AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-05 01:15:34 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
65e7439204
linux_dsm_epyc7002/drivers/gpu/drm
History
Changbin Du 65e7439204 drm/i915/gvt: Fix stack-out-of-bounds bug in cmd parser 
for_each_set_bit() only accepts variable of type unsigned long, and we can
not cast it from smaller types.

[   16.499365] ==================================================================
[   16.506655] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x1d/0x70
[   16.513313] Read of size 8 at addr ffff8803616cf510 by task systemd-udevd/180
[   16.521998] CPU: 0 PID: 180 Comm: systemd-udevd Tainted: G     U     O     4.15.0-rc3+ #14
[   16.530317] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016
[   16.537760] Call Trace:
[   16.540230]  dump_stack+0x7c/0xbb
[   16.543569]  print_address_description+0x6b/0x290
[   16.548306]  kasan_report+0x28a/0x370
[   16.551993]  ? find_first_bit+0x1d/0x70
[   16.555858]  find_first_bit+0x1d/0x70
[   16.559625]  intel_gvt_init_cmd_parser+0x127/0x3c0 [i915]
[   16.565060]  ? __lock_is_held+0x8f/0xf0
[   16.568990]  ? intel_gvt_clean_cmd_parser+0x10/0x10 [i915]
[   16.574514]  ? __hrtimer_init+0x5d/0xb0
[   16.578445]  intel_gvt_init_device+0x2c3/0x690 [i915]
[   16.583537]  ? unregister_module_notifier+0x20/0x20
[   16.588515]  intel_gvt_init+0x89/0x100 [i915]
[   16.592962]  i915_driver_load+0x1992/0x1c70 [i915]
[   16.597846]  ? __i915_printk+0x210/0x210 [i915]
[   16.602410]  ? wait_for_completion+0x280/0x280
[   16.606883]  ? lock_downgrade+0x2c0/0x2c0
[   16.610923]  ? __pm_runtime_resume+0x46/0x90
[   16.615238]  ? acpi_dev_found+0x76/0x80
[   16.619162]  ? i915_pci_remove+0x30/0x30 [i915]
[   16.623733]  local_pci_probe+0x74/0xe0
[   16.627518]  pci_device_probe+0x208/0x310
[   16.631561]  ? pci_device_remove+0x100/0x100
[   16.635871]  ? __list_add_valid+0x29/0xa0
[   16.639919]  driver_probe_device+0x40b/0x6b0
[   16.644223]  ? driver_probe_device+0x6b0/0x6b0
[   16.648696]  __driver_attach+0x11d/0x130
[   16.652649]  bus_for_each_dev+0xe7/0x160
[   16.656600]  ? subsys_dev_iter_exit+0x10/0x10
[   16.660987]  ? __list_add_valid+0x29/0xa0
[   16.665028]  bus_add_driver+0x31d/0x3a0
[   16.668893]  driver_register+0xc6/0x170
[   16.672758]  ? 0xffffffffc0ad8000
[   16.676108]  do_one_initcall+0x9c/0x206
[   16.679984]  ? initcall_blacklisted+0x150/0x150
[   16.684545]  ? do_init_module+0x35/0x33b
[   16.688494]  ? kasan_unpoison_shadow+0x31/0x40
[   16.692968]  ? kasan_kmalloc+0xa6/0xd0
[   16.696743]  ? do_init_module+0x35/0x33b
[   16.700694]  ? kasan_unpoison_shadow+0x31/0x40
[   16.705168]  ? __asan_register_globals+0x82/0xa0
[   16.709819]  do_init_module+0xe7/0x33b
[   16.713597]  load_module+0x4481/0x4ce0
[   16.717397]  ? module_frob_arch_sections+0x20/0x20
[   16.722228]  ? vfs_read+0x13b/0x190
[   16.725742]  ? kernel_read+0x74/0xa0
[   16.729351]  ? get_user_arg_ptr.isra.17+0x70/0x70
[   16.734099]  ? SYSC_finit_module+0x175/0x1b0
[   16.738399]  SYSC_finit_module+0x175/0x1b0
[   16.742524]  ? SYSC_init_module+0x1e0/0x1e0
[   16.746741]  ? __fget+0x157/0x240
[   16.750090]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   16.754747]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   16.759397] RIP: 0033:0x7f8fbc837499
[   16.762996] RSP: 002b:00007ffead76c138 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   16.770618] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00007f8fbc837499
[   16.777800] RDX: 0000000000000000 RSI: 000056484e67b080 RDI: 0000000000000012
[   16.784979] RBP: 00007ffead76b140 R08: 0000000000000000 R09: 0000000000000021
[   16.792164] R10: 0000000000000012 R11: 0000000000000246 R12: 000056484e67b460
[   16.799345] R13: 00007ffead76b120 R14: 0000000000000005 R15: 0000000000000000
[   16.808052] The buggy address belongs to the page:
[   16.812876] page:00000000dc4b8c1e count:0 mapcount:0 mapping:          (null) index:0x0
[   16.820934] flags: 0x17ffffc0000000()
[   16.824621] raw: 0017ffffc0000000 0000000000000000 0000000000000000 00000000ffffffff
[   16.832416] raw: ffffea000d85b3e0 ffffea000d85b3e0 0000000000000000 0000000000000000
[   16.840208] page dumped because: kasan: bad access detected
[   16.847318] Memory state around the buggy address:
[   16.852143]  ffff8803616cf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.859427]  ffff8803616cf480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   16.866708] >ffff8803616cf500: f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
[   16.873988]                          ^
[   16.877770]  ffff8803616cf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.885042]  ffff8803616cf600: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   16.892312] ==================================================================

Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
2018-01-08 12:01:11 +08:00
..
amd Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
arc drm/arc: Use drm_gem_fb_create() 2017-09-02 14:23:06 +02:00
arm main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
armada main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
ast main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
atmel-hlcdc main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
bochs main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
bridge main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
cirrus drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
etnaviv main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
exynos treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
fsl-dcu fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
gma500 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
hisilicon drm/hisilicon: Ensure LDI regs are properly configured. 2017-11-01 10:36:50 +08:00
i2c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
i810
i915 drm/i915/gvt: Fix stack-out-of-bounds bug in cmd parser 2018-01-08 12:01:11 +08:00
imx fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
lib License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mediatek main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
meson drm/meson: Use drm_gem_fb_create() 2017-10-01 17:01:39 +02:00
mga
mgag200 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
msm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mxsfb drm/mxsfb: Use drm_gem_fb_create() and drm_gem_fb_prepare_fb() 2017-10-01 17:02:20 +02:00
nouveau main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
omapdrm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
panel main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
pl111 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
qxl qxl: alloc & use shadow for dumb buffers 2017-10-23 08:23:11 +02:00
r128 r128: switch compat ioctls to drm_ioctl_kernel() 2017-09-29 13:42:35 -04:00
radeon fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
rcar-du main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
rockchip treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
savage
selftests License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
shmobile main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
sis
sti main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
stm drm/stm: ltdc: remove bridge from driver internal structure 2017-10-10 11:32:48 +02:00
sun4i main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
tdfx
tegra fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
tilcdc fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
tinydrm drm/tinydrm: Remove explicit .best_encoder assignment 2017-10-13 17:34:51 +02:00
ttm main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
tve200 drm/tve200: Use drm_gem_fb_create() and drm_gem_fb_prepare_fb() 2017-10-01 17:04:36 +02:00
udl Merge tag 'drm-misc-next-2017-10-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-24 16:51:05 +10:00
vc4 drm/vc4: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
vgem treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
via treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
virtio main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
vmwgfx main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
zte main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
ati_pcigart.c
drm_agpsupport.c drm/agpsupport: Remove extra blank line 2017-09-20 09:54:19 -07:00
drm_atomic_helper.c Merge tag 'drm-misc-next-2017-10-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-24 16:51:05 +10:00
drm_atomic.c drm: Reorganize drm_pending_event to support future event types [v2] 2017-10-21 07:23:40 +10:00
drm_auth.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_blend.c mm: treewide: remove GFP_TEMPORARY allocation flag 2017-09-13 18:53:16 -07:00
drm_bridge.c drm/bridge: change return type of drm_bridge_add function 2017-08-21 08:51:53 +05:30
drm_bufs.c
drm_cache.c
drm_color_mgmt.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_connector.c drm: add connector info/property for non-desktop displays [v2] 2017-11-23 12:45:25 +10:00
drm_context.c
drm_crtc_helper_internal.h
drm_crtc_helper.c drm: Replace kzalloc with kcalloc 2017-10-13 15:49:03 -04:00
drm_crtc_internal.h drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_crtc.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_debugfs_crc.c drm/atomic: Prepare drm_modeset_lock infrastructure for interruptible waiting, v2. 2017-09-13 09:50:52 +02:00
drm_debugfs.c
drm_dma.c
drm_dp_aux_dev.c Pass mode to wait_on_atomic_t() action funcs and provide default actions 2017-11-13 15:38:16 +00:00
drm_dp_dual_mode_helper.c drm: Add retries for lspcon mode detection 2017-10-13 12:13:54 +03:00
drm_dp_helper.c drm/dp: WARN about invalid/unknown link rates and bw codes 2017-10-11 18:41:44 +03:00
drm_dp_mst_topology.c drm/dp/mst: Sideband message transaction to power up/down nodes 2017-09-11 16:03:57 +03:00
drm_drv.c drm: Add new LEASE debug level 2017-10-25 16:31:29 +10:00
drm_dumb_buffers.c
drm_edid_load.c drm: add backwards compatibility support for drm_kms_helper.edid_firmware 2017-09-19 18:11:45 +03:00
drm_edid.c drm/edid: quirk HTC vive headset as non-desktop. [v2] 2017-11-23 12:45:31 +10:00
drm_encoder_slave.c
drm_encoder.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_fb_cma_helper.c drm/fb-cma-helper: Remove unused functions 2017-10-01 17:05:39 +02:00
drm_fb_helper.c drm/fb: add support for not enabling fbcon on non-desktop displays [v2] 2017-11-23 12:45:30 +10:00
drm_file.c
drm_flip_work.c
drm_fourcc.c
drm_framebuffer.c drm/mode_object: fix documentation for object lookups. 2017-11-10 13:50:47 +10:00
drm_gem_cma_helper.c drm/gem-cma-helper: Change the level of the allocation failure message 2017-10-16 15:19:57 +02:00
drm_gem_framebuffer_helper.c drm/gem-fb-helper: Improve documentation 2017-10-08 15:02:51 +02:00
drm_gem.c drm: fix typo in drm_gem_get_pages() comment 2017-10-04 18:04:28 +02:00
drm_global.c
drm_hashtab.c
drm_info.c
drm_internal.h drm: Add CRTC_GET_SEQUENCE and CRTC_QUEUE_SEQUENCE ioctls [v3] 2017-10-23 11:15:03 +10:00
drm_ioc32.c
drm_ioctl.c drm: Add four ioctls for managing drm mode object leases [v7] 2017-10-25 16:31:30 +10:00
drm_irq.c
drm_kms_helper_common.c drm: add backwards compatibility support for drm_kms_helper.edid_firmware 2017-09-19 18:11:45 +03:00
drm_lease.c drm: Add four ioctls for managing drm mode object leases [v7] 2017-10-25 16:31:30 +10:00
drm_legacy.h
drm_lock.c
drm_memory.c
drm_mipi_dsi.c
drm_mm.c lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
drm_mode_config.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_mode_object.c drm/mode_object: fix documentation for object lookups. 2017-11-10 13:50:47 +10:00
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all 2017-10-31 17:36:46 +01:00
drm_of.c drm/drm_of: Move drm_of_panel_bridge_remove_function into header. 2017-10-13 16:59:36 +02:00
drm_panel.c
drm_pci.c drm/core: clean up references to drm_dev_unref() 2017-09-27 10:53:12 +02:00
drm_plane_helper.c drm: Replace kzalloc with kcalloc 2017-10-13 15:49:03 -04:00
drm_plane.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_prime.c drm/core: clean up references to drm_dev_unref() 2017-09-27 10:53:12 +02:00
drm_print.c
drm_probe_helper.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_property.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_rect.c
drm_scatter.c
drm_scdc_helper.c Merge tag 'drm-misc-next-2017-09-20' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-09-28 05:46:15 +10:00
drm_simple_kms_helper.c
drm_syncobj.c Merge tag 'drm-misc-next-2017-10-16' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-17 10:10:17 +10:00
drm_sysfs.c
drm_trace_points.c
drm_trace.h main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
drm_vblank.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
drm_vm.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 12:21:28 -07:00
drm_vma_manager.c lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
Kconfig Merge branch 'drm-next-4.15' of git://people.freedesktop.org/~agd5f/linux into drm-next 2017-09-28 08:37:02 +10:00
Makefile main drm pull request for v4.15 2017-11-15 20:42:10 -08:00