linux_dsm_epyc7002/drivers/gpu/drm/i915/gt
Chris Wilson fecffa4668 drm/i915: Protect context while grabbing its name for the request
Inside print_request(), we query the context/timeline name. Nothing
immediately protects the context from being freed if the request is
complete -- we rely on serialisation by the caller to keep the name
valid until they finish using it. Inside intel_engine_dump(), we
generally only print the requests in the execution queue protected by the
engine->active.lock, but we also show the pending execlists ports which
are not protected and so require a rcu_read_lock to keep the pointer
valid.

[ 1695.700883] BUG: KASAN: use-after-free in i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.700981] Read of size 8 at addr ffff8887344f4d50 by task gem_ctx_persist/2968
[ 1695.701068]
[ 1695.701156] CPU: 1 PID: 2968 Comm: gem_ctx_persist Tainted: G     U            5.4.0-rc6+ #331
[ 1695.701246] Hardware name: Intel Corporation NUC7i5BNK/NUC7i5BNB, BIOS BNKBL357.86A.0052.2017.0918.1346 09/18/2017
[ 1695.701334] Call Trace:
[ 1695.701424]  dump_stack+0x5b/0x90
[ 1695.701870]  ? i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.701964]  print_address_description.constprop.7+0x36/0x50
[ 1695.702408]  ? i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.702856]  ? i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.702947]  __kasan_report.cold.10+0x1a/0x3a
[ 1695.703390]  ? i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.703836]  i915_fence_get_timeline_name+0x53/0x90 [i915]
[ 1695.704241]  print_request+0x82/0x2e0 [i915]
[ 1695.704638]  ? fwtable_read32+0x133/0x360 [i915]
[ 1695.705042]  ? write_timestamp+0x110/0x110 [i915]
[ 1695.705133]  ? _raw_spin_lock_irqsave+0x79/0xc0
[ 1695.705221]  ? refcount_inc_not_zero_checked+0x91/0x110
[ 1695.705306]  ? refcount_dec_and_mutex_lock+0x50/0x50
[ 1695.705709]  ? intel_engine_find_active_request+0x202/0x230 [i915]
[ 1695.706115]  intel_engine_dump+0x2c9/0x900 [i915]

Fixes: c36eebd9ba ("drm/i915/gt: execlists->active is serialised by the tasklet")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Reviewed-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20191111114323.5833-1-chris@chris-wilson.co.uk
2019-11-11 11:46:40 +00:00
..
selftests drm/i915: make more headers self-contained 2019-11-08 10:16:13 +00:00
uc drm/i915/guc: drop guc shared area 2019-10-31 16:47:23 +00:00
gen6_renderstate.c drm/i915: Move the renderstate setup under gt/ 2019-07-04 11:48:22 +01:00
gen7_renderstate.c drm/i915: Move the renderstate setup under gt/ 2019-07-04 11:48:22 +01:00
gen8_renderstate.c drm/i915: Move the renderstate setup under gt/ 2019-07-04 11:48:22 +01:00
gen9_renderstate.c drm/i915: Move the renderstate setup under gt/ 2019-07-04 11:48:22 +01:00
intel_breadcrumbs.c drm/i915: Don't disable interrupts for intel_engine_breadcrumbs_irq() 2019-09-26 18:44:35 +01:00
intel_context_types.h drm/i915: Remove logical HW ID 2019-10-04 15:39:30 +01:00
intel_context.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_context.h drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_engine_cs.c drm/i915: Protect context while grabbing its name for the request 2019-11-11 11:46:40 +00:00
intel_engine_heartbeat.c drm/i915/gt: Cleanup heartbeat systole first 2019-11-07 07:49:55 +00:00
intel_engine_heartbeat.h drm/i915/gt: Replace hangcheck by heartbeats 2019-10-23 23:52:10 +01:00
intel_engine_pm.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_engine_pm.h drm/i915: Defer final intel_wakeref_put to process context 2019-08-08 21:28:51 +01:00
intel_engine_pool_types.h drm/i915: Replace struct_mutex for batch pool serialisation 2019-08-04 14:31:18 +01:00
intel_engine_pool.c drm/i915: Coordinate i915_active with its own mutex 2019-10-04 15:39:12 +01:00
intel_engine_pool.h drm/i915: Mark i915_request.timeline as a volatile, rcu pointer 2019-09-20 10:24:09 +01:00
intel_engine_types.h drm/i915/gt: Make timeslice duration configurable 2019-10-29 16:23:55 +00:00
intel_engine_user.c drm/i915: Make for_each_engine_masked work on intel_gt 2019-10-18 00:06:25 +01:00
intel_engine_user.h drm/i915: Rename engines to match their user interface 2019-08-07 14:30:55 +01:00
intel_engine.h drm/i915/gt: Make timeslice duration configurable 2019-10-29 16:23:55 +00:00
intel_gpu_commands.h drm/i915/tgl: Add HDC Pipeline Flush 2019-10-15 18:15:59 +01:00
intel_gt_irq.c drm/i915: Extract GT render power state management 2019-10-26 19:28:59 +01:00
intel_gt_irq.h drm/i915: Extract general GT interrupt handlers 2019-08-12 15:36:13 +01:00
intel_gt_pm_irq.c drm/i915: Extract general GT interrupt handlers 2019-08-12 15:36:13 +01:00
intel_gt_pm_irq.h drm/i915: Extract GT powermanagement interrupt handling 2019-08-12 15:36:06 +01:00
intel_gt_pm.c drm/i915/gt: Drop false assertion on user_forcewake 2019-11-04 09:40:25 +00:00
intel_gt_pm.h drm/i915: Defer rc6 shutdown to suspend_late 2019-11-01 14:47:36 +00:00
intel_gt_requests.c drm/i915: Pass in intel_gt at some for_each_engine sites 2019-10-18 00:06:27 +01:00
intel_gt_requests.h drm/i915: Move request runtime management onto gt 2019-10-04 15:39:26 +01:00
intel_gt_types.h drm/i915: Extract GT render power state management 2019-10-26 19:28:59 +01:00
intel_gt.c drm/i915/gt: Call intel_gt_sanitize() directly 2019-11-01 14:47:36 +00:00
intel_gt.h drm/i915/gt: Call intel_gt_sanitize() directly 2019-11-01 14:47:36 +00:00
intel_llc_types.h drm/i915: Extract GT ring management 2019-10-20 20:45:18 +01:00
intel_llc.c drm/i915: Extract GT render power state management 2019-10-26 19:28:59 +01:00
intel_llc.h drm/i915: Extract GT ring management 2019-10-20 20:45:18 +01:00
intel_lrc_reg.h drm/i915/execlists: Verify context register state before execution 2019-11-02 13:39:13 +00:00
intel_lrc.c drm/i915/execlists: Reset CSB pointers by mmio as well 2019-11-04 15:54:26 +00:00
intel_lrc.h drm/i915: drop lrc header page 2019-10-31 16:47:22 +00:00
intel_mocs.c drm/i915: do not set MOCS control values on dgfx 2019-10-25 13:55:49 -07:00
intel_mocs.h drm/i915: Do initial mocs configuration directly 2019-10-16 19:35:37 +01:00
intel_rc6_types.h drm/i915: Extract GT render sleep (rc6) management 2019-09-27 13:01:57 +01:00
intel_rc6.c drm/i915/icl: Refine PG_HYSTERESIS 2019-11-11 11:06:59 +00:00
intel_rc6.h drm/i915: Extract GT render sleep (rc6) management 2019-09-27 13:01:57 +01:00
intel_renderstate.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_renderstate.h drm/i915: Move the renderstate setup under gt/ 2019-07-04 11:48:22 +01:00
intel_reset_types.h drm/i915: Define explicit wedged on init reset state 2019-09-26 18:44:35 +01:00
intel_reset.c drm/i915/gt: Replace hangcheck by heartbeats 2019-10-23 23:52:10 +01:00
intel_reset.h drm/i915: Pass intel_gt to has-reset? 2019-09-27 23:25:14 +01:00
intel_ring_submission.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_ring_types.h drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_ring.c drm/i915: don't allocate the ring in stolen if we lack aperture 2019-10-29 10:35:47 +00:00
intel_ring.h drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
intel_rps_types.h drm/i915: Extract GT render power state management 2019-10-26 19:28:59 +01:00
intel_rps.c drm/i915/gt: Always track callers to intel_rps_mark_interactive() 2019-10-30 13:23:00 +00:00
intel_rps.h drm/i915/gt: Always track callers to intel_rps_mark_interactive() 2019-10-30 13:23:00 +00:00
intel_sseu.c drm/i915: Expand subslice mask 2019-08-23 19:14:27 +01:00
intel_sseu.h drm/i915/tgl: s/ss/eu fuse reading support 2019-09-21 08:31:08 +01:00
intel_timeline_types.h drm/i915: Coordinate i915_active with its own mutex 2019-10-04 15:39:12 +01:00
intel_timeline.c drm/i915/gt: Pull timeline initialise to intel_gt_init_early 2019-11-01 14:47:36 +00:00
intel_timeline.h drm/i915/gt: Pull timeline initialise to intel_gt_init_early 2019-11-01 14:47:36 +00:00
intel_workarounds_types.h drm/i915: Add engine name to workaround debug print 2019-07-12 09:55:30 +01:00
intel_workarounds.c drm/i915/tgl: whitelist PS_(DEPTH|INVOCATION)_COUNT 2019-10-24 23:34:38 +01:00
intel_workarounds.h drm/i915: Convert gt workarounds to intel_gt 2019-06-21 13:48:25 +01:00
Makefile drm/i915: use upstream version of header tests 2019-07-30 12:11:57 +03:00
mock_engine.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
mock_engine.h
selftest_context.c drm/i915/selftests: Complete transition to a real struct file mock 2019-11-08 10:17:41 +00:00
selftest_engine_cs.c drm/i915: Rename engines to match their user interface 2019-08-07 14:30:55 +01:00
selftest_engine_heartbeat.c drm/i915/selftests: Flush all active callbacks 2019-11-02 08:34:53 +00:00
selftest_engine_pm.c drm/i915: Pass in intel_gt at some for_each_engine sites 2019-10-18 00:06:27 +01:00
selftest_engine.c drm/i915: Defer final intel_wakeref_put to process context 2019-08-08 21:28:51 +01:00
selftest_engine.h drm/i915: Defer final intel_wakeref_put to process context 2019-08-08 21:28:51 +01:00
selftest_gt_pm.c drm/i915/selftests: Add intel_gt_suspend_prepare 2019-11-01 18:52:23 +00:00
selftest_hangcheck.c drm/i915/selftests: Complete transition to a real struct file mock 2019-11-08 10:17:41 +00:00
selftest_llc.c drm/i915: Extract GT render power state management 2019-10-26 19:28:59 +01:00
selftest_llc.h drm/i915: Extract GT ring management 2019-10-20 20:45:18 +01:00
selftest_lrc.c drm/i915/execlists: Verify context register state before execution 2019-11-02 13:39:13 +00:00
selftest_reset.c drm/i915/selftests: Flush interrupts before disabling tasklets 2019-10-24 09:18:52 +01:00
selftest_timeline.c drm/i915/gt: Split intel_ring_submission 2019-10-24 12:14:21 +01:00
selftest_workarounds.c drm/i915/selftests: Complete transition to a real struct file mock 2019-11-08 10:17:41 +00:00