iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5e51cc0005
linux/drivers
History
Tvrtko Ursulin 5e51cc0005 dma-resv: Fix dma_resv_get_fences and dma_resv_copy_fences after conversion 
Cache the count of shared fences in the iterator to avoid dereferencing
the dma_resv_object outside the RCU protection. Otherwise iterator and its
users can observe an incosistent state which makes it impossible to use
safely. Such as:

<6> [187.517041] [IGT] gem_sync: executing
<7> [187.536343] i915 0000:00:02.0: [drm:i915_gem_context_create_ioctl [i915]] HW context 1 created
<7> [187.536793] i915 0000:00:02.0: [drm:i915_gem_context_create_ioctl [i915]] HW context 1 created
<6> [187.551235] [IGT] gem_sync: starting subtest basic-many-each
<1> [188.935462] BUG: kernel NULL pointer dereference, address: 0000000000000010
<1> [188.935485] #PF: supervisor write access in kernel mode
<1> [188.935495] #PF: error_code(0x0002) - not-present page
<6> [188.935504] PGD 0 P4D 0
<4> [188.935512] Oops: 0002 [#1] PREEMPT SMP NOPTI
<4> [188.935521] CPU: 2 PID: 1467 Comm: gem_sync Not tainted 5.15.0-rc4-CI-Patchwork_21264+ #1
<4> [188.935535] Hardware name:  /NUC6CAYB, BIOS AYAPLCEL.86A.0049.2018.0508.1356 05/08/2018
<4> [188.935546] RIP: 0010:dma_resv_get_fences+0x116/0x2d0
<4> [188.935560] Code: 10 85 c0 7f c9 be 03 00 00 00 e8 15 8b df ff eb bd e8 8e c6 ff ff eb b6 41 8b 04 24 49 8b 55 00 48 89 e7 8d 48 01 41 89 0c 24 <4c> 89 34 c2 e8 41 f2 ff ff 49 89 c6 48 85 c0 75 8c 48 8b 44 24 10
<4> [188.935583] RSP: 0018:ffffc900011dbcc8 EFLAGS: 00010202
<4> [188.935593] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: 0000000000000001
<4> [188.935603] RDX: 0000000000000010 RSI: ffffffff822e343c RDI: ffffc900011dbcc8
<4> [188.935613] RBP: ffffc900011dbd48 R08: ffff88812d255bb8 R09: 00000000fffffffe
<4> [188.935623] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc900011dbd44
<4> [188.935633] R13: ffffc900011dbd50 R14: ffff888113d29cc0 R15: 0000000000000000
<4> [188.935643] FS:  00007f68d17e9700(0000) GS:ffff888277900000(0000) knlGS:0000000000000000
<4> [188.935655] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4> [188.935665] CR2: 0000000000000010 CR3: 000000012d0a4000 CR4: 00000000003506e0
<4> [188.935676] Call Trace:
<4> [188.935685]  i915_gem_object_wait+0x1ff/0x410 [i915]
<4> [188.935988]  i915_gem_wait_ioctl+0xf2/0x2a0 [i915]
<4> [188.936272]  ? i915_gem_object_wait+0x410/0x410 [i915]
<4> [188.936533]  drm_ioctl_kernel+0xae/0x140
<4> [188.936546]  drm_ioctl+0x201/0x3d0
<4> [188.936555]  ? i915_gem_object_wait+0x410/0x410 [i915]
<4> [188.936820]  ? __fget_files+0xc2/0x1c0
<4> [188.936830]  ? __fget_files+0xda/0x1c0
<4> [188.936839]  __x64_sys_ioctl+0x6d/0xa0
<4> [188.936848]  do_syscall_64+0x3a/0xb0
<4> [188.936859]  entry_SYSCALL_64_after_hwframe+0x44/0xae

If the shared object has changed during the RCU unlocked period
callers will correctly handle the restart on the next iteration.

Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Fixes: 96601e8a47 ("dma-buf: use new iterator in dma_resv_copy_fences")
Fixes: d3c80698c9 ("dma-buf: use new iterator in dma_resv_get_fences v3")
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/4274
Cc: Christian König <christian.koenig@amd.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: linux-media@vger.kernel.org
Cc: dri-devel@lists.freedesktop.org
Cc: linaro-mm-sig@lists.linaro.org
Link: https://patchwork.freedesktop.org/patch/msgid/20211008095007.972693-1-tvrtko.ursulin@linux.intel.com
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Christian König <christian.koenig@amd.com>
2021-10-11 16:14:08 +02:00
..
accessibility
acpi Additional ACPI updates for 5.15-rc1 2021-09-10 13:29:04 -07:00
amba
android
ata libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. 2021-09-03 08:06:02 -06:00
atm
auxdisplay
base Merge branches 'pm-cpufreq', 'pm-sleep' and 'pm-em' 2021-09-10 20:26:08 +02:00
bcma Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
block virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
bluetooth
bus ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
cdrom
char IPMI: A couple of very minor fixes for style and rate limiting 2021-09-12 11:44:58 -07:00
clk One patch to fix an unused variable warning in a Qualcomm clk driver. 2021-09-11 10:05:56 -07:00
clocksource - converted Pistachio platform to use MIPS generic kernel 2021-09-03 11:11:54 -07:00
comedi
connector
counter
cpufreq Merge branches 'pm-cpufreq', 'pm-sleep' and 'pm-em' 2021-09-10 20:26:08 +02:00
cpuidle - Core Frameworks 2021-09-07 12:38:59 -07:00
crypto pci-v5.15-changes 2021-09-07 19:13:42 -07:00
cxl cxl for v5.15 2021-09-09 11:48:27 -07:00
dax libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
dca
devfreq devfreq: use HZ macros 2021-09-08 11:50:26 -07:00
dio
dma dmaengine updates for v5.15-rc1 2021-09-09 11:07:47 -07:00
dma-buf dma-resv: Fix dma_resv_get_fences and dma_resv_copy_fences after conversion 2021-10-11 16:14:08 +02:00
edac Updates to the interrupt core and driver subsystems: 2021-08-30 14:38:37 -07:00
eisa
extcon
firewire FireWire (IEEE 1394) subsystem updates: 2021-09-11 09:47:33 -07:00
firmware - Add the tegra3 thermal sensor and fix the compilation testing on 2021-09-11 09:20:57 -07:00
fpga Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
fsi
gnss
gpio gpio updates for v5.15 2021-09-07 12:27:27 -07:00
gpu drm/nouveau/nouveau_bo: Remove unused variables 'dev' 2021-10-11 13:06:50 +02:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2021-09-02 14:30:46 -07:00
hsi
hv hyperv-next for 5.15 2021-09-01 18:25:20 -07:00
hwmon Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
hwspinlock
hwtracing Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
i2c platform-drivers-x86 for v5.15-1 2021-09-02 13:49:39 -07:00
i3c
idle
iio Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
infiniband RDMA v5.15 merge window 2nd Pull Request 2021-09-09 11:14:14 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2021-09-11 09:08:28 -07:00
interconnect interconnect changes for 5.15 2021-08-24 15:33:04 +02:00
iommu virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
ipack TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
irqchip Merge branch irq/qcom-pdc-nowake-cleanup into irq/irqchip-next 2021-08-23 09:50:46 +01:00
isdn Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
leds
macintosh Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
mailbox mailbox: cmdq: add multi-gce clocks support for mt8195 2021-08-31 22:57:45 -05:00
mcb
md libnvdimm for v5.15 2021-09-09 11:39:57 -07:00
media Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
memory
memstick Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
message
mfd - Core Frameworks 2021-09-07 12:38:59 -07:00
misc Misc driver fix for 5.15-rc1 2021-09-12 11:56:00 -07:00
mmc Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
most
mtd Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
mux
net pci-v5.15-changes 2021-09-07 19:13:42 -07:00
nfc nfc: st95hf: remove unused header includes 2021-08-26 09:13:36 +01:00
ntb Bug fixes and clean-ups for Linux v5.15 2021-09-07 13:05:02 -07:00
nubus
nvdimm cxl for v5.15 2021-09-09 11:48:27 -07:00
nvme nvme: add error handling support for add_disk() 2021-09-06 10:08:09 +02:00
nvmem
of of: property: Disable fw_devlink DT support for X86 2021-09-10 11:21:49 -05:00
opp Merge branches 'pm-pci', 'pm-sleep', 'pm-domains' and 'powercap' 2021-08-30 19:25:42 +02:00
parisc parisc: Move pci_dev_is_behind_card_dino to where it is used 2021-09-09 12:44:31 +02:00
parport parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
pci More ACPI updates for 5.15-rc1 2021-09-08 16:33:21 -07:00
pcmcia
perf
phy Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
pinctrl Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
platform chrome platform changes for 5.15 2021-09-08 16:43:46 -07:00
pnp
power power supply and reset changes for the v5.15 series 2021-08-30 11:47:32 -07:00
powercap powercap: Add Power Limit4 support for Alder Lake SoC 2021-08-25 20:12:16 +02:00
pps
ps3
ptp ptp: ocp: Simplify Kconfig. 2021-08-26 12:06:42 +01:00
pwm pwm: mtk-disp: Implement atomic API .get_state() 2021-09-02 22:27:46 +02:00
rapidio
ras
regulator Merge remote-tracking branch 'regulator/for-5.14' into regulator-linus 2021-08-25 16:05:24 +01:00
remoteproc
reset ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
rpmsg
rtc rtc: rx8010: select REGMAP_I2C 2021-09-09 10:18:40 +02:00
s390 2nd batch of s390 updates for 5.15 merge window 2021-09-09 12:55:12 -07:00
sbus
scsi pci-v5.15-changes 2021-09-07 19:13:42 -07:00
sh
siox
slimbus Driver core update for 5.15-rc1 2021-09-01 08:44:42 -07:00
soc ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
soundwire sound updates for 5.15-rc1 2021-09-01 10:29:29 -07:00
spi ARM: SoC drivers for 5.15 2021-09-01 15:25:28 -07:00
spmi
ssb
staging Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
target SCSI misc on 20210902 2021-09-02 15:09:46 -07:00
tc
tee
thermal - Add the tegra3 thermal sensor and fix the compilation testing on 2021-09-11 09:20:57 -07:00
thunderbolt thunderbolt: test: split up test cases in tb_test_credit_alloc_all 2021-09-06 12:27:03 -07:00
tty parisc architecture updates for kernel 5.15: 2021-09-02 13:16:00 -07:00
uio
usb Merge drm/drm-next into drm-misc-next 2021-09-14 09:25:30 +02:00
vdpa virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
vfio VFIO update for v5.15-rc1 2021-09-02 13:41:33 -07:00
vhost virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
video fbdev: fbmem: Fix double free of 'fb_info->pixmap.addr' 2021-10-10 09:50:32 +02:00
virt
virtio virtio,vdpa,vhost: features, fixes 2021-09-11 14:48:42 -07:00
visorbus
vlynq
vme
w1
watchdog
xen Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
zorro
Kconfig
Makefile