AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-26 20:45:31 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
929eec99f5
linux_dsm_epyc7002/drivers/gpu/drm
History
Chris Wilson 929eec99f5 drm/i915: Avoid use-after-free in reporting create.size 
We have to avoid chasing after a userspace race!

<3>[  473.114328] BUG: KASAN: use-after-free in i915_gem_create+0x1d2/0x1f0 [i915]
<3>[  473.114389] Read of size 8 at addr ffff88815bf1d840 by task gem_flink_race/1541

<4>[  473.114464] CPU: 1 PID: 1541 Comm: gem_flink_race Tainted: G     U            5.1.0-rc4-g7d07e025e786-kasan_88+ #1
<4>[  473.114469] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./J4205-ITX, BIOS P1.10 09/29/2016
<4>[  473.114474] Call Trace:
<4>[  473.114488]  dump_stack+0x7c/0xbb
<4>[  473.114612]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114621]  print_address_description+0x65/0x270
<4>[  473.114728]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114839]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.114848]  kasan_report+0x149/0x18d
<4>[  473.114962]  ? i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.115069]  i915_gem_create+0x1d2/0x1f0 [i915]
<4>[  473.115176]  ? i915_gem_object_create.part.28+0x4b0/0x4b0 [i915]
<4>[  473.115289]  ? i915_gem_dumb_create+0x1a0/0x1a0 [i915]
<4>[  473.115297]  drm_ioctl_kernel+0x192/0x260
<4>[  473.115306]  ? drm_ioctl_permit+0x280/0x280
<4>[  473.115326]  drm_ioctl+0x67c/0x960
<4>[  473.115438]  ? i915_gem_dumb_create+0x1a0/0x1a0 [i915]
<4>[  473.115448]  ? drm_getstats+0x20/0x20
<4>[  473.115459]  ? __lock_acquire+0xa66/0x3fe0
<4>[  473.115474]  ? _raw_spin_unlock_irqrestore+0x39/0x60
<4>[  473.115485]  ? debug_object_active_state+0x2ea/0x4e0
<4>[  473.115496]  ? debug_show_all_locks+0x2d0/0x2d0
<4>[  473.115513]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.115522]  ? check_flags.part.27+0x440/0x440
<4>[  473.115532]  ? ioctl_preallocate+0x1a0/0x1a0
<4>[  473.115547]  ? __fget+0x2ac/0x410
<4>[  473.115561]  ? __ia32_sys_dup3+0xb0/0xb0
<4>[  473.115569]  ? rwlock_bug.part.0+0x90/0x90
<4>[  473.115590]  ksys_ioctl+0x35/0x70
<4>[  473.115597]  ? lockdep_hardirqs_off+0x1cb/0x2b0
<4>[  473.115608]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.115614]  ? lockdep_hardirqs_on+0x342/0x590
<4>[  473.115623]  do_syscall_64+0x97/0x400
<4>[  473.115633]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[  473.115641] RIP: 0033:0x7fce590d55d7
<4>[  473.115649] Code: b3 66 90 48 8b 05 b1 48 2d 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
<4>[  473.115655] RSP: 002b:00007fce4d525ba8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
<4>[  473.115662] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fce590d55d7
<4>[  473.115667] RDX: 00007fce4d525c10 RSI: 00000000c010645b RDI: 0000000000000007
<4>[  473.115672] RBP: 00007fce4d525c10 R08: 00007fce4d526700 R09: 00007fce4d526700
<4>[  473.115677] R10: 0000000000000054 R11: 0000000000000246 R12: 00000000c010645b
<4>[  473.115682] R13: 0000000000000007 R14: 0000000000000000 R15: 00007ffe0e4a7450

<3>[  473.115731] Allocated by task 1541:
<4>[  473.115766]  kmem_cache_alloc+0xce/0x290
<4>[  473.115895]  i915_gem_object_create.part.28+0x1c/0x4b0 [i915]
<4>[  473.116000]  i915_gem_create+0xe3/0x1f0 [i915]
<4>[  473.116008]  drm_ioctl_kernel+0x192/0x260
<4>[  473.116013]  drm_ioctl+0x67c/0x960
<4>[  473.116020]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.116026]  ksys_ioctl+0x35/0x70
<4>[  473.116032]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.116038]  do_syscall_64+0x97/0x400
<4>[  473.116044]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

<3>[  473.116071] Freed by task 1542:
<4>[  473.116101]  kmem_cache_free+0xb7/0x2f0
<4>[  473.116205]  __i915_gem_free_objects+0x7d4/0xe10 [i915]
<4>[  473.116311]  i915_gem_create_ioctl+0xaa/0xd0 [i915]
<4>[  473.116318]  drm_ioctl_kernel+0x192/0x260
<4>[  473.116323]  drm_ioctl+0x67c/0x960
<4>[  473.116330]  do_vfs_ioctl+0x18d/0xfa0
<4>[  473.116335]  ksys_ioctl+0x35/0x70
<4>[  473.116341]  __x64_sys_ioctl+0x6a/0xb0
<4>[  473.116347]  do_syscall_64+0x97/0x400
<4>[  473.116354]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

Testcase: igt/gem_flink_race/flink_close
Fixes: e163484afa ("drm/i915: Update size upon return from GEM_CREATE")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Michał Winiarski <michal.winiarski@intel.com>
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190417132507.27133-1-chris@chris-wilson.co.uk
(cherry picked from commit 9953402349)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
2019-04-24 09:39:07 +03:00
..
amd Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-24 11:46:19 +10:00
arc drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
arm Merge commit 'refs/for-upstream/mali-dp' of git://linux-arm.org/linux-ld into drm-next 2019-04-03 13:44:40 +10:00
armada drm/armada: Use drm_fb_helper_fill_info 2019-03-27 09:56:14 +01:00
aspeed drm: aspeed: Clean up Kconfig options 2019-04-16 16:39:24 +02:00
ast Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
atmel-hlcdc drm/irq: Don't check for DRIVER_HAVE_IRQ in drm_irq_(un)install 2019-01-29 15:45:06 +01:00
bochs Merge drm/drm-next into drm-misc-next 2019-04-10 15:50:49 -04:00
bridge drm-misc-next for v5.2: 2019-04-24 10:12:50 +10:00
cirrus drm-misc-next for 5.2: 2019-04-12 14:27:45 +10:00
etnaviv drm-misc-next for 5.2: 2019-03-25 11:05:12 +01:00
exynos drm/ipp: clean up debug messages 2019-04-24 11:23:20 +09:00
fsl-dcu drm: Use new DRM_BUS_FLAG_*_(DRIVE|SAMPLE)_(POS|NEG)EDGE flags 2019-03-18 11:42:13 +02:00
gma500 drm/gma500: Use drm_fb_helper_fill_info 2019-03-27 09:57:28 +01:00
hisilicon Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
i2c drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
i810
i915 drm/i915: Avoid use-after-free in reporting create.size 2019-04-24 09:39:07 +03:00
imx drm-misc-next for 5.2: 2019-03-25 11:05:12 +01:00
lib
lima drm/lima: Make lima_sched_ops static 2019-04-17 20:56:40 +08:00
mediatek drm/mediatek: no change parent rate in round_rate() for MT2701 hdmi phy 2019-04-09 17:47:01 +08:00
meson drm-misc-next for v5.2: 2019-04-24 10:12:50 +10:00
mga drm/irq: Ditch DRIVER_IRQ_SHARED 2019-01-29 15:45:21 +01:00
mgag200 Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
msm Merge tag 'drm-msm-next-2019-04-21' of https://gitlab.freedesktop.org/drm/msm into drm-next 2019-04-24 11:56:32 +10:00
mxsfb drm: Use new DRM_BUS_FLAG_*_(DRIVE|SAMPLE)_(POS|NEG)EDGE flags 2019-03-18 11:42:13 +02:00
nouveau Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
omapdrm Linux 5.1-rc5 2019-04-15 15:51:49 +10:00
panel drm/panel: simple: add lg,acx467akm-7 panel 2019-04-17 23:02:44 +02:00
panfrost drm/panfrost: Add support for 2MB page entries 2019-04-12 13:33:58 -05:00
pl111 drm-misc-next for 5.2: 2019-04-12 14:27:45 +10:00
qxl Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
r128 drm/irq: Ditch DRIVER_IRQ_SHARED 2019-01-29 15:45:21 +01:00
radeon Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
rcar-du drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3 2019-03-28 06:12:42 +02:00
rockchip Linux 5.1-rc5 2019-04-15 15:51:49 +10:00
savage drm/savage: mark expected switch fall-throughs 2019-01-30 17:35:29 +01:00
scheduler Merge branch 'drm-next-5.1' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-02-22 15:56:42 +10:00
selftests drm/selftests/mm: Switch to bitmap_zalloc() 2019-03-20 17:36:06 +00:00
shmobile drm/irq: Don't check for DRIVER_HAVE_IRQ in drm_irq_(un)install 2019-01-29 15:45:06 +01:00
sis
sti drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
stm drm/stm: add sleep power management 2019-04-01 11:00:18 +02:00
sun4i drm-misc-next for v5.2: 2019-04-24 10:12:50 +10:00
tdfx
tegra drm/tegra: Changes for v5.2-rc1 2019-04-24 10:30:45 +10:00
tilcdc drm/irq: Don't check for DRIVER_HAVE_IRQ in drm_irq_(un)install 2019-01-29 15:45:06 +01:00
tinydrm drm/tinydrm: Fix fbdev pixel format 2019-04-11 16:16:06 +02:00
ttm drm/ttm: Fix spelling of "KiB" 2019-03-19 15:04:03 -05:00
tve200 drm: Use new DRM_BUS_FLAG_*_(DRIVE|SAMPLE)_(POS|NEG)EDGE flags 2019-03-18 11:42:13 +02:00
udl drm/udl: move to embedding drm device inside udl device. 2019-04-24 13:48:45 +10:00
v3d drm/v3d: fix a missing check of pm_runtime_get_sync 2019-04-01 10:45:59 -07:00
vboxvideo Merge branch 'drm-next-5.2' of git://people.freedesktop.org/~agd5f/linux into drm-next 2019-04-03 13:26:11 +10:00
vc4 drm-misc-next for 5.2: 2019-04-12 14:27:45 +10:00
vgem drm/vgem: fix use-after-free when drm_gem_handle_create() fails 2019-03-18 08:45:57 +01:00
via drm/via: mark expected switch fall-throughs 2019-01-30 17:35:29 +01:00
virtio drm-misc-next for 5.2: 2019-04-05 11:38:02 +10:00
vkms Linux 5.1-rc5 2019-04-15 15:51:49 +10:00
vmwgfx drm/vmwgfx: Remove set but not used variable 'fb_offset, fb_depth' 2019-04-08 10:29:05 -07:00
xen drm/drv: drm_dev_unplug(): Move out drm_dev_put() call 2019-02-21 12:11:58 +01:00
zte drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
ati_pcigart.c drm/ati_pcigart: Fix error code in drm_ati_pcigart_init() 2018-12-17 10:47:17 +01:00
drm_agpsupport.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_atomic_helper.c Linux 5.1-rc5 2019-04-15 15:51:49 +10:00
drm_atomic_state_helper.c drm: writeback: Fix leak of writeback job 2019-03-18 17:24:32 +02:00
drm_atomic_uapi.c drm-misc-next for 5.2: 2019-03-25 11:05:12 +01:00
drm_atomic.c drm-misc-next for 5.1: 2019-01-10 05:58:52 +10:00
drm_auth.c drm: set is_master to 0 upon drm_new_set_master() failure 2018-11-26 16:14:27 -05:00
drm_blend.c drm: Clarify DRM_MODE_REFLECT_X/Y documentation 2018-09-11 11:21:30 +01:00
drm_bridge.c drm: bridge: Constify mode arguments to bridge .mode_set() operation 2019-01-14 03:51:14 +02:00
drm_bufs.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_cache.c
drm_client.c drm/client: Rename drm_client_add() to drm_client_register() 2019-04-11 16:14:49 +02:00
drm_color_mgmt.c drm: Constify drm_color_lut_check() 2019-01-29 23:26:12 +02:00
drm_connector.c drm/dp: Set the connector's TILE property even for DP SST connectors 2019-03-14 11:33:17 -07:00
drm_context.c drm: Fix error handling in drm_legacy_addctx 2019-01-07 11:26:31 +01:00
drm_crtc_helper_internal.h
drm_crtc_helper.c drm: Remove use of drm_mode_object 2019-01-15 13:20:56 +01:00
drm_crtc_internal.h drm: Unexport drm_crtc_force_disable 2019-01-11 15:56:40 +01:00
drm_crtc.c drm: Move the legacy kms disable_all helper to crtc helpers 2019-01-11 22:54:29 +01:00
drm_damage_helper.c drm: prepare for drmP.h removal from drm_modeset_helper.h 2019-02-07 21:48:28 +01:00
drm_debugfs_crc.c Revert "drm: crc: Wait for a frame before returning from open()" 2018-08-22 09:50:16 -07:00
drm_debugfs.c drm: Merge drm_info.c into drm_debugfs.c 2018-11-22 09:52:27 +01:00
drm_dma.c
drm_dp_aux_dev.c
drm_dp_cec.c drm: Do not call drm_dp_cec_set_edid() while registering DP connectors 2018-10-11 10:52:35 +02:00
drm_dp_dual_mode_helper.c
drm_dp_helper.c drm/dsc: Add kernel documentation for DRM DP DSC helpers 2019-02-08 13:38:51 -08:00
drm_dp_mst_topology.c drm/dp: Set the connector's TILE property even for DP SST connectors 2019-03-14 11:33:17 -07:00
drm_drv.c drm/drv: Fix incorrect resolution of merge conflict 2019-04-18 06:42:22 +10:00
drm_dsc.c drm/dsc: Split DSC PPS and SDP header initialisations 2019-03-05 13:24:34 -05:00
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c drm/edid: Remove defunct EDID_QUIRK_FIRST_DETAILED_PREFERRED 2019-03-27 13:55:13 +02:00
drm_encoder_slave.c
drm_encoder.c drm: Differentiate the lack of an interface from invalid parameter 2018-09-14 17:29:47 +01:00
drm_fb_cma_helper.c drm/cma-helper: Remove unused fbdev code 2019-01-17 10:56:38 +01:00
drm_fb_helper.c drm-misc-next for v5.2: 2019-04-24 10:12:50 +10:00
drm_file.c drm: Fix drm_release() and device unplug 2019-03-25 15:58:05 +10:00
drm_flip_work.c drm: move drm_can_sleep() to drm_util.h 2019-01-14 10:58:37 +01:00
drm_format_helper.c drm: add drm_format_helper.c to kerneldoc 2019-04-17 09:39:22 +02:00
drm_fourcc.c drm/fourcc: Fix conflicting Y41x definitions 2019-03-21 09:49:04 +01:00
drm_framebuffer.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_gem_cma_helper.c drm/cma-helper: Add DRM_GEM_CMA_VMAP_DRIVER_OPS 2018-11-20 14:57:25 +01:00
drm_gem_framebuffer_helper.c drm/gem-fb-helper: Add drm_gem_fb_create_with_dirty() 2019-01-17 10:56:45 +01:00
drm_gem_shmem_helper.c drm: shmem: Off by one in drm_gem_shmem_fault() 2019-04-01 10:44:34 -07:00
drm_gem.c drm: Add helpers for setting up an array of dma_fence dependencies. 2019-04-16 15:32:20 -07:00
drm_hashtab.c
drm_internal.h drm/syncobj: add timeline signal ioctl for syncobj v5 2019-04-01 12:09:00 +02:00
drm_ioc32.c drm: add __user attribute to ptr_to_compat() 2019-03-04 09:55:31 -05:00
drm_ioctl.c Revert "drm: allow render capable master with DRM_AUTH ioctls" 2019-04-18 06:46:33 +10:00
drm_irq.c drm/irq: Ditch DRIVER_IRQ_SHARED 2019-01-29 15:45:21 +01:00
drm_kms_helper_common.c drm: fix spelling mistake "intead" -> "instead" 2019-03-04 11:18:50 -05:00
drm_lease.c Linux 5.0-rc7 2019-02-18 13:27:15 +10:00
drm_legacy.h
drm_lock.c drm: Differentiate the lack of an interface from invalid parameter 2018-09-14 17:29:47 +01:00
drm_memory.c drm: fallback to dma_alloc_coherent when memory encryption is active 2019-04-01 11:43:42 +02:00
drm_mipi_dsi.c
drm_mm.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_mode_config.c drm: Expose "FB_DAMAGE_CLIPS" property to atomic aware user-space only 2019-04-16 15:13:23 -07:00
drm_mode_object.c gpu/drm: Fix lock held when returning to user space. 2019-01-10 11:31:58 +01:00
drm_modes.c drm: Use new DRM_BUS_FLAG_*_(DRIVE|SAMPLE)_(POS|NEG)EDGE flags 2019-03-18 11:42:13 +02:00
drm_modeset_helper.c drm: prepare for drmP.h removal from drm_modeset_helper.h 2019-02-07 21:48:28 +01:00
drm_modeset_lock.c drm/atomic: integrate modeset lock with private objects 2018-12-11 15:24:30 +01:00
drm_of.c drm/of: Fix kerneldoc 2019-01-12 13:07:58 +01:00
drm_panel_orientation_quirks.c drm: panel-orientation-quirks: Add quirk for Lenovo Ideapad D330 2019-03-01 09:15:55 +02:00
drm_panel.c drm/panel: Small documentation polish 2019-01-12 13:08:12 +01:00
drm_pci.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
drm_plane_helper.c drm: Unexport drm_plane_helper_check_update 2018-10-05 22:45:19 +02:00
drm_plane.c drm: Auto-set allow_fb_modifiers when given modifiers at plane init 2019-01-11 16:53:55 +01:00
drm_prime.c drm: Add reservation_object to drm_gem_object 2019-02-19 11:08:40 +01:00
drm_print.c drm: Add a helper function for printing a debugfs_regset32. 2019-04-01 10:44:34 -07:00
drm_probe_helper.c drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
drm_property.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_rect.c drm: Nuke drm_calc_{h,v}scale_relaxed() 2019-02-07 13:14:06 +02:00
drm_scatter.c drm: Differentiate the lack of an interface from invalid parameter 2018-09-14 17:29:47 +01:00
drm_scdc_helper.c
drm_simple_kms_helper.c drm: Split out drm_probe_helper.h 2019-01-24 13:20:42 +01:00
drm_syncobj.c drm/syncobj: add timeline signal ioctl for syncobj v5 2019-04-01 12:09:00 +02:00
drm_sysfs.c drm/lease: Send a distinct uevent 2018-11-30 10:57:18 +01:00
drm_trace_points.c
drm_trace.h
drm_vblank.c drm: Trivial comment grammar cleanups 2019-02-04 10:21:17 +01:00
drm_vm.c drm/drm_vm: Mark expected switch fall-throughs 2019-02-19 12:20:41 +01:00
drm_vma_manager.c drm: Remove "protection" around drm_vma_offset_manager_destroy() 2018-09-04 19:00:32 +01:00
drm_writeback.c drm: writeback: Add job prepare and cleanup operations 2019-03-18 17:24:38 +02:00
Kconfig drm/panfrost: Add initial panfrost driver 2019-04-12 12:56:46 -05:00
Makefile drm/panfrost: Add initial panfrost driver 2019-04-12 12:56:46 -05:00