  547.208579]  dump_stack+0x96/0xdb
<4>[  547.208707]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208719]  print_address_description.constprop.6+0x16/0x310
<4>[  547.208841]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208963]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.208975]  __kasan_report+0x137/0x190
<4>[  547.209106]  ? active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209127]  kasan_report+0x32/0x50
<4>[  547.209257]  ? i915_gemfs_fini+0x40/0x40 [i915]
<4>[  547.209376]  active_debug_hint+0x6a/0x70 [i915]
<4>[  547.209389]  debug_print_object+0xa7/0x220
<4>[  547.209405]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.209426]  debug_object_assert_init+0x297/0x430
<4>[  547.209449]  ? debug_object_free+0x360/0x360
<4>[  547.209472]  ? lock_acquire+0x1ac/0x8a0
<4>[  547.209592]  ? intel_timeline_read_hwsp+0x4f/0x840 [i915]
<4>[  547.209737]  ? i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209861]  i915_active_acquire_if_busy+0x66/0x120 [i915]
<4>[  547.209990]  ? __live_alloc.isra.15+0xc0/0xc0 [i915]
<4>[  547.210005]  ? rcu_read_lock_sched_held+0xd0/0xd0
<4>[  547.210017]  ? print_usage_bug+0x580/0x580
<4>[  547.210153]  intel_timeline_read_hwsp+0xbc/0x840 [i915]
<4>[  547.210284]  __emit_semaphore_wait+0xd5/0x480 [i915]
<4>[  547.210415]  ? i915_fence_get_timeline_name+0x110/0x110 [i915]
<4>[  547.210428]  ? lockdep_hardirqs_on+0x348/0x5f0
<4>[  547.210442]  ? _raw_spin_unlock_irq+0x2a/0x40
<4>[  547.210567]  ? __await_execution.constprop.51+0x2e0/0x570 [i915]
<4>[  547.210706]  i915_request_await_dma_fence+0x8f7/0xc70 [i915]

Fixes: 85bedbf191 ("drm/i915/gt: Eliminate the trylock for reading a timeline's hwsp")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: <stable@vger.kernel.org> # v5.6+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200427093038.29219-1-chris@chris-wilson.co.uk
(cherry picked from commit 2759e39535)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
2020-04-27 09:47:40 -07:00
..
selftests
uc drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
debugfs_engines.c
debugfs_engines.h
debugfs_gt_pm.c
debugfs_gt_pm.h
debugfs_gt.c
debugfs_gt.h
gen6_ppgtt.c
gen6_ppgtt.h
gen6_renderstate.c
gen7_renderclear.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
gen7_renderclear.h drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
gen7_renderstate.c
gen8_ppgtt.c drm/i915/vgpu: improve vgpu abstractions 2020-03-03 17:46:54 +02:00
gen8_ppgtt.h
gen8_renderstate.c
gen9_renderstate.c
hsw_clear_kernel.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
intel_breadcrumbs.c
intel_context_param.c drm/i915: Allow userspace to specify ringsize on construction 2020-02-25 19:23:19 +00:00
intel_context_param.h drm/i915: Allow userspace to specify ringsize on construction 2020-02-25 19:23:19 +00:00
intel_context_sseu.c
intel_context_types.h drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_context.c drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_context.h drm/i915: Use explicit flag to mark unreachable intel_context 2020-03-26 10:21:04 -07:00
intel_engine_cs.c drm/i915/gen12: Disable preemption timeout 2020-03-12 13:46:01 +00:00
intel_engine_heartbeat.c drm/i915/gt: Fix up missing error propagation for heartbeat pulses 2020-02-18 20:32:21 +00:00
intel_engine_heartbeat.h
intel_engine_pm.c
intel_engine_pm.h
intel_engine_pool_types.h
intel_engine_pool.c
intel_engine_pool.h
intel_engine_types.h drm/i915/gt: Expose busywait duration to sysfs 2020-02-28 22:03:41 +00:00
intel_engine_user.c
intel_engine_user.h
intel_engine.h drm/i915/gt: Defend against concurrent updates to execlists->active 2020-03-09 20:38:57 +00:00
intel_ggtt.c drm/i915/gt: Fill all the unused space in the GGTT 2020-04-06 10:31:19 -07:00
intel_gpu_commands.h drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
intel_gt_irq.c
intel_gt_irq.h
intel_gt_pm_irq.c
intel_gt_pm_irq.h
intel_gt_pm.c
intel_gt_pm.h
intel_gt_requests.c drm/i915/gt: Drop the timeline->mutex as we wait for retirement 2020-03-03 17:30:20 +00:00
intel_gt_requests.h
intel_gt_types.h
intel_gt.c drm/i915/gt: Wait for RCUs frees before asserting idle on unload 2020-03-12 20:47:24 +00:00
intel_gt.h
intel_gtt.c drm/i915/gt: Pull marking vm as closed underneath the vm->mutex 2020-02-28 12:33:07 +00:00
intel_gtt.h drm/i915/gt: Pull marking vm as closed underneath the vm->mutex 2020-02-28 12:33:07 +00:00
intel_llc_types.h
intel_llc.c drm/i915/gt: Do not attempt to reprogram IA/ring frequencies for dgfx 2020-02-19 22:27:10 +00:00
intel_llc.h
intel_lrc_reg.h drm/i915: Track hw reported context runtime 2020-02-16 15:16:22 +00:00
intel_lrc.c drm/i915/gt: Stage the transfer of the virtual breadcrumb 2020-03-26 10:21:30 -07:00
intel_lrc.h
intel_mocs.c drm/i915/gt: Refactor l3cc/mocs availability 2020-02-19 14:09:18 +00:00
intel_mocs.h
intel_ppgtt.c
intel_rc6_types.h
intel_rc6.c drm/i915/gt: Select the deepest available parking mode for rc6 2020-03-26 10:21:30 -07:00
intel_rc6.h
intel_renderstate.c
intel_renderstate.h
intel_reset_types.h
intel_reset.c drm/i915/gt: Cancel a hung context if already closed 2020-03-26 10:21:30 -07:00
intel_reset.h
intel_ring_submission.c drm/i915/gt: Restrict gen7 w/a batch to Haswell 2020-03-20 07:04:38 -07:00
intel_ring_types.h drm/i915/gt: Avoid resetting ring->head outside of its timeline mutex 2020-02-11 12:03:22 +00:00
intel_ring.c
intel_ring.h
intel_rps_types.h
intel_rps.c drm/i915/gt: Update PMINTRMSK holding fw 2020-04-20 10:12:36 -07:00
intel_rps.h
intel_sseu.c
intel_sseu.h
intel_timeline_types.h
intel_timeline.c drm/i915/gt: Check cacheline is valid before acquiring 2020-04-27 09:47:40 -07:00
intel_timeline.h
intel_workarounds_types.h
intel_workarounds.c drm/i915: Add Wa_1605460711 / Wa_1408767742 to ICL and EHL 2020-03-13 09:03:17 -07:00
intel_workarounds.h
ivb_clear_kernel.c drm/i915/gen7: Clear all EU/L3 residual contexts 2020-03-06 08:59:06 +00:00
mock_engine.c drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
mock_engine.h
selftest_context.c
selftest_engine_cs.c
selftest_engine_heartbeat.c drm/i915/selftests: Disable heartbeat around manual pulse tests 2020-02-28 09:25:41 +00:00
selftest_engine_pm.c
selftest_engine.c
selftest_engine.h
selftest_gt_pm.c
selftest_hangcheck.c drm/i915: Apply i915_request_skip() on submission 2020-03-04 14:29:50 +00:00
selftest_llc.c drm/i915/gt: Do not attempt to reprogram IA/ring frequencies for dgfx 2020-02-19 22:27:10 +00:00
selftest_llc.h
selftest_lrc.c drm/i915/selftest: Add more poison patterns 2020-03-13 11:36:34 +00:00
selftest_mocs.c drm/i915/gt: Refactor l3cc/mocs availability 2020-02-19 14:09:18 +00:00
selftest_rc6.c drm/i915/gt: Select the deepest available parking mode for rc6 2020-03-26 10:21:30 -07:00
selftest_rc6.h
selftest_reset.c drm/i915/guc: Kill USES_GUC_SUBMISSION macro 2020-02-20 17:48:03 +00:00
selftest_ring_submission.c drm/i915/gt: Wait for the wa batch to be pinned 2020-03-07 17:10:35 +00:00
selftest_timeline.c drm/i915/selftests: Remove erroneous intel_engine_pm_put 2020-02-09 13:47:26 +00:00
selftest_workarounds.c
sysfs_engines.c drm/i915/gt: Expose heartbeat interval via sysfs 2020-02-28 22:03:49 +00:00
sysfs_engines.h drm/i915/gt: Expose engine properties via sysfs 2020-02-28 22:03:19 +00:00