AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-26 21:35:20 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
929eec99f5
linux_dsm_epyc7002/drivers
History
Chris Wilson 929eec99f5 drm/i915: Avoid use-after-free in reporting create.size 
We have to avoid chasing after a userspace race!

<3>[  473.114328] BUG: KASAN: use-after-free in i915_gem_create+0x1d2/0x1f0 [i915]
<3>[  473.114389] Read of size 8 at addr ffff88815bf1d840 by task gem_flink_race/1541

<4>[  473.114464] CPU: 1 PID: 1541 Comm: gem_flink_race Tainted: G     U            5.1.0-rc4-g7d07e025e786-kasan_88+ #1
<4>[  473.114469] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J4205-ITX, BIOS P1.10 09/29/2016
<4>[  473.114474] Call Trace:
<4>[  473.114488]  dump_stack+0x7c/0xbb
<4>[  473.114612]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114621]  print_address_description+0x65/0x270
<4>[  473.114728]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114839]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114848]  kasan_report+0x149/0x18d
<4>[  473.114962]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.115069]  i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.115176]  ? i915_gem_object_create.part.28+0x4b0/0x4b0 [i915]
<4>[  473.115289]  ? i915_gem_dumb_create+0x1a0/0x1a0 [i915]
<4>[  473.115297]  drm_ioctl_kernel+0x192/0x260
<4>[  473.115306]  ? drm_ioctl_permit+0x280/0x280
<4>[  473.115326]  drm_ioctl+0x67c/0x960
<4>[  473.115438]  ? i915_gem_dumb_create+0x1a0/0x1a0 [i915]
<4>[  473.115448]  ? drm_getstats+0x20/0x20
<4>[  473.115459]  ? __lock_acquire+0xa66/0x3fe0
<4>[  473.115474]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[  473.115485]  ? debug_object_active_state+0x2ea/0x4e0
<4>[  473.115496]  ? debug_show_all_locks+0x2d0/0x2d0
<4>[  473.115513]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.115522]  ? check_flags.part.27+0x440/0x440
<4>[  473.115532]  ? ioctl_preallocate+0x1a0/0x1a0
<4>[  473.115547]  ? __fget+0x2ac/0x410
<4>[  473.115561]  ? __ia32_sys_dup3+0xb0/0xb0
<4>[  473.115569]  ? rwlock_bug.part.0+0x90/0x90
<4>[  473.115590]  ksys_ioctl+0x35/0x70
<4>[  473.115597]  ? lockdep_hardirqs_off+0x1cb/0x2b0
<4>[  473.115608]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.115614]  ? lockdep_hardirqs_on+0x342/0x590
<4>[  473.115623]  do_syscall_64+0x97/0x400
<4>[  473.115633]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  473.115641] RIP: 0033:0x7fce590d55d7
<4>[  473.115649] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
<4>[  473.115655] RSP: 002b:00007fce4d525ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
<4>[  473.115662] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce590d55d7
<4>[  473.115667] RDX: 00007fce4d525c10 RSI: 00000000c010645b RDI: 0000000000000007
<4>[  473.115672] RBP: 00007fce4d525c10 R08: 00007fce4d526700 R09: 00007fce4d526700
<4>[  473.115677] R10: 0000000000000054 R11: 0000000000000246 R12: 00000000c010645b
<4>[  473.115682] R13: 0000000000000007 R14: 0000000000000000 R15: 00007ffe0e4a7450

<3>[  473.115731] Allocated by task 1541:
<4>[  473.115766]  kmem_cache_alloc+0xce/0x290
<4>[  473.115895]  i915_gem_object_create.part.28+0x1c/0x4b0 [i915]
<4>[  473.116000]  i915_gem_create+0xe3/0x1f0 [i915]
<4>[  473.116008]  drm_ioctl_kernel+0x192/0x260
<4>[  473.116013]  drm_ioctl+0x67c/0x960
<4>[  473.116020]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.116026]  ksys_ioctl+0x35/0x70
<4>[  473.116032]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.116038]  do_syscall_64+0x97/0x400
<4>[  473.116044]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

<3>[  473.116071] Freed by task 1542:
<4>[  473.116101]  kmem_cache_free+0xb7/0x2f0
<4>[  473.116205]  __i915_gem_free_objects+0x7d4/0xe10 [i915]
<4>[  473.116311]  i915_gem_create_ioctl+0xaa/0xd0 [i915]
<4>[  473.116318]  drm_ioctl_kernel+0x192/0x260
<4>[  473.116323]  drm_ioctl+0x67c/0x960
<4>[  473.116330]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.116335]  ksys_ioctl+0x35/0x70
<4>[  473.116341]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.116347]  do_syscall_64+0x97/0x400
<4>[  473.116354]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Testcase: igt/gem_flink_race/flink_close
Fixes: e163484afa ("drm/i915: Update size upon return from GEM_CREATE")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Michał Winiarski <michal.winiarski@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190417132507.27133-1-chris@chris-wilson.co.uk
(cherry picked from commit 9953402349)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
2019-04-24 09:39:07 +03:00
..
accessibility
acpi ACPICA: Namespace: remove address node from global list after method termination 2019-04-09 10:05:11 +02:00
amba ARM: 8836/1: drivers: amba: Update component matching to use the CoreSight UCI values. 2019-02-26 11:23:49 +00:00
android binder: fix race between munmap() and direct reclaim 2019-03-21 06:51:32 +01:00
ata libata: fix using DMA buffers on stack 2019-03-28 08:16:04 -06:00
atm
auxdisplay auxdisplay: charlcd: make backlight initial state configurable 2019-03-17 08:48:45 +01:00
base Device properties framework fix for 5.1-rc2 2019-03-22 12:08:52 -07:00
bcma
block virtio-blk: limit number of hw queues by nr_cpu_ids 2019-04-10 08:18:24 -06:00
bluetooth Bluetooth: btusb: request wake pin with NOAUTOEN 2019-04-09 17:38:24 -10:00
bus ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
cdrom
char tpm: Fix the type of the return value in calc_tpm2_event_size() 2019-04-08 15:58:54 -07:00
clk clk: imx: Fix PLL_1416X not rounding rates 2019-04-12 14:21:43 -07:00
clocksource clocksource/drivers/clps711x: Remove board support 2019-03-24 11:30:11 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-08 15:06:38 -08:00
cpufreq cpufreq/intel_pstate: Load only on Intel hardware 2019-04-01 23:39:23 +02:00
cpuidle cpuidle: governor: Add new governors to cpuidle_governors again 2019-03-12 23:46:55 +01:00
crypto crypto: caam - fix copy of next buffer for xcbc and cmac 2019-03-28 13:54:32 +08:00
dax device-dax for 5.1 2019-03-16 13:05:32 -07:00
dca
devfreq
dio
dma dmaengine: stm32-mdma: Revert "dmaengine: stm32-mdma: Add a check on read_u32_array" 2019-03-25 21:56:54 +05:30
dma-buf dma-buf: explicitely note that dma-fence-chains use 64bit seqno 2019-04-16 14:49:10 +02:00
edac Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-08 09:11:39 -08:00
eisa
extcon extcon: ptn5150: Fix return value check in ptn5150_i2c_probe() 2019-02-11 17:21:38 +09:00
firewire
firmware memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
fmc
fpga Merge 5.0-rc6 into char-misc-next 2019-02-11 09:05:58 +01:00
fsi
gnss gnss: add driver for mediatek receivers 2019-02-15 16:54:38 +01:00
gpio gpio fixes for v5.1-rc3 2019-03-29 03:04:47 +01:00
gpu drm/i915: Avoid use-after-free in reporting create.size 2019-04-24 09:39:07 +03:00
hid HID: input: add mapping for Assistant key 2019-04-03 13:33:25 +02:00
hsi HSI: omap_ssi_port: fix debugfs_simple_attr.cocci warnings 2019-02-14 12:36:21 +01:00
hv Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
hwmon hwmon: (ntc_thermistor) Fix temperature type reporting 2019-03-29 09:51:44 -07:00
hwspinlock
hwtracing ARM updates for 5.1-rc1 2019-03-15 14:37:46 -07:00
i2c i2c: imx: don't leak the i2c adapter on error 2019-04-06 17:54:28 +02:00
i3c - Add a /* fall-through */ comment in the dw-i3c-master driver 2019-03-04 19:05:02 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2019-03-11 09:34:00 -07:00
idle intel_idle: add support for Jacobsville 2019-02-15 10:49:14 +01:00
iio - New Drivers 2019-03-08 10:02:58 -08:00
infiniband IB/hfi1: Do not flush send queue in the TID RDMA second leg 2019-04-10 15:09:30 -03:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-03-11 10:57:11 -07:00
interconnect
iommu drm-misc-next for v5.2: 2019-04-24 10:12:50 +10:00
ipack
irqchip irqchip/irq-ls1x: Missing error code in ls1x_intc_of_init() 2019-04-05 14:37:56 +02:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-03-18 18:32:44 -07:00
leds leds: trigger: netdev: use memcpy in device_name_store 2019-03-30 19:09:32 +01:00
lightnvm lightnvm: pblk: fix crash in pblk_end_partial_read due to multipage bvecs 2019-04-10 12:17:01 -06:00
macintosh treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
mailbox mailbox: imx: keep MU irq working during suspend/resume 2019-03-11 02:51:43 -05:00
mcb
md dm integrity: fix deadlock with overlapping I/O 2019-04-05 18:49:08 -04:00
media media: vsp1: drm: Implement writeback support 2019-03-18 17:24:14 +02:00
memory
memstick
message
mfd mfd: sun6i-prcm: Allow to compile with COMPILE_TEST 2019-04-03 08:38:07 +01:00
misc 5.1 Merge Window Pull Request 2019-03-09 15:53:03 -08:00
mmc mmc: sdhci-omap: Don't finish_mrq() on a command error during tuning 2019-04-11 12:40:32 +02:00
mtd mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer 2019-04-05 00:39:19 +02:00
mux
net bnxt_en: Reset device on RX buffer errors. 2019-04-08 16:39:41 -07:00
nfc
ntb Fixes for switchtec debugability and mapping table entries, NTB 2019-03-15 14:32:59 -07:00
nubus
nvdimm device-dax for 5.1 2019-03-16 13:05:32 -07:00
nvme nvmet: fix discover log page when offsets are used 2019-04-11 17:28:30 +02:00
nvmem Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
of of: fix kmemleak crash caused by imbalance in early memory reservation 2019-03-12 10:04:02 -07:00
opp PM / OPP: Update performance state when freq == old_freq 2019-03-12 09:45:56 +01:00
oprofile
parisc Revert: parisc: Use F_EXTEND() macro in iosapic code 2019-04-06 19:07:55 +02:00
parport Revert "parport: daisy: use new parport device model" 2019-03-25 14:49:00 -07:00
pci PCI: pciehp: Ignore Link State Changes after powering off a slot 2019-04-10 16:06:43 -05:00
pcmcia
perf arm64 updates for 5.1: 2019-03-10 10:17:23 -07:00
phy phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs 2019-03-26 16:48:55 +09:00
pinctrl This is the bulk of pin control changes for the v5.1 kernel cycle. 2019-03-11 11:12:50 -07:00
platform Here's more than a handful of clk driver fixes for changes that came in 2019-04-13 14:33:56 -07:00
pnp ACPI/ACPICA: Trivial: fix spelling mistakes and fix whitespace formatting 2019-02-24 21:12:01 +01:00
power power: reset: at91-reset: add support for sam9x60 SoC 2019-02-20 00:41:01 +01:00
powercap powercap/intel_rapl: add Ice Lake mobile 2019-02-18 11:31:39 +01:00
pps
ps3
ptp Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
pwm pwm: atmel: Remove useless symbolic definitions 2019-03-04 12:52:49 +01:00
rapidio rapidio/mport_cdev: mark expected switch fall-through 2019-03-07 18:32:02 -08:00
ras
regulator regulator: mc13xxx: Constify regulator_ops variables 2019-03-04 00:01:08 +00:00
remoteproc remoteproc updates for v5.1 2019-03-14 09:00:06 -07:00
reset drm/tegra: Changes for v5.2-rc1 2019-04-24 10:30:45 +10:00
rpmsg rpmsg: virtio: change header file sort style 2019-02-20 21:15:54 -08:00
rtc rtc: da9063: set uie_unsupported when relevant 2019-04-02 23:33:09 +02:00
s390 SCSI fixes on 20190329 2019-03-29 14:58:49 -07:00
sbus
scsi for-linus-20190412 2019-04-13 16:23:16 -07:00
sfi
sh
siox
slimbus
sn
soc This pull request brings in a build fix for arm64 with bcm2835 2019-03-18 10:31:24 -07:00
soundwire
spi pci-v5.1-changes 2019-03-09 14:57:08 -08:00
spmi spmi: pmic-arb: select IRQ_DOMAIN_HIERARCHY in Kconfig 2019-02-14 09:14:50 +01:00
ssb
staging Linux 5.1-rc5 2019-04-15 15:51:49 +10:00
target SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
tc
tee ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
thermal Merge branches 'fixes' and 'thermal-intel' into next 2019-03-18 22:37:44 +08:00
thunderbolt
tty tty: fix NULL pointer issue when tty_port ops is not set 2019-03-28 01:21:21 +09:00
uio
usb drm/tegra: Changes for v5.2-rc1 2019-04-24 10:30:45 +10:00
uwb
vfio vfio/type1: Limit DMA mappings per container 2019-04-03 12:43:05 -06:00
vhost virtio: fixes, cleanups 2019-03-10 12:47:57 -07:00
video fbdev changes for v5.1: 2019-03-15 14:22:59 -07:00
virt virt: vbox: Implement passing requestor info to the host for VirtualBox 6.0.x 2019-03-28 01:55:18 +09:00
virtio virtio: Honour 'may_reduce_num' in vring_create_virtqueue 2019-04-08 17:05:52 -04:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.1-rc1 tag 2019-03-11 11:22:15 -07:00
xen xen: fixes for 5.1-rc4 2019-04-07 06:12:10 -10:00
zorro
Kconfig
Makefile IOMMU Updates for Linux v5.1 2019-03-10 12:29:52 -07:00