1. 21 Mar, 2022 1 commit
    • Zack Rusin's avatar
      drm/ttm: Fix a kernel oops due to an invalid read · 1d204ee1
      Zack Rusin authored
      The res is initialized here only if there's no errors so passing it to
      ttm_resource_fini in the error paths results in a kernel oops. In the
      error paths, instead of the unitialized res, we have to use to use
      node->base on which ttm_resource_init was called.
      
      Sample affected backtrace:
      Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d8
       Mem abort info:
         ESR = 0x96000004
         EC = 0x25: DABT (current EL), IL = 32 bits
         SET = 0, FnV = 0
         EA = 0, S1PTW = 0
         FSC = 0x04: level 0 translation fault
       Data abort info:
         ISV = 0, ISS = 0x00000004
         CM = 0, WnR = 0
       user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106ac0000
       [00000000000000d8] pgd=0000000000000000, p4d=0000000000000000
       Internal error: Oops: 96000004 [#1] SMP
       Modules linked in: bnep vsock_loopback vmw_vsock_virtio_transport_common
       vsock snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_hda_codec
       snd_hwdep >
       CPU: 0 PID: 1197 Comm: gnome-shell Tainted: G    U  5.17.0-rc2-vmwgfx #2
       Hardware name: VMware, Inc. VBSA/VBSA, BIOS VEFI 12/31/2020
       pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
       pc : ttm_resource_fini+0x5c/0xac [ttm]
       lr : ttm_range_man_alloc+0x128/0x1e0 [ttm]
       sp : ffff80000d783510
       x29: ffff80000d783510 x28: 0000000000000000 x27: ffff000086514400
       x26: 0000000000000300 x25: ffff0000809f9e78 x24: 0000000000000000
       x23: ffff80000d783680 x22: ffff000086514400 x21: 00000000ffffffe4
       x20: ffff80000d7836a0 x19: ffff0000809f9e00 x18: 0000000000000000
       x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
       x14: 0000000000000000 x13: 0000000000000800 x12: ffff0000f2600a00
       x11: 000000000000fc96 x10: 0000000000000000 x9 : ffff800001295c18
       x8 : 0000000000000000 x7 : 0000000000000300 x6 : 0000000000000000
       x5 : 0000000000000000 x4 : ffff0000f1034e20 x3 : ffff0000f1034600
       x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000600000
       Call trace:
        ttm_resource_fini+0x5c/0xac [ttm]
        ttm_range_man_alloc+0x128/0x1e0 [ttm]
        ttm_resource_alloc+0x58/0x90 [ttm]
        ttm_bo_mem_space+0xc8/0x3e4 [ttm]
        ttm_bo_validate+0xb4/0x134 [ttm]
        vmw_bo_pin_in_start_of_vram+0xbc/0x200 [vmwgfx]
        vmw_framebuffer_pin+0xc0/0x154 [vmwgfx]
        vmw_ldu_primary_plane_atomic_update+0x8c/0x6e0 [vmwgfx]
        drm_atomic_helper_commit_planes+0x11c/0x2e0
        drm_atomic_helper_commit_tail+0x60/0xb0
        commit_tail+0x1b0/0x210
        drm_atomic_helper_commit+0x168/0x400
        drm_atomic_commit+0x64/0x74
        drm_atomic_helper_set_config+0xdc/0x11c
        drm_mode_setcrtc+0x1c4/0x780
        drm_ioctl_kernel+0xd0/0x1a0
        drm_ioctl+0x2c4/0x690
        vmw_generic_ioctl+0xe0/0x174 [vmwgfx]
        vmw_unlocked_ioctl+0x24/0x30 [vmwgfx]
        __arm64_sys_ioctl+0xb4/0x100
        invoke_syscall+0x78/0x100
        el0_svc_common.constprop.0+0x54/0x184
        do_el0_svc+0x34/0x9c
        el0_svc+0x48/0x1b0
        el0t_64_sync_handler+0xa4/0x130
        el0t_64_sync+0x1a4/0x1a8
       Code: 35000260 f9401a81 52800002 f9403a60 (f9406c23)
       ---[ end trace 0000000000000000 ]---
      Signed-off-by: default avatarZack Rusin <zackr@vmware.com>
      Fixes: de3688e4 ("drm/ttm: add ttm_resource_fini v2")
      Cc: Christian König <christian.koenig@amd.com>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Reviewed-by: default avatarMartin Krastev <krastevm@vmware.com>
      Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
      Signed-off-by: default avatarChristian König <christian.koenig@amd.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/20220318174332.440068-6-zack@kde.org
      1d204ee1
  2. 11 Mar, 2022 1 commit
  3. 09 Mar, 2022 6 commits
  4. 08 Mar, 2022 7 commits
  5. 07 Mar, 2022 3 commits
  6. 05 Mar, 2022 2 commits
  7. 04 Mar, 2022 20 commits