* [PATCH] drm/syncobj: Fix use-after-free
@ 2021-01-19 13:03 ` Daniel Vetter
0 siblings, 0 replies; 12+ messages in thread
From: Daniel Vetter @ 2021-01-19 13:03 UTC (permalink / raw)
To: DRI Development
Cc: Intel Graphics Development, Daniel Vetter, Daniel Vetter,
Christian König, Lionel Landwerlin, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Daniel Vetter,
stable
While reviewing Christian's annotation patch I noticed that we have a
user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj
reference before we've completed the waiting.
Of course usually there's nothing bad happening here since userspace
keeps the reference, but we can't rely on userspace to play nice here!
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4")
Cc: Christian König <christian.koenig@amd.com>
Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.2+
---
drivers/gpu/drm/drm_syncobj.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c
index 6e74e6745eca..349146049849 100644
--- a/drivers/gpu/drm/drm_syncobj.c
+++ b/drivers/gpu/drm/drm_syncobj.c
@@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private,
return -ENOENT;
*fence = drm_syncobj_fence_get(syncobj);
- drm_syncobj_put(syncobj);
if (*fence) {
ret = dma_fence_chain_find_seqno(fence, point);
if (!ret)
- return 0;
+ goto out;
dma_fence_put(*fence);
} else {
ret = -EINVAL;
}
if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT))
- return ret;
+ goto out;
memset(&wait, 0, sizeof(wait));
wait.task = current;
@@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private,
if (wait.node.next)
drm_syncobj_remove_wait(syncobj, &wait);
+out:
+ drm_syncobj_put(syncobj);
+
return ret;
}
EXPORT_SYMBOL(drm_syncobj_find_fence);
--
2.30.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [Intel-gfx] [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-19 13:03 ` Daniel Vetter 0 siblings, 0 replies; 12+ messages in thread From: Daniel Vetter @ 2021-01-19 13:03 UTC (permalink / raw) To: DRI Development Cc: David Airlie, Daniel Vetter, Intel Graphics Development, Maxime Ripard, Thomas Zimmermann, Daniel Vetter, stable, Christian König While reviewing Christian's annotation patch I noticed that we have a user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj reference before we've completed the waiting. Of course usually there's nothing bad happening here since userspace keeps the reference, but we can't rely on userspace to play nice here! Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") Cc: Christian König <christian.koenig@amd.com> Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: David Airlie <airlied@linux.ie> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: dri-devel@lists.freedesktop.org Cc: <stable@vger.kernel.org> # v5.2+ --- drivers/gpu/drm/drm_syncobj.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 6e74e6745eca..349146049849 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, return -ENOENT; *fence = drm_syncobj_fence_get(syncobj); - drm_syncobj_put(syncobj); if (*fence) { ret = dma_fence_chain_find_seqno(fence, point); if (!ret) - return 0; + goto out; dma_fence_put(*fence); } else { ret = -EINVAL; } if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) - return ret; + goto out; memset(&wait, 0, sizeof(wait)); wait.task = current; @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, if (wait.node.next) drm_syncobj_remove_wait(syncobj, &wait); +out: + drm_syncobj_put(syncobj); + return ret; } EXPORT_SYMBOL(drm_syncobj_find_fence); -- 2.30.0 _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-19 13:03 ` Daniel Vetter 0 siblings, 0 replies; 12+ messages in thread From: Daniel Vetter @ 2021-01-19 13:03 UTC (permalink / raw) To: DRI Development Cc: David Airlie, Daniel Vetter, Intel Graphics Development, Thomas Zimmermann, Daniel Vetter, stable, Christian König While reviewing Christian's annotation patch I noticed that we have a user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj reference before we've completed the waiting. Of course usually there's nothing bad happening here since userspace keeps the reference, but we can't rely on userspace to play nice here! Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") Cc: Christian König <christian.koenig@amd.com> Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Maxime Ripard <mripard@kernel.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: David Airlie <airlied@linux.ie> Cc: Daniel Vetter <daniel@ffwll.ch> Cc: dri-devel@lists.freedesktop.org Cc: <stable@vger.kernel.org> # v5.2+ --- drivers/gpu/drm/drm_syncobj.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c index 6e74e6745eca..349146049849 100644 --- a/drivers/gpu/drm/drm_syncobj.c +++ b/drivers/gpu/drm/drm_syncobj.c @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, return -ENOENT; *fence = drm_syncobj_fence_get(syncobj); - drm_syncobj_put(syncobj); if (*fence) { ret = dma_fence_chain_find_seqno(fence, point); if (!ret) - return 0; + goto out; dma_fence_put(*fence); } else { ret = -EINVAL; } if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) - return ret; + goto out; memset(&wait, 0, sizeof(wait)); wait.task = current; @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, if (wait.node.next) drm_syncobj_remove_wait(syncobj, &wait); +out: + drm_syncobj_put(syncobj); + return ret; } EXPORT_SYMBOL(drm_syncobj_find_fence); -- 2.30.0 _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH] drm/syncobj: Fix use-after-free 2021-01-19 13:03 ` Daniel Vetter (?) @ 2021-01-19 13:08 ` Christian König -1 siblings, 0 replies; 12+ messages in thread From: Christian König @ 2021-01-19 13:08 UTC (permalink / raw) To: Daniel Vetter, DRI Development Cc: Intel Graphics Development, Daniel Vetter, Lionel Landwerlin, Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann, David Airlie, Daniel Vetter, stable Am 19.01.21 um 14:03 schrieb Daniel Vetter: > While reviewing Christian's annotation patch I noticed that we have a > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > reference before we've completed the waiting. > > Of course usually there's nothing bad happening here since userspace > keeps the reference, but we can't rely on userspace to play nice here! > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > Cc: Christian König <christian.koenig@amd.com> > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: David Airlie <airlied@linux.ie> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: dri-devel@lists.freedesktop.org > Cc: <stable@vger.kernel.org> # v5.2+ Reviewed-by: Christian König <christian.koenig@amd.com> > --- > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > index 6e74e6745eca..349146049849 100644 > --- a/drivers/gpu/drm/drm_syncobj.c > +++ b/drivers/gpu/drm/drm_syncobj.c > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > - drm_syncobj_put(syncobj); > > if (*fence) { > ret = dma_fence_chain_find_seqno(fence, point); > if (!ret) > - return 0; > + goto out; > dma_fence_put(*fence); > } else { > ret = -EINVAL; > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > - return ret; > + goto out; > > memset(&wait, 0, sizeof(wait)); > wait.task = current; > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > if (wait.node.next) > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > + drm_syncobj_put(syncobj); > + > return ret; > } > EXPORT_SYMBOL(drm_syncobj_find_fence); ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Intel-gfx] [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-19 13:08 ` Christian König 0 siblings, 0 replies; 12+ messages in thread From: Christian König @ 2021-01-19 13:08 UTC (permalink / raw) To: Daniel Vetter, DRI Development Cc: David Airlie, Intel Graphics Development, Maxime Ripard, Thomas Zimmermann, Daniel Vetter, stable Am 19.01.21 um 14:03 schrieb Daniel Vetter: > While reviewing Christian's annotation patch I noticed that we have a > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > reference before we've completed the waiting. > > Of course usually there's nothing bad happening here since userspace > keeps the reference, but we can't rely on userspace to play nice here! > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > Cc: Christian König <christian.koenig@amd.com> > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: David Airlie <airlied@linux.ie> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: dri-devel@lists.freedesktop.org > Cc: <stable@vger.kernel.org> # v5.2+ Reviewed-by: Christian König <christian.koenig@amd.com> > --- > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > index 6e74e6745eca..349146049849 100644 > --- a/drivers/gpu/drm/drm_syncobj.c > +++ b/drivers/gpu/drm/drm_syncobj.c > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > - drm_syncobj_put(syncobj); > > if (*fence) { > ret = dma_fence_chain_find_seqno(fence, point); > if (!ret) > - return 0; > + goto out; > dma_fence_put(*fence); > } else { > ret = -EINVAL; > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > - return ret; > + goto out; > > memset(&wait, 0, sizeof(wait)); > wait.task = current; > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > if (wait.node.next) > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > + drm_syncobj_put(syncobj); > + > return ret; > } > EXPORT_SYMBOL(drm_syncobj_find_fence); _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-19 13:08 ` Christian König 0 siblings, 0 replies; 12+ messages in thread From: Christian König @ 2021-01-19 13:08 UTC (permalink / raw) To: Daniel Vetter, DRI Development Cc: David Airlie, Intel Graphics Development, Thomas Zimmermann, Daniel Vetter, stable Am 19.01.21 um 14:03 schrieb Daniel Vetter: > While reviewing Christian's annotation patch I noticed that we have a > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > reference before we've completed the waiting. > > Of course usually there's nothing bad happening here since userspace > keeps the reference, but we can't rely on userspace to play nice here! > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > Cc: Christian König <christian.koenig@amd.com> > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <mripard@kernel.org> > Cc: Thomas Zimmermann <tzimmermann@suse.de> > Cc: David Airlie <airlied@linux.ie> > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: dri-devel@lists.freedesktop.org > Cc: <stable@vger.kernel.org> # v5.2+ Reviewed-by: Christian König <christian.koenig@amd.com> > --- > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > index 6e74e6745eca..349146049849 100644 > --- a/drivers/gpu/drm/drm_syncobj.c > +++ b/drivers/gpu/drm/drm_syncobj.c > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > - drm_syncobj_put(syncobj); > > if (*fence) { > ret = dma_fence_chain_find_seqno(fence, point); > if (!ret) > - return 0; > + goto out; > dma_fence_put(*fence); > } else { > ret = -EINVAL; > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > - return ret; > + goto out; > > memset(&wait, 0, sizeof(wait)); > wait.task = current; > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > if (wait.node.next) > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > + drm_syncobj_put(syncobj); > + > return ret; > } > EXPORT_SYMBOL(drm_syncobj_find_fence); _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] drm/syncobj: Fix use-after-free 2021-01-19 13:08 ` Christian König (?) @ 2021-01-20 9:28 ` Daniel Vetter -1 siblings, 0 replies; 12+ messages in thread From: Daniel Vetter @ 2021-01-20 9:28 UTC (permalink / raw) To: Christian König Cc: Daniel Vetter, DRI Development, Intel Graphics Development, Daniel Vetter, Lionel Landwerlin, Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann, David Airlie, Daniel Vetter, stable On Tue, Jan 19, 2021 at 02:08:12PM +0100, Christian König wrote: > Am 19.01.21 um 14:03 schrieb Daniel Vetter: > > While reviewing Christian's annotation patch I noticed that we have a > > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > > reference before we've completed the waiting. > > > > Of course usually there's nothing bad happening here since userspace > > keeps the reference, but we can't rely on userspace to play nice here! > > > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > > Cc: Christian König <christian.koenig@amd.com> > > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > > Cc: Maxime Ripard <mripard@kernel.org> > > Cc: Thomas Zimmermann <tzimmermann@suse.de> > > Cc: David Airlie <airlied@linux.ie> > > Cc: Daniel Vetter <daniel@ffwll.ch> > > Cc: dri-devel@lists.freedesktop.org > > Cc: <stable@vger.kernel.org> # v5.2+ > > Reviewed-by: Christian König <christian.koenig@amd.com> Pushed to drm-misc-fixes, thanks for reviewing. -Daniel > > > --- > > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > > index 6e74e6745eca..349146049849 100644 > > --- a/drivers/gpu/drm/drm_syncobj.c > > +++ b/drivers/gpu/drm/drm_syncobj.c > > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > > - drm_syncobj_put(syncobj); > > if (*fence) { > > ret = dma_fence_chain_find_seqno(fence, point); > > if (!ret) > > - return 0; > > + goto out; > > dma_fence_put(*fence); > > } else { > > ret = -EINVAL; > > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > > - return ret; > > + goto out; > > memset(&wait, 0, sizeof(wait)); > > wait.task = current; > > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > if (wait.node.next) > > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > > + drm_syncobj_put(syncobj); > > + > > return ret; > > } > > EXPORT_SYMBOL(drm_syncobj_find_fence); > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Intel-gfx] [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-20 9:28 ` Daniel Vetter 0 siblings, 0 replies; 12+ messages in thread From: Daniel Vetter @ 2021-01-20 9:28 UTC (permalink / raw) To: Christian König Cc: Maxime Ripard, David Airlie, Daniel Vetter, Intel Graphics Development, DRI Development, Thomas Zimmermann, Daniel Vetter, stable On Tue, Jan 19, 2021 at 02:08:12PM +0100, Christian König wrote: > Am 19.01.21 um 14:03 schrieb Daniel Vetter: > > While reviewing Christian's annotation patch I noticed that we have a > > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > > reference before we've completed the waiting. > > > > Of course usually there's nothing bad happening here since userspace > > keeps the reference, but we can't rely on userspace to play nice here! > > > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > > Cc: Christian König <christian.koenig@amd.com> > > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > > Cc: Maxime Ripard <mripard@kernel.org> > > Cc: Thomas Zimmermann <tzimmermann@suse.de> > > Cc: David Airlie <airlied@linux.ie> > > Cc: Daniel Vetter <daniel@ffwll.ch> > > Cc: dri-devel@lists.freedesktop.org > > Cc: <stable@vger.kernel.org> # v5.2+ > > Reviewed-by: Christian König <christian.koenig@amd.com> Pushed to drm-misc-fixes, thanks for reviewing. -Daniel > > > --- > > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > > index 6e74e6745eca..349146049849 100644 > > --- a/drivers/gpu/drm/drm_syncobj.c > > +++ b/drivers/gpu/drm/drm_syncobj.c > > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > > - drm_syncobj_put(syncobj); > > if (*fence) { > > ret = dma_fence_chain_find_seqno(fence, point); > > if (!ret) > > - return 0; > > + goto out; > > dma_fence_put(*fence); > > } else { > > ret = -EINVAL; > > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > > - return ret; > > + goto out; > > memset(&wait, 0, sizeof(wait)); > > wait.task = current; > > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > if (wait.node.next) > > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > > + drm_syncobj_put(syncobj); > > + > > return ret; > > } > > EXPORT_SYMBOL(drm_syncobj_find_fence); > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH] drm/syncobj: Fix use-after-free @ 2021-01-20 9:28 ` Daniel Vetter 0 siblings, 0 replies; 12+ messages in thread From: Daniel Vetter @ 2021-01-20 9:28 UTC (permalink / raw) To: Christian König Cc: David Airlie, Daniel Vetter, Intel Graphics Development, DRI Development, Thomas Zimmermann, Daniel Vetter, stable On Tue, Jan 19, 2021 at 02:08:12PM +0100, Christian König wrote: > Am 19.01.21 um 14:03 schrieb Daniel Vetter: > > While reviewing Christian's annotation patch I noticed that we have a > > user-after-free for the WAIT_FOR_SUBMIT case: We drop the syncobj > > reference before we've completed the waiting. > > > > Of course usually there's nothing bad happening here since userspace > > keeps the reference, but we can't rely on userspace to play nice here! > > > > Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> > > Fixes: bc9c80fe01a2 ("drm/syncobj: use the timeline point in drm_syncobj_find_fence v4") > > Cc: Christian König <christian.koenig@amd.com> > > Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com> > > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > > Cc: Maxime Ripard <mripard@kernel.org> > > Cc: Thomas Zimmermann <tzimmermann@suse.de> > > Cc: David Airlie <airlied@linux.ie> > > Cc: Daniel Vetter <daniel@ffwll.ch> > > Cc: dri-devel@lists.freedesktop.org > > Cc: <stable@vger.kernel.org> # v5.2+ > > Reviewed-by: Christian König <christian.koenig@amd.com> Pushed to drm-misc-fixes, thanks for reviewing. -Daniel > > > --- > > drivers/gpu/drm/drm_syncobj.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_syncobj.c b/drivers/gpu/drm/drm_syncobj.c > > index 6e74e6745eca..349146049849 100644 > > --- a/drivers/gpu/drm/drm_syncobj.c > > +++ b/drivers/gpu/drm/drm_syncobj.c > > @@ -388,19 +388,18 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > return -ENOENT; > > *fence = drm_syncobj_fence_get(syncobj); > > - drm_syncobj_put(syncobj); > > if (*fence) { > > ret = dma_fence_chain_find_seqno(fence, point); > > if (!ret) > > - return 0; > > + goto out; > > dma_fence_put(*fence); > > } else { > > ret = -EINVAL; > > } > > if (!(flags & DRM_SYNCOBJ_WAIT_FLAGS_WAIT_FOR_SUBMIT)) > > - return ret; > > + goto out; > > memset(&wait, 0, sizeof(wait)); > > wait.task = current; > > @@ -432,6 +431,9 @@ int drm_syncobj_find_fence(struct drm_file *file_private, > > if (wait.node.next) > > drm_syncobj_remove_wait(syncobj, &wait); > > +out: > > + drm_syncobj_put(syncobj); > > + > > return ret; > > } > > EXPORT_SYMBOL(drm_syncobj_find_fence); > -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for drm/syncobj: Fix use-after-free 2021-01-19 13:03 ` Daniel Vetter ` (2 preceding siblings ...) (?) @ 2021-01-19 16:34 ` Patchwork -1 siblings, 0 replies; 12+ messages in thread From: Patchwork @ 2021-01-19 16:34 UTC (permalink / raw) To: Daniel Vetter; +Cc: intel-gfx == Series Details == Series: drm/syncobj: Fix use-after-free URL : https://patchwork.freedesktop.org/series/86043/ State : warning == Summary == $ dim checkpatch origin/drm-tip 9ced0389047e drm/syncobj: Fix use-after-free -:64: WARNING:FROM_SIGN_OFF_MISMATCH: From:/Signed-off-by: email address mismatch: 'From: Daniel Vetter <daniel.vetter@ffwll.ch>' != 'Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>' total: 0 errors, 1 warnings, 0 checks, 30 lines checked _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Intel-gfx] ✓ Fi.CI.BAT: success for drm/syncobj: Fix use-after-free 2021-01-19 13:03 ` Daniel Vetter ` (3 preceding siblings ...) (?) @ 2021-01-19 17:03 ` Patchwork -1 siblings, 0 replies; 12+ messages in thread From: Patchwork @ 2021-01-19 17:03 UTC (permalink / raw) To: Daniel Vetter; +Cc: intel-gfx [-- Attachment #1.1: Type: text/plain, Size: 4033 bytes --] == Series Details == Series: drm/syncobj: Fix use-after-free URL : https://patchwork.freedesktop.org/series/86043/ State : success == Summary == CI Bug Log - changes from CI_DRM_9643 -> Patchwork_19407 ==================================================== Summary ------- **SUCCESS** No regressions found. External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/index.html Known issues ------------ Here are the changes found in Patchwork_19407 that come from known issues: ### CI changes ### ### IGT changes ### #### Issues hit #### * igt@i915_selftest@live@execlists: - fi-bsw-nick: [PASS][1] -> [INCOMPLETE][2] ([i915#2940]) [1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/fi-bsw-nick/igt@i915_selftest@live@execlists.html [2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-bsw-nick/igt@i915_selftest@live@execlists.html * igt@prime_self_import@basic-with_two_bos: - fi-tgl-y: [PASS][3] -> [DMESG-WARN][4] ([i915#402]) [3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/fi-tgl-y/igt@prime_self_import@basic-with_two_bos.html [4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-tgl-y/igt@prime_self_import@basic-with_two_bos.html * igt@runner@aborted: - fi-bsw-nick: NOTRUN -> [FAIL][5] ([i915#1436]) [5]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-bsw-nick/igt@runner@aborted.html #### Possible fixes #### * igt@i915_selftest@live@active: - fi-skl-6600u: [DMESG-FAIL][6] ([i915#2291] / [i915#666]) -> [PASS][7] [6]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/fi-skl-6600u/igt@i915_selftest@live@active.html [7]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-skl-6600u/igt@i915_selftest@live@active.html * igt@prime_self_import@basic-with_one_bo_two_files: - fi-tgl-y: [DMESG-WARN][8] ([i915#402]) -> [PASS][9] [8]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/fi-tgl-y/igt@prime_self_import@basic-with_one_bo_two_files.html [9]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-tgl-y/igt@prime_self_import@basic-with_one_bo_two_files.html #### Warnings #### * igt@debugfs_test@read_all_entries: - fi-tgl-y: [DMESG-WARN][10] ([i915#402]) -> [DMESG-WARN][11] ([i915#1982] / [i915#402]) [10]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/fi-tgl-y/igt@debugfs_test@read_all_entries.html [11]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/fi-tgl-y/igt@debugfs_test@read_all_entries.html {name}: This element is suppressed. This means it is ignored when computing the status of the difference (SUCCESS, WARNING, or FAILURE). [i915#1436]: https://gitlab.freedesktop.org/drm/intel/issues/1436 [i915#1982]: https://gitlab.freedesktop.org/drm/intel/issues/1982 [i915#2291]: https://gitlab.freedesktop.org/drm/intel/issues/2291 [i915#2601]: https://gitlab.freedesktop.org/drm/intel/issues/2601 [i915#2788]: https://gitlab.freedesktop.org/drm/intel/issues/2788 [i915#2940]: https://gitlab.freedesktop.org/drm/intel/issues/2940 [i915#402]: https://gitlab.freedesktop.org/drm/intel/issues/402 [i915#666]: https://gitlab.freedesktop.org/drm/intel/issues/666 Participating hosts (42 -> 38) ------------------------------ Additional (1): fi-dg1-1 Missing (5): fi-ilk-m540 fi-hsw-4200u fi-bsw-cyan fi-ctg-p8600 fi-bdw-samus Build changes ------------- * Linux: CI_DRM_9643 -> Patchwork_19407 CI-20190529: 20190529 CI_DRM_9643: fabbcd086b7f667f0e0cce8eeb26a7b5c7120782 @ git://anongit.freedesktop.org/gfx-ci/linux IGT_5960: ace82fcd5f3623f8dde7c220a825873dc53dfae4 @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools Patchwork_19407: 9ced0389047e68a5f718a091ebc892af5fcab69a @ git://anongit.freedesktop.org/gfx-ci/linux == Linux commits == 9ced0389047e drm/syncobj: Fix use-after-free == Logs == For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/index.html [-- Attachment #1.2: Type: text/html, Size: 4850 bytes --] [-- Attachment #2: Type: text/plain, Size: 160 bytes --] _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 12+ messages in thread
* [Intel-gfx] ✗ Fi.CI.IGT: failure for drm/syncobj: Fix use-after-free 2021-01-19 13:03 ` Daniel Vetter ` (4 preceding siblings ...) (?) @ 2021-01-19 19:32 ` Patchwork -1 siblings, 0 replies; 12+ messages in thread From: Patchwork @ 2021-01-19 19:32 UTC (permalink / raw) To: Daniel Vetter; +Cc: intel-gfx [-- Attachment #1.1: Type: text/plain, Size: 22264 bytes --] == Series Details == Series: drm/syncobj: Fix use-after-free URL : https://patchwork.freedesktop.org/series/86043/ State : failure == Summary == CI Bug Log - changes from CI_DRM_9643_full -> Patchwork_19407_full ==================================================== Summary ------- **FAILURE** Serious unknown changes coming with Patchwork_19407_full absolutely need to be verified manually. If you think the reported changes have nothing to do with the changes introduced in Patchwork_19407_full, please notify your bug team to allow them to document this new failure mode, which will reduce false positives in CI. Possible new issues ------------------- Here are the unknown changes that may have been introduced in Patchwork_19407_full: ### IGT changes ### #### Possible regressions #### * igt@i915_pm_rps@reset: - shard-snb: [PASS][1] -> [FAIL][2] [1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-snb5/igt@i915_pm_rps@reset.html [2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-snb4/igt@i915_pm_rps@reset.html Known issues ------------ Here are the changes found in Patchwork_19407_full that come from known issues: ### IGT changes ### #### Issues hit #### * igt@drm_import_export@flink: - shard-tglb: [PASS][3] -> [INCOMPLETE][4] ([i915#750]) [3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb5/igt@drm_import_export@flink.html [4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb2/igt@drm_import_export@flink.html * igt@gem_ctx_persistence@close-replace-race: - shard-kbl: [PASS][5] -> [TIMEOUT][6] ([i915#2918]) [5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-kbl2/igt@gem_ctx_persistence@close-replace-race.html [6]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-kbl7/igt@gem_ctx_persistence@close-replace-race.html - shard-glk: [PASS][7] -> [TIMEOUT][8] ([i915#2918]) [7]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-glk5/igt@gem_ctx_persistence@close-replace-race.html [8]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-glk1/igt@gem_ctx_persistence@close-replace-race.html * igt@gem_ctx_persistence@legacy-engines-mixed-process: - shard-hsw: NOTRUN -> [SKIP][9] ([fdo#109271] / [i915#1099]) +3 similar issues [9]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-hsw4/igt@gem_ctx_persistence@legacy-engines-mixed-process.html * igt@gem_eio@kms: - shard-snb: [PASS][10] -> [SKIP][11] ([fdo#109271]) [10]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-snb4/igt@gem_eio@kms.html [11]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-snb6/igt@gem_eio@kms.html * igt@gem_exec_balancer@waits: - shard-tglb: [PASS][12] -> [INCOMPLETE][13] ([i915#2931]) [12]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb6/igt@gem_exec_balancer@waits.html [13]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb6/igt@gem_exec_balancer@waits.html * igt@gem_exec_fair@basic-pace-share@rcs0: - shard-tglb: [PASS][14] -> [FAIL][15] ([i915#2842]) +1 similar issue [14]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb1/igt@gem_exec_fair@basic-pace-share@rcs0.html [15]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb1/igt@gem_exec_fair@basic-pace-share@rcs0.html * igt@gem_exec_fair@basic-pace-solo@rcs0: - shard-glk: [PASS][16] -> [FAIL][17] ([i915#2842]) [16]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-glk7/igt@gem_exec_fair@basic-pace-solo@rcs0.html [17]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-glk3/igt@gem_exec_fair@basic-pace-solo@rcs0.html - shard-kbl: [PASS][18] -> [FAIL][19] ([i915#2842]) [18]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-kbl2/igt@gem_exec_fair@basic-pace-solo@rcs0.html [19]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-kbl7/igt@gem_exec_fair@basic-pace-solo@rcs0.html * igt@gem_exec_reloc@basic-wide-active@vcs1: - shard-iclb: NOTRUN -> [FAIL][20] ([i915#2389]) [20]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb4/igt@gem_exec_reloc@basic-wide-active@vcs1.html * igt@gem_ppgtt@flink-and-close-vma-leak: - shard-skl: [PASS][21] -> [FAIL][22] ([i915#644]) [21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl5/igt@gem_ppgtt@flink-and-close-vma-leak.html [22]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@gem_ppgtt@flink-and-close-vma-leak.html * igt@gem_userptr_blits@process-exit-mmap@wc: - shard-hsw: NOTRUN -> [SKIP][23] ([fdo#109271]) +214 similar issues [23]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-hsw4/igt@gem_userptr_blits@process-exit-mmap@wc.html * igt@i915_suspend@forcewake: - shard-skl: [PASS][24] -> [INCOMPLETE][25] ([i915#636]) [24]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl10/igt@i915_suspend@forcewake.html [25]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl7/igt@i915_suspend@forcewake.html * igt@kms_big_joiner@basic: - shard-skl: NOTRUN -> [SKIP][26] ([fdo#109271] / [i915#2705]) [26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_big_joiner@basic.html * igt@kms_chamelium@common-hpd-after-suspend: - shard-hsw: NOTRUN -> [SKIP][27] ([fdo#109271] / [fdo#111827]) +16 similar issues [27]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-hsw4/igt@kms_chamelium@common-hpd-after-suspend.html * igt@kms_color_chamelium@pipe-d-ctm-red-to-blue: - shard-skl: NOTRUN -> [SKIP][28] ([fdo#109271] / [fdo#111827]) +6 similar issues [28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_color_chamelium@pipe-d-ctm-red-to-blue.html * igt@kms_cursor_crc@pipe-b-cursor-128x42-sliding: - shard-skl: [PASS][29] -> [FAIL][30] ([i915#54]) +1 similar issue [29]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl6/igt@kms_cursor_crc@pipe-b-cursor-128x42-sliding.html [30]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl4/igt@kms_cursor_crc@pipe-b-cursor-128x42-sliding.html * igt@kms_cursor_crc@pipe-b-cursor-64x21-onscreen: - shard-skl: NOTRUN -> [FAIL][31] ([i915#54]) +2 similar issues [31]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_cursor_crc@pipe-b-cursor-64x21-onscreen.html * igt@kms_cursor_crc@pipe-c-cursor-suspend: - shard-skl: [PASS][32] -> [INCOMPLETE][33] ([i915#300]) [32]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl3/igt@kms_cursor_crc@pipe-c-cursor-suspend.html [33]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl9/igt@kms_cursor_crc@pipe-c-cursor-suspend.html * igt@kms_cursor_edge_walk@pipe-a-64x64-top-edge: - shard-glk: [PASS][34] -> [DMESG-WARN][35] ([i915#118] / [i915#95]) +1 similar issue [34]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-glk6/igt@kms_cursor_edge_walk@pipe-a-64x64-top-edge.html [35]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-glk2/igt@kms_cursor_edge_walk@pipe-a-64x64-top-edge.html * igt@kms_cursor_legacy@flip-vs-cursor-atomic: - shard-skl: [PASS][36] -> [FAIL][37] ([i915#2346]) +1 similar issue [36]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl4/igt@kms_cursor_legacy@flip-vs-cursor-atomic.html [37]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl7/igt@kms_cursor_legacy@flip-vs-cursor-atomic.html * igt@kms_flip@blocking-absolute-wf_vblank-interruptible@a-dp1: - shard-kbl: [PASS][38] -> [DMESG-WARN][39] ([i915#165]) [38]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-kbl3/igt@kms_flip@blocking-absolute-wf_vblank-interruptible@a-dp1.html [39]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-kbl2/igt@kms_flip@blocking-absolute-wf_vblank-interruptible@a-dp1.html * igt@kms_flip@flip-vs-expired-vblank-interruptible@b-dp1: - shard-apl: [PASS][40] -> [FAIL][41] ([i915#79]) [40]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-apl2/igt@kms_flip@flip-vs-expired-vblank-interruptible@b-dp1.html [41]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-apl1/igt@kms_flip@flip-vs-expired-vblank-interruptible@b-dp1.html * igt@kms_flip@flip-vs-expired-vblank-interruptible@c-edp1: - shard-skl: [PASS][42] -> [FAIL][43] ([i915#79]) [42]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl9/igt@kms_flip@flip-vs-expired-vblank-interruptible@c-edp1.html [43]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl2/igt@kms_flip@flip-vs-expired-vblank-interruptible@c-edp1.html * igt@kms_flip@flip-vs-expired-vblank@a-edp1: - shard-tglb: [PASS][44] -> [FAIL][45] ([i915#2598]) [44]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb8/igt@kms_flip@flip-vs-expired-vblank@a-edp1.html [45]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb7/igt@kms_flip@flip-vs-expired-vblank@a-edp1.html * igt@kms_frontbuffer_tracking@fbcpsr-1p-primscrn-indfb-msflip-blt: - shard-skl: NOTRUN -> [SKIP][46] ([fdo#109271]) +48 similar issues [46]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl2/igt@kms_frontbuffer_tracking@fbcpsr-1p-primscrn-indfb-msflip-blt.html * igt@kms_pipe_crc_basic@read-crc-pipe-a: - shard-glk: [PASS][47] -> [FAIL][48] ([i915#53]) [47]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-glk6/igt@kms_pipe_crc_basic@read-crc-pipe-a.html [48]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-glk2/igt@kms_pipe_crc_basic@read-crc-pipe-a.html * igt@kms_pipe_crc_basic@read-crc-pipe-d: - shard-skl: NOTRUN -> [SKIP][49] ([fdo#109271] / [i915#533]) [49]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_pipe_crc_basic@read-crc-pipe-d.html * igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes: - shard-skl: [PASS][50] -> [INCOMPLETE][51] ([i915#648]) [50]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl5/igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes.html [51]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes.html * igt@kms_plane_alpha_blend@pipe-a-alpha-7efc: - shard-skl: NOTRUN -> [FAIL][52] ([fdo#108145] / [i915#265]) +1 similar issue [52]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl2/igt@kms_plane_alpha_blend@pipe-a-alpha-7efc.html * igt@kms_psr2_sf@overlay-plane-update-sf-dmg-area-5: - shard-skl: NOTRUN -> [SKIP][53] ([fdo#109271] / [i915#658]) [53]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl6/igt@kms_psr2_sf@overlay-plane-update-sf-dmg-area-5.html * igt@kms_psr2_su@frontbuffer: - shard-iclb: [PASS][54] -> [SKIP][55] ([fdo#109642] / [fdo#111068]) [54]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb2/igt@kms_psr2_su@frontbuffer.html [55]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb4/igt@kms_psr2_su@frontbuffer.html * igt@kms_psr@psr2_cursor_render: - shard-iclb: [PASS][56] -> [SKIP][57] ([fdo#109441]) +1 similar issue [56]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb2/igt@kms_psr@psr2_cursor_render.html [57]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb1/igt@kms_psr@psr2_cursor_render.html #### Possible fixes #### * igt@gem_exec_fair@basic-none-share@rcs0: - shard-tglb: [FAIL][58] ([i915#2842]) -> [PASS][59] [58]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb3/igt@gem_exec_fair@basic-none-share@rcs0.html [59]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb7/igt@gem_exec_fair@basic-none-share@rcs0.html * igt@gem_exec_fair@basic-none@vecs0: - shard-apl: [FAIL][60] ([i915#2842]) -> [PASS][61] [60]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-apl3/igt@gem_exec_fair@basic-none@vecs0.html [61]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-apl8/igt@gem_exec_fair@basic-none@vecs0.html * igt@gem_exec_schedule@u-fairslice@vecs0: - shard-skl: [DMESG-WARN][62] ([i915#1610] / [i915#2803]) -> [PASS][63] [62]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl9/igt@gem_exec_schedule@u-fairslice@vecs0.html [63]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl2/igt@gem_exec_schedule@u-fairslice@vecs0.html * igt@i915_pm_dc@dc6-psr: - shard-iclb: [FAIL][64] ([i915#454]) -> [PASS][65] [64]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb6/igt@i915_pm_dc@dc6-psr.html [65]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb7/igt@i915_pm_dc@dc6-psr.html * igt@kms_cursor_crc@pipe-b-cursor-256x256-sliding: - shard-skl: [FAIL][66] ([i915#54]) -> [PASS][67] +6 similar issues [66]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl1/igt@kms_cursor_crc@pipe-b-cursor-256x256-sliding.html [67]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl9/igt@kms_cursor_crc@pipe-b-cursor-256x256-sliding.html * igt@kms_hdr@bpc-switch-dpms: - shard-skl: [FAIL][68] ([i915#1188]) -> [PASS][69] [68]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl6/igt@kms_hdr@bpc-switch-dpms.html [69]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl9/igt@kms_hdr@bpc-switch-dpms.html * igt@kms_psr@psr2_sprite_plane_move: - shard-iclb: [SKIP][70] ([fdo#109441]) -> [PASS][71] +2 similar issues [70]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb4/igt@kms_psr@psr2_sprite_plane_move.html [71]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb2/igt@kms_psr@psr2_sprite_plane_move.html * igt@kms_psr@suspend: - shard-skl: [INCOMPLETE][72] ([i915#198]) -> [PASS][73] +1 similar issue [72]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl2/igt@kms_psr@suspend.html [73]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl2/igt@kms_psr@suspend.html #### Warnings #### * igt@gem_vm_create@destroy-race: - shard-tglb: [FAIL][74] ([i915#2822]) -> [TIMEOUT][75] ([i915#2795]) [74]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-tglb2/igt@gem_vm_create@destroy-race.html [75]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-tglb6/igt@gem_vm_create@destroy-race.html * igt@i915_pm_dc@dc3co-vpb-simulation: - shard-iclb: [SKIP][76] ([i915#588]) -> [SKIP][77] ([i915#658]) [76]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb2/igt@i915_pm_dc@dc3co-vpb-simulation.html [77]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb4/igt@i915_pm_dc@dc3co-vpb-simulation.html * igt@i915_pm_rc6_residency@rc6-fence: - shard-iclb: [WARN][78] ([i915#2681] / [i915#2684]) -> [WARN][79] ([i915#1804] / [i915#2684]) [78]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb1/igt@i915_pm_rc6_residency@rc6-fence.html [79]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb3/igt@i915_pm_rc6_residency@rc6-fence.html * igt@i915_pm_rc6_residency@rc6-idle: - shard-iclb: [WARN][80] ([i915#1804] / [i915#2684]) -> [WARN][81] ([i915#2681] / [i915#2684]) [80]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb4/igt@i915_pm_rc6_residency@rc6-idle.html [81]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb1/igt@i915_pm_rc6_residency@rc6-idle.html * igt@kms_dp_dsc@basic-dsc-enable-edp: - shard-iclb: [DMESG-WARN][82] ([i915#1226]) -> [SKIP][83] ([fdo#109349]) [82]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb2/igt@kms_dp_dsc@basic-dsc-enable-edp.html [83]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb4/igt@kms_dp_dsc@basic-dsc-enable-edp.html * igt@kms_psr2_sf@plane-move-sf-dmg-area-1: - shard-iclb: [SKIP][84] ([i915#2920]) -> [SKIP][85] ([i915#658]) +1 similar issue [84]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb2/igt@kms_psr2_sf@plane-move-sf-dmg-area-1.html [85]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb1/igt@kms_psr2_sf@plane-move-sf-dmg-area-1.html * igt@kms_psr2_sf@primary-plane-update-sf-dmg-area-2: - shard-iclb: [SKIP][86] ([i915#658]) -> [SKIP][87] ([i915#2920]) +2 similar issues [86]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-iclb5/igt@kms_psr2_sf@primary-plane-update-sf-dmg-area-2.html [87]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-iclb2/igt@kms_psr2_sf@primary-plane-update-sf-dmg-area-2.html * igt@runner@aborted: - shard-kbl: [FAIL][88] ([i915#2295] / [i915#2505]) -> [FAIL][89] ([i915#2295]) [88]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-kbl6/igt@runner@aborted.html [89]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-kbl2/igt@runner@aborted.html - shard-skl: ([FAIL][90], [FAIL][91]) ([i915#2295] / [i915#2426]) -> ([FAIL][92], [FAIL][93]) ([i915#1814] / [i915#2029] / [i915#2295]) [90]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl1/igt@runner@aborted.html [91]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_9643/shard-skl9/igt@runner@aborted.html [92]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl3/igt@runner@aborted.html [93]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/shard-skl9/igt@runner@aborted.html {name}: This element is suppressed. This means it is ignored when computing the status of the difference (SUCCESS, WARNING, or FAILURE). [fdo#108145]: https://bugs.freedesktop.org/show_bug.cgi?id=108145 [fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271 [fdo#109349]: https://bugs.freedesktop.org/show_bug.cgi?id=109349 [fdo#109441]: https://bugs.freedesktop.org/show_bug.cgi?id=109441 [fdo#109642]: https://bugs.freedesktop.org/show_bug.cgi?id=109642 [fdo#111068]: https://bugs.freedesktop.org/show_bug.cgi?id=111068 [fdo#111827]: https://bugs.freedesktop.org/show_bug.cgi?id=111827 [i915#1099]: https://gitlab.freedesktop.org/drm/intel/issues/1099 [i915#118]: https://gitlab.freedesktop.org/drm/intel/issues/118 [i915#1188]: https://gitlab.freedesktop.org/drm/intel/issues/1188 [i915#1226]: https://gitlab.freedesktop.org/drm/intel/issues/1226 [i915#1610]: https://gitlab.freedesktop.org/drm/intel/issues/1610 [i915#165]: https://gitlab.freedesktop.org/drm/intel/issues/165 [i915#1804]: https://gitlab.freedesktop.org/drm/intel/issues/1804 [i915#1814]: https://gitlab.freedesktop.org/drm/intel/issues/1814 [i915#198]: https://gitlab.freedesktop.org/drm/intel/issues/198 [i915#2029]: https://gitlab.freedesktop.org/drm/intel/issues/2029 [i915#2295]: https://gitlab.freedesktop.org/drm/intel/issues/2295 [i915#2346]: https://gitlab.freedesktop.org/drm/intel/issues/2346 [i915#2389]: https://gitlab.freedesktop.org/drm/intel/issues/2389 [i915#2426]: https://gitlab.freedesktop.org/drm/intel/issues/2426 [i915#2505]: https://gitlab.freedesktop.org/drm/intel/issues/2505 [i915#2598]: https://gitlab.freedesktop.org/drm/intel/issues/2598 [i915#265]: https://gitlab.freedesktop.org/drm/intel/issues/265 [i915#2681]: https://gitlab.freedesktop.org/drm/intel/issues/2681 [i915#2684]: https://gitlab.freedesktop.org/drm/intel/issues/2684 [i915#2705]: https://gitlab.freedesktop.org/drm/intel/issues/2705 [i915#2795]: https://gitlab.freedesktop.org/drm/intel/issues/2795 [i915#2803]: https://gitlab.freedesktop.org/drm/intel/issues/2803 [i915#2822]: https://gitlab.freedesktop.org/drm/intel/issues/2822 [i915#2842]: https://gitlab.freedesktop.org/drm/intel/issues/2842 [i915#2918]: https://gitlab.freedesktop.org/drm/intel/issues/2918 [i915#2920]: https://gitlab.freedesktop.org/drm/intel/issues/2920 [i915#2931]: https://gitlab.freedesktop.org/drm/intel/issues/2931 [i915#300]: https://gitlab.freedesktop.org/drm/intel/issues/300 [i915#454]: https://gitlab.freedesktop.org/drm/intel/issues/454 [i915#53]: https://gitlab.freedesktop.org/drm/intel/issues/53 [i915#533]: https://gitlab.freedesktop.org/drm/intel/issues/533 [i915#54]: https://gitlab.freedesktop.org/drm/intel/issues/54 [i915#588]: https://gitlab.freedesktop.org/drm/intel/issues/588 [i915#636]: https://gitlab.freedesktop.org/drm/intel/issues/636 [i915#644]: https://gitlab.freedesktop.org/drm/intel/issues/644 [i915#648]: https://gitlab.freedesktop.org/drm/intel/issues/648 [i915#658]: https://gitlab.freedesktop.org/drm/intel/issues/658 [i915#750]: https://gitlab.freedesktop.org/drm/intel/issues/750 [i915#79]: https://gitlab.freedesktop.org/drm/intel/issues/79 [i915#95]: https://gitlab.freedesktop.org/drm/intel/issues/95 Participating hosts (10 -> 10) ------------------------------ No changes in participating hosts Build changes ------------- * Linux: CI_DRM_9643 -> Patchwork_19407 CI-20190529: 20190529 CI_DRM_9643: fabbcd086b7f667f0e0cce8eeb26a7b5c7120782 @ git://anongit.freedesktop.org/gfx-ci/linux IGT_5960: ace82fcd5f3623f8dde7c220a825873dc53dfae4 @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools Patchwork_19407: 9ced0389047e68a5f718a091ebc892af5fcab69a @ git://anongit.freedesktop.org/gfx-ci/linux piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit == Logs == For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_19407/index.html [-- Attachment #1.2: Type: text/html, Size: 26095 bytes --] [-- Attachment #2: Type: text/plain, Size: 160 bytes --] _______________________________________________ Intel-gfx mailing list Intel-gfx@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/intel-gfx ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-01-20 11:02 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-19 13:03 [PATCH] drm/syncobj: Fix use-after-free Daniel Vetter 2021-01-19 13:03 ` [Intel-gfx] " Daniel Vetter 2021-01-19 13:03 ` Daniel Vetter 2021-01-19 13:08 ` Christian König 2021-01-19 13:08 ` [Intel-gfx] " Christian König 2021-01-19 13:08 ` Christian König 2021-01-20 9:28 ` Daniel Vetter 2021-01-20 9:28 ` [Intel-gfx] " Daniel Vetter 2021-01-20 9:28 ` Daniel Vetter 2021-01-19 16:34 ` [Intel-gfx] ✗ Fi.CI.CHECKPATCH: warning for " Patchwork 2021-01-19 17:03 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork 2021-01-19 19:32 ` [Intel-gfx] ✗ Fi.CI.IGT: failure " Patchwork
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.