From patchwork Thu Jun 22 10:14:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Hellstr=C3=B6m?= X-Patchwork-Id: 111619 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:6358:7691:b0:132:7a2a:f0f2 with SMTP id e17csp685706rwg; Thu, 22 Jun 2023 04:21:14 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7S6WVm7uzLLrFCbdnScWwxZKlw2gBgyhm+oAiBSMIjhlE53PbR9JZi62QbwcIMTYYJW3d5 X-Received: by 2002:a17:90a:7641:b0:25b:ca75:8f44 with SMTP id s1-20020a17090a764100b0025bca758f44mr11565843pjl.4.1687432874393; Thu, 22 Jun 2023 04:21:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687432874; cv=none; d=google.com; s=arc-20160816; b=oHB5kaKHDo9YAbkjxktEs+okSO8Ux/rXZvzSOE0dPZrrfVCwCVdmjEtIDnmKqBbeI5 TUSJm1YRsYriRupYpVfSWhrbS5p1+nkfVEV0Z5YMlKlZmXjDqIkVSAWmMZCrYXsPxmYI +vkId39EDTvBE0ARtMFMtM22xfFtA4p+FxkQzxQ6A6KYQStpEeuh7Kt463Ebct+2YeYy G3NzwMrKMFBhdchhwO1GvvNi4ClOIlGXsU1YsBsP/9i0xDLN9jrWN+H6bIiCKZqHDzu+ MhtCSXPaxt/XZMKnLqQ1IcEt4wMdh65gdPTO9oU+UjJFsAovgg9z9w2/vMZHSom/WZm8 7RZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=lJ9YzZAPtvNrpOvGcMNi33mVHyp0WxKwa+jGmWWQiaU=; b=uqFiVqOa8vYEJ/xdO5KuCFMwZ/WDKplD9Hhdqo2tOcqlpIppThGmzEQbn6+RGrbXBH ssgzVffKDs7I4Ih5xfDekPQATtmswmYyFcwRVCT4QWTKVpSUYDdYzbrgGxdAJY3HztYf PSvKbERHPN9DqE4tIBuOXRGoSsHgf27L8eM9fFGa5HbpKREafMHNaeUA8bUlFCqEzX2Q 5eQmkzCxZH2DCtxZq6xGOPkYMBI8i2vJi5R6YLXrbx/ax+ERELI3/3pUyn8Se9HQetHH uOTgGTi/z9996a+N3nOVzKpFY8CL1tqulcBGAywI8C5IYZudHq8/B5TLnWSGZP0+b85g LPhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LwMAQKvt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j14-20020a170902da8e00b001b414fae35csi1718087plx.497.2023.06.22.04.21.01; Thu, 22 Jun 2023 04:21:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=LwMAQKvt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231285AbjFVKUg (ORCPT + 99 others); Thu, 22 Jun 2023 06:20:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231338AbjFVKUa (ORCPT ); Thu, 22 Jun 2023 06:20:30 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 76347129; Thu, 22 Jun 2023 03:20:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687429229; x=1718965229; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=c8zPgWJY6SC59lOQdr8vPRntj39QqPiFfis3EjYD9Kg=; b=LwMAQKvtcZhuDOQH1R2vws66cc4M1XcmYLXMOxT3DEG6/VZa4+ukRVLs 74siwR0iFb616+6wuwKSbFqBaKkvmyWlsSnUSmWN0zv8Ug67X7DA/QerU OH2cgvaCGoIq0n3pdzLjkL0uqijAKUPb2Nt4+qWBzNooc6y0xV/R7i+Ma dJBHaMzM37c0GaVV88tqdvc63r/YgTOH9hT/4CyNe65/lUbsSfa9BVl1l cyfPeYOmbXTdewvUBLdDDIJdM114Awt5sJx9jHHNyDq+garW7vy31Y5aE L7USmQdeAej/8fDXw8QFqTtkgIxcu6JWS3NfcD2hzDzisaX75eiyv0qVF A==; X-IronPort-AV: E=McAfee;i="6600,9927,10748"; a="345182171" X-IronPort-AV: E=Sophos;i="6.00,263,1681196400"; d="scan'208";a="345182171" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 03:14:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10748"; a="692193823" X-IronPort-AV: E=Sophos;i="6.00,263,1681196400"; d="scan'208";a="692193823" Received: from shari19x-mobl1.gar.corp.intel.com (HELO thellstr-mobl1.intel.com) ([10.249.254.173]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2023 03:14:42 -0700 From: =?utf-8?q?Thomas_Hellstr=C3=B6m?= To: intel-xe@lists.freedesktop.org Cc: =?utf-8?q?Thomas_Hellstr=C3=B6m?= , =?utf-8?q?Christian_K=C3=B6nig?= , =?utf-8?q?Chri?= =?utf-8?q?stian_K=C3=B6nig?= , Daniel Vetter , dri-devel@lists.freedesktop.org, stable@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/4] drm/ttm: Fix ttm_lru_bulk_move_pos_tail() Date: Thu, 22 Jun 2023 12:14:09 +0200 Message-Id: <20230622101412.78426-2-thomas.hellstrom@linux.intel.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230622101412.78426-1-thomas.hellstrom@linux.intel.com> References: <20230622101412.78426-1-thomas.hellstrom@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1769401613428898367?= X-GMAIL-MSGID: =?utf-8?q?1769401613428898367?= The value of pos->first was not updated when the first resource of the range was moved. This could lead to errors like the one below. Fix this by updating pos->first when needed. <3> [218.963342] BUG: KASAN: null-ptr-deref in ttm_lru_bulk_move_del+0xc5/0x180 [ttm] <3> [218.963456] Read of size 8 at addr 0000000000000038 by task xe_evict/1529 <3> [218.963546] <3> [218.963566] CPU: 0 PID: 1529 Comm: xe_evict Not tainted 6.3.0-xe #1 <3> [218.963664] Hardware name: Intel Corporation Tiger Lake Client Platform/TigerLake H DDR4 SODIMM RVP, BIOS TGLSFWI1.R00.4064.A00.2102041619 02/04/2021 <3> [218.963841] Call Trace: <3> [218.963881] <3> [218.963915] dump_stack_lvl+0x64/0xb0 <3> [218.963976] print_report+0x3e5/0x600 <3> [218.964036] ? ttm_lru_bulk_move_del+0xc5/0x180 [ttm] <3> [218.964127] kasan_report+0x96/0xc0 <3> [218.964183] ? ttm_lru_bulk_move_del+0xc5/0x180 [ttm] <3> [218.964276] ttm_lru_bulk_move_del+0xc5/0x180 [ttm] <3> [218.964365] ttm_bo_set_bulk_move+0x92/0x140 [ttm] <3> [218.964454] xe_gem_object_close+0xc8/0x120 [xe] <3> [218.964675] ? __pfx_xe_gem_object_close+0x10/0x10 [xe] <3> [218.964908] ? drm_gem_object_handle_put_unlocked+0xc7/0x170 [drm] <3> [218.965071] drm_gem_object_release_handle+0x45/0x80 [drm] <3> [218.965220] ? __pfx_drm_gem_object_release_handle+0x10/0x10 [drm] <3> [218.965381] idr_for_each+0xc9/0x180 <3> [218.965437] ? __pfx_idr_for_each+0x10/0x10 <3> [218.965504] drm_gem_release+0x20/0x30 [drm] <3> [218.965637] drm_file_free.part.0+0x4cb/0x4f0 [drm] <3> [218.965778] ? drm_close_helper.isra.0+0xb7/0xe0 [drm] <3> [218.965921] drm_release_noglobal+0x49/0x90 [drm] <3> [218.966061] __fput+0x122/0x450 <3> [218.966115] task_work_run+0xfe/0x190 <3> [218.966175] ? __pfx_task_work_run+0x10/0x10 <3> [218.966239] ? do_raw_spin_unlock+0xa7/0x140 <3> [218.966308] do_exit+0x55f/0x1430 <3> [218.966364] ? __pfx_lock_release+0x10/0x10 <3> [218.966431] ? do_raw_spin_lock+0x11d/0x1e0 <3> [218.966498] ? __pfx_do_exit+0x10/0x10 <3> [218.966554] ? __pfx_do_raw_spin_lock+0x10/0x10 <3> [218.966625] ? mark_held_locks+0x24/0x90 <3> [218.966688] ? lockdep_hardirqs_on_prepare+0x136/0x210 <3> [218.966768] do_group_exit+0x68/0x110 <3> [218.966828] __x64_sys_exit_group+0x2c/0x30 <3> [218.966896] do_syscall_64+0x3c/0x90 <3> [218.966955] entry_SYSCALL_64_after_hwframe+0x72/0xdc <3> [218.967035] RIP: 0033:0x7f77b194f146 <3> [218.967094] Code: Unable to access opcode bytes at 0x7f77b194f11c. <3> [218.967174] RSP: 002b:00007ffc64791188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 <3> [218.967271] RAX: ffffffffffffffda RBX: 00007f77b1a548a0 RCX: 00007f77b194f146 <3> [218.967364] RDX: 0000000000000062 RSI: 000000000000003c RDI: 0000000000000062 <3> [218.967458] RBP: 0000000000000062 R08: 00000000000000e7 R09: ffffffffffffff78 <3> [218.967553] R10: 0000000000000058 R11: 0000000000000246 R12: 00007f77b1a548a0 <3> [218.967648] R13: 0000000000000003 R14: 00007f77b1a5d2e8 R15: 0000000000000000 <3> [218.967745] Fixes: fee2ede15542 ("drm/ttm: rework bulk move handling v5") Cc: "Christian König" Cc: "Christian König" Cc: Daniel Vetter Cc: dri-devel@lists.freedesktop.org Cc: # v5.19+ Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/411 Signed-off-by: Thomas Hellström --- drivers/gpu/drm/ttm/ttm_resource.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/ttm/ttm_resource.c b/drivers/gpu/drm/ttm/ttm_resource.c index 7333f7a87a2f..cb05e0a36576 100644 --- a/drivers/gpu/drm/ttm/ttm_resource.c +++ b/drivers/gpu/drm/ttm/ttm_resource.c @@ -86,6 +86,8 @@ static void ttm_lru_bulk_move_pos_tail(struct ttm_lru_bulk_move_pos *pos, struct ttm_resource *res) { if (pos->last != res) { + if (pos->first == res) + pos->first = list_next_entry(res, lru); list_move(&res->lru, &pos->last->lru); pos->last = res; }