[PATCH] drm/i915: Sanity check mmap length against object size

[PATCH] drm/i915: Sanity check mmap length against object size

[Chris Wilson]

We assumed that vm_mmap() would reject an attempt to mmap past the end of
the filp (our object), but we were wrong.

Reported-by: Antonio Argenziano <antonio.argenziano@intel.com>
Testcase: igt/gem_mmap/bad-size
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Antonio Argenziano <antonio.argenziano@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: stable@vger.kernel.org
---
 drivers/gpu/drm/i915/i915_gem.c | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index b38c9531b5e8..b7086c8d4726 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -1639,8 +1639,13 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
 	 * pages from.
 	 */
 	if (!obj->base.filp) {
-		i915_gem_object_put(obj);
-		return -ENXIO;
+		addr = -ENXIO;
+		goto err;
+	}
+
+	if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
+		addr = -EINVAL;
+		goto err;
 	}
 
 	addr = vm_mmap(obj->base.filp, 0, args->size,
@@ -1654,8 +1659,8 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
 		struct vm_area_struct *vma;
 
 		if (down_write_killable(&mm->mmap_sem)) {
-			i915_gem_object_put(obj);
-			return -EINTR;
+			addr = -EINTR;
+			goto err;
 		}
 		vma = find_vma(mm, addr);
 		if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
@@ -1673,12 +1678,10 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
 	i915_gem_object_put(obj);
 
 	args->addr_ptr = (u64)addr;
-
 	return 0;
 
 err:
 	i915_gem_object_put(obj);
-
 	return addr;
 }
 
-- 
2.20.1

✓ Fi.CI.BAT: success for drm/i915: Sanity check mmap length against object size

[Patchwork]

== Series Details ==

Series: drm/i915: Sanity check mmap length against object size
URL   : https://patchwork.freedesktop.org/series/57977/
State : success

== Summary ==

CI Bug Log - changes from CI_DRM_5743 -> Patchwork_12458
====================================================

Summary
-------

  **SUCCESS**

  No regressions found.

  External URL: https://patchwork.freedesktop.org/api/1.0/series/57977/revisions/1/mbox/

Known issues
------------

  Here are the changes found in Patchwork_12458 that come from known issues:

### IGT changes ###

#### Issues hit ####

  * igt@amdgpu/amd_cs_nop@sync-gfx0:
    - fi-kbl-7567u:       NOTRUN -> SKIP [fdo#109271] +33

  * igt@gem_exec_basic@gtt-bsd:
    - fi-bwr-2160:        NOTRUN -> SKIP [fdo#109271] +103

  * igt@gem_exec_suspend@basic-s3:
    - fi-icl-u3:          PASS -> FAIL [fdo#103375]

  * igt@kms_busy@basic-flip-c:
    - fi-skl-6770hq:      PASS -> SKIP [fdo#109271] / [fdo#109278] +2
    - fi-bwr-2160:        NOTRUN -> SKIP [fdo#109271] / [fdo#109278]

  * igt@kms_flip@basic-flip-vs-dpms:
    - fi-skl-6770hq:      PASS -> SKIP [fdo#109271] +33

  * igt@kms_flip@basic-flip-vs-wf_vblank:
    - fi-bsw-n3050:       PASS -> FAIL [fdo#100368]

  * igt@kms_force_connector_basic@force-load-detect:
    - fi-kbl-7560u:       NOTRUN -> SKIP [fdo#109271] +33

  
#### Possible fixes ####

  * igt@gem_ctx_create@basic-files:
    - fi-kbl-7560u:       INCOMPLETE [fdo#103665] -> PASS

  * igt@kms_busy@basic-flip-b:
    - fi-gdg-551:         FAIL [fdo#103182] -> PASS

  
  {name}: This element is suppressed. This means it is ignored when computing
          the status of the difference (SUCCESS, WARNING, or FAILURE).

  [fdo#100368]: https://bugs.freedesktop.org/show_bug.cgi?id=100368
  [fdo#103182]: https://bugs.freedesktop.org/show_bug.cgi?id=103182
  [fdo#103375]: https://bugs.freedesktop.org/show_bug.cgi?id=103375
  [fdo#103665]: https://bugs.freedesktop.org/show_bug.cgi?id=103665
  [fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271
  [fdo#109278]: https://bugs.freedesktop.org/show_bug.cgi?id=109278
  [fdo#109638]: https://bugs.freedesktop.org/show_bug.cgi?id=109638


Participating hosts (47 -> 37)
------------------------------

  Additional (2): fi-kbl-7567u fi-bwr-2160 
  Missing    (12): fi-kbl-soraka fi-hsw-4770r fi-ilk-m540 fi-hsw-4200u fi-byt-j1900 fi-byt-squawks fi-icl-u2 fi-bsw-cyan fi-kbl-x1275 fi-pnv-d510 fi-byt-clapper fi-bdw-samus 


Build changes
-------------

    * Linux: CI_DRM_5743 -> Patchwork_12458

  CI_DRM_5743: e167a588f3614da02999797b9816744e39e31ad7 @ git://anongit.freedesktop.org/gfx-ci/linux
  IGT_4884: c46051337b972f8b5a302afb6f603df06fea527d @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
  Patchwork_12458: dffc35a8e17feeb2a36d0780e5bc3a8acb2d00d5 @ git://anongit.freedesktop.org/gfx-ci/linux


== Linux commits ==

dffc35a8e17f drm/i915: Sanity check mmap length against object size

== Logs ==

For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_12458/
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size

[Tvrtko Ursulin]

On 14/03/2019 07:58, Chris Wilson wrote:
> We assumed that vm_mmap() would reject an attempt to mmap past the end of
> the filp (our object), but we were wrong.
> 
> Reported-by: Antonio Argenziano <antonio.argenziano@intel.com>
> Testcase: igt/gem_mmap/bad-size
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Antonio Argenziano <antonio.argenziano@intel.com>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org
> ---
>   drivers/gpu/drm/i915/i915_gem.c | 15 +++++++++------
>   1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index b38c9531b5e8..b7086c8d4726 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -1639,8 +1639,13 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>   	 * pages from.
>   	 */
>   	if (!obj->base.filp) {
> -		i915_gem_object_put(obj);
> -		return -ENXIO;
> +		addr = -ENXIO;
> +		goto err;
> +	}
> +
> +	if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
> +		addr = -EINVAL;
> +		goto err;
>   	}
>   
>   	addr = vm_mmap(obj->base.filp, 0, args->size,
> @@ -1654,8 +1659,8 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>   		struct vm_area_struct *vma;
>   
>   		if (down_write_killable(&mm->mmap_sem)) {
> -			i915_gem_object_put(obj);
> -			return -EINTR;
> +			addr = -EINTR;
> +			goto err;
>   		}
>   		vma = find_vma(mm, addr);
>   		if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
> @@ -1673,12 +1678,10 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>   	i915_gem_object_put(obj);
>   
>   	args->addr_ptr = (u64)addr;
> -
>   	return 0;
>   
>   err:
>   	i915_gem_object_put(obj);
> -
>   	return addr;
>   }
>   
> 

Patch is good, and certainly for our use cases we can afford to check at 
this level.

Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>

I am only wondering what happens to reads/write to the trailing area? 
Does shmemfs expands the backing store for this mmap and we just end up 
with otherwise unused chunk at the end?

Regards,

Tvrtko

Re: [Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size

[Chris Wilson]

Quoting Tvrtko Ursulin (2019-03-14 11:33:43)
> I am only wondering what happens to reads/write to the trailing area? 
> Does shmemfs expands the backing store for this mmap and we just end up 
> with otherwise unused chunk at the end?

My expectation would be that they generate a SIGBUS since the filp
should not be extended to cover the absent pages. So it would be the
equivalent of mmaping a file then calling ftruncate(0).

I admit it's not obvious if shmem_getpage_gfp (backing shmem_fault)
would prevent allocation of fresh backing pages beyond the initial filp
size. Afaict, we would end up at alloc_page_vma() without rejecting an
index beyond the end of the file.
-Chris

Re: [Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size

[Chris Wilson]

Quoting Chris Wilson (2019-03-14 11:44:37)
> Quoting Tvrtko Ursulin (2019-03-14 11:33:43)
> > I am only wondering what happens to reads/write to the trailing area? 
> > Does shmemfs expands the backing store for this mmap and we just end up 
> > with otherwise unused chunk at the end?
> 
> My expectation would be that they generate a SIGBUS since the filp
> should not be extended to cover the absent pages. So it would be the
> equivalent of mmaping a file then calling ftruncate(0).

Ok, having just checked, what actually happens is that shmemfs quite
happily allocates the extra page beyond the end of the object and
userspace can freely read/write into that address space with only the
mere consequence that those pages are not mapped to the GPU.
-Chris

Re: [Intel-gfx] [PATCH] drm/i915: Sanity check mmap length against object size

[Chris Wilson]

Quoting Chris Wilson (2019-03-18 12:10:12)
> Quoting Chris Wilson (2019-03-14 11:44:37)
> > Quoting Tvrtko Ursulin (2019-03-14 11:33:43)
> > > I am only wondering what happens to reads/write to the trailing area? 
> > > Does shmemfs expands the backing store for this mmap and we just end up 
> > > with otherwise unused chunk at the end?
> > 
> > My expectation would be that they generate a SIGBUS since the filp
> > should not be extended to cover the absent pages. So it would be the
> > equivalent of mmaping a file then calling ftruncate(0).
> 
> Ok, having just checked, what actually happens is that shmemfs quite
> happily allocates the extra page beyond the end of the object and
> userspace can freely read/write into that address space with only the
> mere consequence that those pages are not mapped to the GPU.

Or egg-on-face moment, wrong kernel (already had the safety check!)

ickle@kabylake:~/intel-gpu-tools$ sudo ./build/tests/gem_mmap --run bad-size
IGT-Version: 1.23-g3fc026d3e (x86_64) (Linux: 5.0.0+ x86_64)
Starting subtest: bad-size
Received signal SIGBUS.
Stack trace:
 #0 [fatal_sig_handler+0xd5]
 #1 [killpg+0x40]
 #2 [__real_main119+0x1b6]
 #3 [main+0x44]
 #4 [__libc_start_main+0xeb]
 #5 [_start+0x2a]
Subtest bad-size: CRASH (0.001s)

SIGBUS!
-Chris

✗ Fi.CI.IGT: failure for drm/i915: Sanity check mmap length against object size

[Patchwork]

== Series Details ==

Series: drm/i915: Sanity check mmap length against object size
URL   : https://patchwork.freedesktop.org/series/57977/
State : failure

== Summary ==

CI Bug Log - changes from CI_DRM_5743_full -> Patchwork_12458_full
====================================================

Summary
-------

  **FAILURE**

  Serious unknown changes coming with Patchwork_12458_full absolutely need to be
  verified manually.
  
  If you think the reported changes have nothing to do with the changes
  introduced in Patchwork_12458_full, please notify your bug team to allow them
  to document this new failure mode, which will reduce false positives in CI.

  

Possible new issues
-------------------

  Here are the unknown changes that may have been introduced in Patchwork_12458_full:

### IGT changes ###

#### Possible regressions ####

  * igt@gem_tiled_wb:
    - shard-apl:          PASS -> FAIL +1
    - shard-skl:          NOTRUN -> FAIL +1
    - shard-kbl:          PASS -> FAIL +1
    - shard-hsw:          PASS -> FAIL +1

  * igt@gem_tiled_wc:
    - shard-glk:          PASS -> FAIL +1
    - shard-iclb:         PASS -> FAIL +2
    - shard-snb:          PASS -> FAIL +1

  * igt@kms_properties@connector-properties-legacy:
    - shard-iclb:         PASS -> INCOMPLETE

  
Known issues
------------

  Here are the changes found in Patchwork_12458_full that come from known issues:

### IGT changes ###

#### Issues hit ####

  * igt@gem_busy@extended-bsd1:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109276] +5

  * igt@gem_ctx_param@invalid-param-set:
    - shard-hsw:          NOTRUN -> FAIL [fdo#109674]

  * igt@gem_exec_parse@basic-rejected:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109289] +1

  * igt@gem_mocs_settings@mocs-rc6-bsd1:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109276] / [fdo#109287]

  * igt@gem_pread@stolen-normal:
    - shard-skl:          NOTRUN -> SKIP [fdo#109271] +136

  * igt@gem_pread@stolen-snoop:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109277]

  * igt@gem_pwrite@huge-cpu-fbr:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109290]

  * igt@gem_tiled_pread_pwrite:
    - shard-iclb:         PASS -> TIMEOUT [fdo#109673]

  * igt@i915_pm_backlight@fade_with_suspend:
    - shard-skl:          NOTRUN -> FAIL [fdo#107847]

  * igt@i915_pm_rpm@gem-idle:
    - shard-skl:          PASS -> INCOMPLETE [fdo#107807] +1

  * igt@i915_pm_rps@reset:
    - shard-iclb:         NOTRUN -> FAIL [fdo#108059]

  * igt@kms_atomic_transition@4x-modeset-transitions-fencing:
    - shard-kbl:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +3

  * igt@kms_atomic_transition@plane-toggle-modeset-transition:
    - shard-apl:          PASS -> INCOMPLETE [fdo#103927] +1

  * igt@kms_busy@extended-modeset-hang-oldfb-render-e:
    - shard-skl:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +10

  * igt@kms_busy@extended-modeset-hang-oldfb-with-reset-render-e:
    - shard-glk:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +3

  * igt@kms_busy@extended-pageflip-modeset-hang-oldfb-render-b:
    - shard-glk:          PASS -> DMESG-WARN [fdo#107956]

  * igt@kms_busy@extended-pageflip-modeset-hang-oldfb-render-c:
    - shard-skl:          NOTRUN -> DMESG-WARN [fdo#107956] +1

  * igt@kms_ccs@pipe-b-crc-sprite-planes-basic:
    - shard-apl:          PASS -> FAIL [fdo#107725] / [fdo#108145]

  * igt@kms_ccs@pipe-c-crc-primary-basic:
    - shard-hsw:          NOTRUN -> SKIP [fdo#109271] +30

  * igt@kms_chamelium@hdmi-edid-read:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109284]

  * igt@kms_color@pipe-a-ctm-max:
    - shard-apl:          PASS -> FAIL [fdo#108147]
    - shard-glk:          NOTRUN -> FAIL [fdo#108147]

  * igt@kms_color@pipe-b-degamma:
    - shard-apl:          PASS -> FAIL [fdo#104782]

  * igt@kms_concurrent@pipe-d:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109278] +4

  * igt@kms_cursor_crc@cursor-128x128-random:
    - shard-apl:          PASS -> FAIL [fdo#103232] +4

  * igt@kms_cursor_crc@cursor-128x128-suspend:
    - shard-glk:          NOTRUN -> FAIL [fdo#103232] +1

  * igt@kms_cursor_crc@cursor-512x512-dpms:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109279]

  * igt@kms_cursor_legacy@2x-long-nonblocking-modeset-vs-cursor-atomic:
    - shard-glk:          PASS -> FAIL [fdo#105454]

  * igt@kms_cursor_legacy@cursor-vs-flip-atomic:
    - shard-iclb:         PASS -> FAIL [fdo#103355]

  * igt@kms_cursor_legacy@cursorb-vs-flipb-atomic-transitions-varying-size:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109274] +4

  * igt@kms_fbcon_fbt@psr-suspend:
    - shard-skl:          NOTRUN -> FAIL [fdo#103833]

  * igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-draw-pwrite:
    - shard-apl:          PASS -> FAIL [fdo#103167]

  * igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-move:
    - shard-iclb:         NOTRUN -> FAIL [fdo#103167] +2

  * igt@kms_frontbuffer_tracking@fbc-2p-primscrn-cur-indfb-draw-mmap-cpu:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109280] +15

  * igt@kms_frontbuffer_tracking@fbc-2p-primscrn-cur-indfb-move:
    - shard-glk:          PASS -> FAIL [fdo#103167] +2

  * igt@kms_frontbuffer_tracking@fbc-suspend:
    - shard-iclb:         PASS -> FAIL [fdo#103167] +5

  * igt@kms_frontbuffer_tracking@fbcpsr-1p-offscren-pri-indfb-draw-mmap-gtt:
    - shard-iclb:         PASS -> FAIL [fdo#109247] +16

  * igt@kms_frontbuffer_tracking@fbcpsr-1p-primscrn-cur-indfb-draw-pwrite:
    - shard-skl:          NOTRUN -> FAIL [fdo#103167]

  * igt@kms_frontbuffer_tracking@fbcpsr-rgb101010-draw-mmap-wc:
    - shard-iclb:         PASS -> FAIL [fdo#105682] / [fdo#109247] +1

  * igt@kms_frontbuffer_tracking@fbcpsr-stridechange:
    - shard-skl:          NOTRUN -> FAIL [fdo#105683]

  * igt@kms_frontbuffer_tracking@psr-1p-offscren-pri-shrfb-draw-blt:
    - shard-kbl:          NOTRUN -> SKIP [fdo#109271] +12

  * igt@kms_frontbuffer_tracking@psr-rgb101010-draw-pwrite:
    - shard-glk:          NOTRUN -> SKIP [fdo#109271] +41

  * igt@kms_frontbuffer_tracking@psr-shrfb-scaledprimary:
    - shard-iclb:         NOTRUN -> FAIL [fdo#109247] +1

  * igt@kms_panel_fitting@legacy:
    - shard-skl:          NOTRUN -> FAIL [fdo#105456]

  * igt@kms_plane_alpha_blend@pipe-a-constant-alpha-max:
    - shard-skl:          NOTRUN -> FAIL [fdo#108145] +3

  * igt@kms_plane_alpha_blend@pipe-b-alpha-7efc:
    - shard-skl:          NOTRUN -> FAIL [fdo#107815] / [fdo#108145] +1

  * igt@kms_plane_alpha_blend@pipe-b-constant-alpha-max:
    - shard-kbl:          NOTRUN -> FAIL [fdo#108145]

  * igt@kms_psr@primary_blt:
    - shard-iclb:         PASS -> FAIL [fdo#107383] +2

  * igt@kms_psr@psr2_basic:
    - shard-iclb:         PASS -> SKIP [fdo#109441] +3

  * igt@kms_psr@psr2_cursor_mmap_cpu:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109441]

  * igt@kms_psr@psr2_suspend:
    - shard-apl:          NOTRUN -> SKIP [fdo#109271] +1

  * igt@kms_rotation_crc@multiplane-rotation-cropping-bottom:
    - shard-kbl:          PASS -> DMESG-FAIL [fdo#105763]

  * igt@kms_setmode@basic:
    - shard-apl:          PASS -> FAIL [fdo#99912]

  * igt@kms_universal_plane@universal-plane-gen9-features-pipe-e:
    - shard-hsw:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +4

  * igt@kms_vrr@flip-suspend:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109502]

  * igt@prime_nv_pcopy@test2:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109291] +2

  
#### Possible fixes ####

  * igt@debugfs_test@read_all_entries_display_off:
    - shard-skl:          INCOMPLETE [fdo#104108] -> PASS

  * igt@gem_exec_schedule@wide-render:
    - shard-iclb:         FAIL [fdo#109633] -> PASS

  * igt@gem_persistent_relocs@forked-thrash-inactive:
    - shard-hsw:          INCOMPLETE [fdo#103540] -> PASS

  * igt@gem_ppgtt@blt-vs-render-ctx0:
    - shard-iclb:         DMESG-FAIL [fdo#109766] / [fdo#109801] -> PASS

  * igt@gem_ppgtt@blt-vs-render-ctxn:
    - shard-iclb:         INCOMPLETE [fdo#107713] / [fdo#109766] / [fdo#109801] -> PASS

  * igt@kms_cursor_crc@cursor-256x256-dpms:
    - shard-apl:          FAIL [fdo#103232] -> PASS +1

  * igt@kms_cursor_crc@cursor-64x64-suspend:
    - shard-apl:          FAIL [fdo#103191] / [fdo#103232] -> PASS

  * igt@kms_cursor_legacy@cursor-vs-flip-atomic-transitions:
    - shard-iclb:         FAIL [fdo#103355] -> PASS +1

  * igt@kms_flip@flip-vs-suspend:
    - shard-skl:          INCOMPLETE [fdo#109507] -> PASS

  * igt@kms_flip_tiling@flip-yf-tiled:
    - shard-skl:          FAIL [fdo#108145] -> PASS

  * igt@kms_frontbuffer_tracking@fbc-1p-offscren-pri-shrfb-draw-pwrite:
    - shard-iclb:         FAIL [fdo#103167] -> PASS +8

  * igt@kms_frontbuffer_tracking@fbcpsr-1p-offscren-pri-indfb-draw-pwrite:
    - shard-iclb:         FAIL [fdo#109247] -> PASS +11

  * {igt@kms_plane@pixel-format-pipe-b-planes-source-clamping}:
    - shard-glk:          SKIP [fdo#109271] -> PASS

  * {igt@kms_plane@plane-position-covered-pipe-c-planes}:
    - shard-iclb:         FAIL [fdo#110038] -> PASS

  * {igt@kms_plane_multiple@atomic-pipe-a-tiling-none}:
    - shard-apl:          FAIL [fdo#110037] -> PASS

  * {igt@kms_plane_multiple@atomic-pipe-c-tiling-yf}:
    - shard-iclb:         FAIL [fdo#110037] -> PASS

  * igt@kms_psr@psr2_sprite_render:
    - shard-iclb:         SKIP [fdo#109441] -> PASS

  * igt@kms_psr@suspend:
    - shard-iclb:         FAIL [fdo#107383] -> PASS

  * igt@kms_rotation_crc@multiplane-rotation-cropping-bottom:
    - shard-iclb:         DMESG-WARN [fdo#106885] -> PASS

  * igt@kms_rotation_crc@multiplane-rotation-cropping-top:
    - shard-kbl:          FAIL [fdo#109016] -> PASS

  * {igt@kms_universal_plane@universal-plane-pipe-b-functional}:
    - shard-apl:          FAIL [fdo#103166] -> PASS +2

  * igt@kms_vblank@pipe-a-ts-continuation-suspend:
    - shard-hsw:          FAIL [fdo#104894] -> PASS

  * igt@kms_vblank@pipe-b-ts-continuation-modeset-rpm:
    - shard-apl:          FAIL [fdo#104894] -> PASS

  * igt@perf_pmu@rc6-runtime-pm:
    - shard-iclb:         FAIL [fdo#105010] -> PASS

  * igt@sw_sync@sync_expired_merge:
    - shard-iclb:         TIMEOUT [fdo#109673] -> PASS +2

  
#### Warnings ####

  * igt@kms_plane_scaling@pipe-c-scaler-with-rotation:
    - shard-glk:          FAIL [fdo#110098] -> SKIP [fdo#109271] / [fdo#109278]

  
  {name}: This element is suppressed. This means it is ignored when computing
          the status of the difference (SUCCESS, WARNING, or FAILURE).

  [fdo#103166]: https://bugs.freedesktop.org/show_bug.cgi?id=103166
  [fdo#103167]: https://bugs.freedesktop.org/show_bug.cgi?id=103167
  [fdo#103191]: https://bugs.freedesktop.org/show_bug.cgi?id=103191
  [fdo#103232]: https://bugs.freedesktop.org/show_bug.cgi?id=103232
  [fdo#103355]: https://bugs.freedesktop.org/show_bug.cgi?id=103355
  [fdo#103540]: https://bugs.freedesktop.org/show_bug.cgi?id=103540
  [fdo#103833]: https://bugs.freedesktop.org/show_bug.cgi?id=103833
  [fdo#103927]: https://bugs.freedesktop.org/show_bug.cgi?id=103927
  [fdo#104108]: https://bugs.freedesktop.org/show_bug.cgi?id=104108
  [fdo#104782]: https://bugs.freedesktop.org/show_bug.cgi?id=104782
  [fdo#104894]: https://bugs.freedesktop.org/show_bug.cgi?id=104894
  [fdo#105010]: https://bugs.freedesktop.org/show_bug.cgi?id=105010
  [fdo#105454]: https://bugs.freedesktop.org/show_bug.cgi?id=105454
  [fdo#105456]: https://bugs.freedesktop.org/show_bug.cgi?id=105456
  [fdo#105682]: https://bugs.freedesktop.org/show_bug.cgi?id=105682
  [fdo#105683]: https://bugs.freedesktop.org/show_bug.cgi?id=105683
  [fdo#105763]: https://bugs.freedesktop.org/show_bug.cgi?id=105763
  [fdo#106885]: https://bugs.freedesktop.org/show_bug.cgi?id=106885
  [fdo#107383]: https://bugs.freedesktop.org/show_bug.cgi?id=107383
  [fdo#107713]: https://bugs.freedesktop.org/show_bug.cgi?id=107713
  [fdo#107724]: https://bugs.freedesktop.org/show_bug.cgi?id=107724
  [fdo#107725]: https://bugs.freedesktop.org/show_bug.cgi?id=107725
  [fdo#107807]: https://bugs.freedesktop.org/show_bug.cgi?id=107807
  [fdo#107815]: https://bugs.freedesktop.org/show_bug.cgi?id=107815
  [fdo#107847]: https://bugs.freedesktop.org/show_bug.cgi?id=107847
  [fdo#107956]: https://bugs.freedesktop.org/show_bug.cgi?id=107956
  [fdo#108059]: https://bugs.freedesktop.org/show_bug.cgi?id=108059
  [fdo#108145]: https://bugs.freedesktop.org/show_bug.cgi?id=108145
  [fdo#108147]: https://bugs.freedesktop.org/show_bug.cgi?id=108147
  [fdo#109016]: https://bugs.freedesktop.org/show_bug.cgi?id=109016
  [fdo#109247]: https://bugs.freedesktop.org/show_bug.cgi?id=109247
  [fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271
  [fdo#109274]: https://bugs.freedesktop.org/show_bug.cgi?id=109274
  [fdo#109276]: https://bugs.freedesktop.org/show_bug.cgi?id=109276
  [fdo#109277]: https://bugs.freedesktop.org/show_bug.cgi?id=109277
  [fdo#109278]: https://bugs.freedesktop.org/show_bug.cgi?id=109278
  [fdo#109279]: https://bugs.freedesktop.org/show_bug.cgi?id=109279
  [fdo#109280]: https://bugs.freedesktop.org/show_bug.cgi?id=109280
  [fdo#109284]: https://bugs.freedesktop.org/show_bug.cgi?id=109284
  [fdo#109287]: https://bugs.freedesktop.org/show_bug.cgi?id=109287
  [fdo#109289]: https://bugs.freedesktop.org/show_bug.cgi?id=109289
  [fdo#109290]: https://bugs.freedesktop.org/show_bug.cgi?id=109290
  [fdo#109291]: https://bugs.freedesktop.org/show_bug.cgi?id=109291
  [fdo#109441]: https://bugs.freedesktop.org/show_bug.cgi?id=109441
  [fdo#109502]: https://bugs.freedesktop.org/show_bug.cgi?id=109502
  [fdo#109507]: https://bugs.freedesktop.org/show_bug.cgi?id=109507
  [fdo#109633]: https://bugs.freedesktop.org/show_bug.cgi?id=109633
  [fdo#109673]: https://bugs.freedesktop.org/show_bug.cgi?id=109673
  [fdo#109674]: https://bugs.freedesktop.org/show_bug.cgi?id=109674
  [fdo#109766]: https://bugs.freedesktop.org/show_bug.cgi?id=109766
  [fdo#109801]: https://bugs.freedesktop.org/show_bug.cgi?id=109801
  [fdo#110032]: https://bugs.freedesktop.org/show_bug.cgi?id=110032
  [fdo#110037]: https://bugs.freedesktop.org/show_bug.cgi?id=110037
  [fdo#110038]: https://bugs.freedesktop.org/show_bug.cgi?id=110038
  [fdo#110098]: https://bugs.freedesktop.org/show_bug.cgi?id=110098
  [fdo#99912]: https://bugs.freedesktop.org/show_bug.cgi?id=99912


Participating hosts (10 -> 10)
------------------------------

  No changes in participating hosts


Build changes
-------------

    * Linux: CI_DRM_5743 -> Patchwork_12458

  CI_DRM_5743: e167a588f3614da02999797b9816744e39e31ad7 @ git://anongit.freedesktop.org/gfx-ci/linux
  IGT_4884: c46051337b972f8b5a302afb6f603df06fea527d @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
  Patchwork_12458: dffc35a8e17feeb2a36d0780e5bc3a8acb2d00d5 @ git://anongit.freedesktop.org/gfx-ci/linux
  piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit

== Logs ==

For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_12458/
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

✓ Fi.CI.BAT: success for drm/i915: Sanity check mmap length against object size (rev2)

[Patchwork]

== Series Details ==

Series: drm/i915: Sanity check mmap length against object size (rev2)
URL   : https://patchwork.freedesktop.org/series/57977/
State : success

== Summary ==

CI Bug Log - changes from CI_DRM_5753 -> Patchwork_12482
====================================================

Summary
-------

  **SUCCESS**

  No regressions found.

  External URL: https://patchwork.freedesktop.org/api/1.0/series/57977/revisions/2/mbox/

Known issues
------------

  Here are the changes found in Patchwork_12482 that come from known issues:

### IGT changes ###

#### Issues hit ####

  * igt@amdgpu/amd_basic@userptr:
    - fi-kbl-8809g:       NOTRUN -> DMESG-WARN [fdo#108965]

  * igt@amdgpu/amd_cs_nop@sync-gfx0:
    - fi-kbl-7567u:       NOTRUN -> SKIP [fdo#109271] +33

  * igt@gem_exec_basic@gtt-bsd:
    - fi-bwr-2160:        NOTRUN -> SKIP [fdo#109271] +103

  * igt@gem_exec_basic@readonly-bsd2:
    - fi-pnv-d510:        NOTRUN -> SKIP [fdo#109271] +76

  * igt@gem_exec_suspend@basic-s4-devices:
    - fi-kbl-7500u:       PASS -> DMESG-WARN [fdo#105128] / [fdo#107139]

  * igt@kms_busy@basic-flip-c:
    - fi-bwr-2160:        NOTRUN -> SKIP [fdo#109271] / [fdo#109278]
    - fi-blb-e6850:       NOTRUN -> SKIP [fdo#109271] / [fdo#109278]
    - fi-pnv-d510:        NOTRUN -> SKIP [fdo#109271] / [fdo#109278]

  * igt@kms_chamelium@hdmi-edid-read:
    - fi-kbl-8809g:       NOTRUN -> SKIP [fdo#109271] +65

  * igt@kms_force_connector_basic@force-load-detect:
    - fi-kbl-7560u:       NOTRUN -> SKIP [fdo#109271] +33

  * igt@kms_pipe_crc_basic@hang-read-crc-pipe-c:
    - fi-blb-e6850:       NOTRUN -> SKIP [fdo#109271] +20

  * igt@kms_pipe_crc_basic@suspend-read-crc-pipe-b:
    - fi-blb-e6850:       NOTRUN -> INCOMPLETE [fdo#107718]

  
#### Possible fixes ####

  * igt@gem_ctx_create@basic-files:
    - fi-kbl-7560u:       INCOMPLETE [fdo#103665] -> PASS

  * igt@gem_exec_suspend@basic-s4-devices:
    - fi-blb-e6850:       INCOMPLETE [fdo#107718] -> PASS

  * igt@kms_busy@basic-flip-a:
    - fi-gdg-551:         FAIL [fdo#103182] -> PASS +1

  * igt@kms_frontbuffer_tracking@basic:
    - fi-icl-u3:          FAIL [fdo#103167] -> PASS
    - fi-byt-clapper:     FAIL [fdo#103167] -> PASS

  * igt@kms_pipe_crc_basic@nonblocking-crc-pipe-a-frame-sequence:
    - fi-byt-clapper:     FAIL [fdo#103191] / [fdo#107362] -> PASS +1

  
  {name}: This element is suppressed. This means it is ignored when computing
          the status of the difference (SUCCESS, WARNING, or FAILURE).

  [fdo#103167]: https://bugs.freedesktop.org/show_bug.cgi?id=103167
  [fdo#103182]: https://bugs.freedesktop.org/show_bug.cgi?id=103182
  [fdo#103191]: https://bugs.freedesktop.org/show_bug.cgi?id=103191
  [fdo#103665]: https://bugs.freedesktop.org/show_bug.cgi?id=103665
  [fdo#105128]: https://bugs.freedesktop.org/show_bug.cgi?id=105128
  [fdo#107139]: https://bugs.freedesktop.org/show_bug.cgi?id=107139
  [fdo#107362]: https://bugs.freedesktop.org/show_bug.cgi?id=107362
  [fdo#107718]: https://bugs.freedesktop.org/show_bug.cgi?id=107718
  [fdo#108569]: https://bugs.freedesktop.org/show_bug.cgi?id=108569
  [fdo#108965]: https://bugs.freedesktop.org/show_bug.cgi?id=108965
  [fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271
  [fdo#109278]: https://bugs.freedesktop.org/show_bug.cgi?id=109278


Participating hosts (44 -> 40)
------------------------------

  Additional (4): fi-kbl-7567u fi-kbl-8809g fi-bwr-2160 fi-pnv-d510 
  Missing    (8): fi-kbl-soraka fi-ilk-m540 fi-bxt-dsi fi-hsw-4200u fi-bsw-cyan fi-ctg-p8600 fi-bsw-kefka fi-byt-n2820 


Build changes
-------------

    * Linux: CI_DRM_5753 -> Patchwork_12482

  CI_DRM_5753: 0eb0838c0c26378949de6816166117c8b2d73caa @ git://anongit.freedesktop.org/gfx-ci/linux
  IGT_4887: 5a7c7575b5bb9542f722ed6ba095b9d62609cd56 @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
  Patchwork_12482: d9eab627eda90aa4297246079a55436fd8340089 @ git://anongit.freedesktop.org/gfx-ci/linux


== Linux commits ==

d9eab627eda9 drm/i915: Sanity check mmap length against object size

== Logs ==

For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_12482/
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

✓ Fi.CI.IGT: success for drm/i915: Sanity check mmap length against object size (rev2)

[Patchwork]

== Series Details ==

Series: drm/i915: Sanity check mmap length against object size (rev2)
URL   : https://patchwork.freedesktop.org/series/57977/
State : success

== Summary ==

CI Bug Log - changes from CI_DRM_5753_full -> Patchwork_12482_full
====================================================

Summary
-------

  **SUCCESS**

  No regressions found.

  

Known issues
------------

  Here are the changes found in Patchwork_12482_full that come from known issues:

### IGT changes ###

#### Issues hit ####

  * igt@gem_create@create-clear:
    - shard-iclb:         PASS -> INCOMPLETE [fdo#109100]

  * igt@gem_exec_parallel@bsd1:
    - shard-skl:          NOTRUN -> SKIP [fdo#109271] +68

  * igt@gem_exec_params@no-blt:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109283]

  * igt@gem_pwrite@huge-gtt-random:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109290]

  * igt@i915_pm_backlight@fade_with_suspend:
    - shard-iclb:         NOTRUN -> FAIL [fdo#107847]

  * igt@i915_pm_rpm@cursor:
    - shard-skl:          PASS -> INCOMPLETE [fdo#107807]

  * igt@i915_pm_rpm@system-suspend:
    - shard-skl:          NOTRUN -> INCOMPLETE [fdo#104108] / [fdo#107807]

  * igt@i915_pm_rpm@system-suspend-modeset:
    - shard-iclb:         PASS -> FAIL [fdo#103375]

  * igt@i915_pm_rps@reset:
    - shard-iclb:         NOTRUN -> FAIL [fdo#108059] +1

  * igt@kms_atomic_transition@1x-modeset-transitions-fencing:
    - shard-skl:          PASS -> FAIL [fdo#108470]

  * igt@kms_busy@basic-modeset-e:
    - shard-snb:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +1

  * igt@kms_busy@extended-modeset-hang-newfb-render-b:
    - shard-hsw:          PASS -> DMESG-WARN [fdo#107956]

  * igt@kms_busy@extended-modeset-hang-newfb-with-reset-render-c:
    - shard-skl:          NOTRUN -> DMESG-WARN [fdo#107956]

  * igt@kms_busy@extended-modeset-hang-oldfb-render-e:
    - shard-apl:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278]

  * igt@kms_busy@extended-pageflip-hang-oldfb-render-d:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109278] +4

  * igt@kms_busy@extended-pageflip-modeset-hang-oldfb-render-c:
    - shard-iclb:         PASS -> DMESG-WARN [fdo#107956]

  * igt@kms_ccs@pipe-c-crc-sprite-planes-basic:
    - shard-iclb:         NOTRUN -> FAIL [fdo#107725]

  * igt@kms_chamelium@vga-edid-read:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109284] +1

  * igt@kms_color@pipe-b-legacy-gamma:
    - shard-iclb:         NOTRUN -> FAIL [fdo#104782]

  * igt@kms_cursor_crc@cursor-128x128-onscreen:
    - shard-skl:          NOTRUN -> FAIL [fdo#103232]

  * igt@kms_cursor_crc@cursor-256x256-suspend:
    - shard-skl:          PASS -> FAIL [fdo#103191] / [fdo#103232]

  * igt@kms_cursor_crc@cursor-64x64-dpms:
    - shard-apl:          PASS -> FAIL [fdo#103232]

  * igt@kms_cursor_legacy@2x-long-flip-vs-cursor-legacy:
    - shard-glk:          PASS -> FAIL [fdo#104873]

  * igt@kms_cursor_legacy@2x-long-nonblocking-modeset-vs-cursor-atomic:
    - shard-glk:          PASS -> FAIL [fdo#105454]

  * igt@kms_cursor_legacy@cursor-vs-flip-atomic-transitions:
    - shard-iclb:         PASS -> FAIL [fdo#103355]

  * igt@kms_dp_dsc@basic-dsc-enable-edp:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109349]

  * igt@kms_fbcon_fbt@fbc:
    - shard-iclb:         PASS -> DMESG-WARN [fdo#109593]

  * igt@kms_flip@2x-blocking-absolute-wf_vblank-interruptible:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109274] +1

  * igt@kms_flip@dpms-vs-vblank-race:
    - shard-glk:          PASS -> FAIL [fdo#103060]

  * igt@kms_flip@flip-vs-suspend-interruptible:
    - shard-skl:          PASS -> INCOMPLETE [fdo#109507]

  * igt@kms_flip_tiling@flip-x-tiled:
    - shard-skl:          PASS -> FAIL [fdo#108145] / [fdo#108303]

  * igt@kms_frontbuffer_tracking@fbc-1p-primscrn-spr-indfb-draw-mmap-wc:
    - shard-skl:          NOTRUN -> FAIL [fdo#103167]

  * igt@kms_frontbuffer_tracking@fbc-2p-pri-indfb-multidraw:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109280] +14

  * igt@kms_frontbuffer_tracking@fbc-2p-primscrn-spr-indfb-draw-mmap-wc:
    - shard-snb:          NOTRUN -> SKIP [fdo#109271] +44

  * igt@kms_frontbuffer_tracking@fbcpsr-1p-primscrn-pri-indfb-draw-pwrite:
    - shard-iclb:         PASS -> FAIL [fdo#103167] +1

  * igt@kms_frontbuffer_tracking@fbcpsr-rgb101010-draw-pwrite:
    - shard-iclb:         PASS -> FAIL [fdo#105682] / [fdo#109247] +2

  * igt@kms_frontbuffer_tracking@psr-1p-primscrn-cur-indfb-onoff:
    - shard-iclb:         NOTRUN -> FAIL [fdo#109247] +2

  * igt@kms_frontbuffer_tracking@psr-1p-primscrn-spr-indfb-draw-blt:
    - shard-iclb:         PASS -> FAIL [fdo#109247] +14

  * igt@kms_frontbuffer_tracking@psr-1p-primscrn-spr-indfb-draw-mmap-wc:
    - shard-iclb:         NOTRUN -> FAIL [fdo#103167]

  * igt@kms_pipe_crc_basic@nonblocking-crc-pipe-f:
    - shard-skl:          NOTRUN -> SKIP [fdo#109271] / [fdo#109278] +8

  * igt@kms_plane@plane-panning-bottom-right-suspend-pipe-a-planes:
    - shard-skl:          PASS -> INCOMPLETE [fdo#104108] / [fdo#107773] +1

  * igt@kms_plane_alpha_blend@pipe-a-alpha-basic:
    - shard-skl:          NOTRUN -> FAIL [fdo#107815] / [fdo#108145]

  * igt@kms_plane_alpha_blend@pipe-c-alpha-transparant-fb:
    - shard-skl:          NOTRUN -> FAIL [fdo#108145] +1

  * igt@kms_plane_alpha_blend@pipe-c-constant-alpha-min:
    - shard-skl:          PASS -> FAIL [fdo#108145]

  * igt@kms_plane_alpha_blend@pipe-c-coverage-7efc:
    - shard-skl:          PASS -> FAIL [fdo#107815]

  * igt@kms_plane_scaling@pipe-c-scaler-with-pixel-format:
    - shard-iclb:         NOTRUN -> FAIL [fdo#109052]

  * igt@kms_psr@cursor_plane_onoff:
    - shard-iclb:         NOTRUN -> FAIL [fdo#107383]

  * igt@kms_psr@psr2_sprite_plane_move:
    - shard-iclb:         PASS -> SKIP [fdo#109441] +3

  * igt@kms_psr@psr2_sprite_render:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109441]

  * igt@kms_psr@sprite_blt:
    - shard-iclb:         PASS -> FAIL [fdo#107383]

  * igt@kms_rotation_crc@bad-pixel-format:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109289]

  * igt@kms_rotation_crc@multiplane-rotation-cropping-top:
    - shard-kbl:          PASS -> FAIL [fdo#109016]

  * igt@prime_nv_api@i915_nv_import_twice_check_flink_name:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109291] +3

  * igt@prime_vgem@coherency-gtt:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109292]

  * igt@prime_vgem@fence-wait-bsd1:
    - shard-iclb:         NOTRUN -> SKIP [fdo#109276] +11

  * igt@runner@aborted:
    - shard-iclb:         NOTRUN -> FAIL [fdo#109593]
    - shard-apl:          NOTRUN -> ( 9 FAIL ) [fdo#109373]

  
#### Possible fixes ####

  * igt@gem_exec_schedule@wide-blt:
    - shard-iclb:         DMESG-WARN [fdo#109638] -> PASS

  * igt@gem_mmap_gtt@big-copy-xy:
    - shard-iclb:         TIMEOUT [fdo#109673] -> PASS

  * igt@gem_partial_pwrite_pread@writes-after-reads-snoop:
    - shard-iclb:         INCOMPLETE [fdo#107713] -> PASS

  * igt@gem_ppgtt@blt-vs-render-ctx0:
    - shard-iclb:         INCOMPLETE [fdo#109100] / [fdo#109766] / [fdo#109801] -> PASS

  * igt@i915_selftest@live_workarounds:
    - shard-iclb:         DMESG-FAIL [fdo#108954] -> PASS

  * igt@kms_busy@extended-modeset-hang-newfb-render-a:
    - shard-glk:          DMESG-WARN [fdo#107956] -> PASS

  * igt@kms_ccs@pipe-b-crc-sprite-planes-basic:
    - shard-iclb:         FAIL [fdo#107725] -> PASS

  * igt@kms_cursor_crc@cursor-128x128-sliding:
    - shard-apl:          FAIL [fdo#103232] -> PASS +1

  * igt@kms_cursor_legacy@cursor-vs-flip-legacy:
    - shard-iclb:         FAIL [fdo#103355] -> PASS +1

  * igt@kms_flip@flip-vs-expired-vblank:
    - shard-skl:          FAIL [fdo#105363] -> PASS +1

  * igt@kms_frontbuffer_tracking@fbc-1p-offscren-pri-indfb-draw-mmap-gtt:
    - shard-iclb:         FAIL [fdo#103167] -> PASS +7

  * igt@kms_frontbuffer_tracking@fbc-1p-primscrn-cur-indfb-onoff:
    - shard-apl:          FAIL [fdo#103167] -> PASS +1

  * igt@kms_frontbuffer_tracking@fbc-2p-primscrn-spr-indfb-draw-render:
    - shard-glk:          FAIL [fdo#103167] -> PASS +1

  * igt@kms_frontbuffer_tracking@fbcpsr-1p-offscren-pri-indfb-draw-blt:
    - shard-iclb:         FAIL [fdo#109247] -> PASS +14

  * {igt@kms_plane@pixel-format-pipe-a-planes-source-clamping}:
    - shard-glk:          SKIP [fdo#109271] -> PASS

  * {igt@kms_plane@pixel-format-pipe-b-planes-source-clamping}:
    - shard-apl:          FAIL [fdo#110033] -> PASS

  * {igt@kms_plane@plane-position-covered-pipe-a-planes}:
    - shard-iclb:         FAIL [fdo#110038] -> PASS

  * {igt@kms_plane_multiple@atomic-pipe-a-tiling-x}:
    - shard-apl:          FAIL [fdo#110037] -> PASS +2

  * {igt@kms_plane_multiple@atomic-pipe-a-tiling-y}:
    - shard-iclb:         FAIL [fdo#110037] -> PASS +2

  * {igt@kms_plane_multiple@atomic-pipe-b-tiling-none}:
    - shard-glk:          FAIL [fdo#110037] -> PASS

  * igt@kms_psr2_su@frontbuffer:
    - shard-iclb:         SKIP [fdo#109642] -> PASS

  * igt@kms_psr@cursor_mmap_cpu:
    - shard-iclb:         FAIL [fdo#107383] -> PASS

  * igt@kms_psr@psr2_cursor_mmap_gtt:
    - shard-iclb:         SKIP [fdo#109441] -> PASS

  * igt@kms_rotation_crc@multiplane-rotation-cropping-bottom:
    - shard-kbl:          DMESG-FAIL [fdo#105763] -> PASS

  * igt@kms_setmode@basic:
    - shard-apl:          FAIL [fdo#99912] -> PASS

  * igt@kms_vblank@pipe-c-ts-continuation-modeset-rpm:
    - shard-apl:          FAIL [fdo#104894] -> PASS

  
#### Warnings ####

  * igt@i915_pm_rpm@modeset-non-lpsp:
    - shard-skl:          SKIP [fdo#109271] -> INCOMPLETE [fdo#107807]

  * igt@kms_plane_scaling@pipe-c-scaler-with-pixel-format:
    - shard-glk:          FAIL [fdo#110098] -> SKIP [fdo#109271] / [fdo#109278]

  
  {name}: This element is suppressed. This means it is ignored when computing
          the status of the difference (SUCCESS, WARNING, or FAILURE).

  [fdo#103060]: https://bugs.freedesktop.org/show_bug.cgi?id=103060
  [fdo#103167]: https://bugs.freedesktop.org/show_bug.cgi?id=103167
  [fdo#103191]: https://bugs.freedesktop.org/show_bug.cgi?id=103191
  [fdo#103232]: https://bugs.freedesktop.org/show_bug.cgi?id=103232
  [fdo#103355]: https://bugs.freedesktop.org/show_bug.cgi?id=103355
  [fdo#103375]: https://bugs.freedesktop.org/show_bug.cgi?id=103375
  [fdo#104108]: https://bugs.freedesktop.org/show_bug.cgi?id=104108
  [fdo#104782]: https://bugs.freedesktop.org/show_bug.cgi?id=104782
  [fdo#104873]: https://bugs.freedesktop.org/show_bug.cgi?id=104873
  [fdo#104894]: https://bugs.freedesktop.org/show_bug.cgi?id=104894
  [fdo#105363]: https://bugs.freedesktop.org/show_bug.cgi?id=105363
  [fdo#105454]: https://bugs.freedesktop.org/show_bug.cgi?id=105454
  [fdo#105682]: https://bugs.freedesktop.org/show_bug.cgi?id=105682
  [fdo#105763]: https://bugs.freedesktop.org/show_bug.cgi?id=105763
  [fdo#106885]: https://bugs.freedesktop.org/show_bug.cgi?id=106885
  [fdo#107383]: https://bugs.freedesktop.org/show_bug.cgi?id=107383
  [fdo#107713]: https://bugs.freedesktop.org/show_bug.cgi?id=107713
  [fdo#107725]: https://bugs.freedesktop.org/show_bug.cgi?id=107725
  [fdo#107773]: https://bugs.freedesktop.org/show_bug.cgi?id=107773
  [fdo#107807]: https://bugs.freedesktop.org/show_bug.cgi?id=107807
  [fdo#107815]: https://bugs.freedesktop.org/show_bug.cgi?id=107815
  [fdo#107847]: https://bugs.freedesktop.org/show_bug.cgi?id=107847
  [fdo#107956]: https://bugs.freedesktop.org/show_bug.cgi?id=107956
  [fdo#108059]: https://bugs.freedesktop.org/show_bug.cgi?id=108059
  [fdo#108145]: https://bugs.freedesktop.org/show_bug.cgi?id=108145
  [fdo#108303]: https://bugs.freedesktop.org/show_bug.cgi?id=108303
  [fdo#108470]: https://bugs.freedesktop.org/show_bug.cgi?id=108470
  [fdo#108954]: https://bugs.freedesktop.org/show_bug.cgi?id=108954
  [fdo#109016]: https://bugs.freedesktop.org/show_bug.cgi?id=109016
  [fdo#109052]: https://bugs.freedesktop.org/show_bug.cgi?id=109052
  [fdo#109100]: https://bugs.freedesktop.org/show_bug.cgi?id=109100
  [fdo#109247]: https://bugs.freedesktop.org/show_bug.cgi?id=109247
  [fdo#109271]: https://bugs.freedesktop.org/show_bug.cgi?id=109271
  [fdo#109274]: https://bugs.freedesktop.org/show_bug.cgi?id=109274
  [fdo#109276]: https://bugs.freedesktop.org/show_bug.cgi?id=109276
  [fdo#109278]: https://bugs.freedesktop.org/show_bug.cgi?id=109278
  [fdo#109280]: https://bugs.freedesktop.org/show_bug.cgi?id=109280
  [fdo#109283]: https://bugs.freedesktop.org/show_bug.cgi?id=109283
  [fdo#109284]: https://bugs.freedesktop.org/show_bug.cgi?id=109284
  [fdo#109289]: https://bugs.freedesktop.org/show_bug.cgi?id=109289
  [fdo#109290]: https://bugs.freedesktop.org/show_bug.cgi?id=109290
  [fdo#109291]: https://bugs.freedesktop.org/show_bug.cgi?id=109291
  [fdo#109292]: https://bugs.freedesktop.org/show_bug.cgi?id=109292
  [fdo#109349]: https://bugs.freedesktop.org/show_bug.cgi?id=109349
  [fdo#109373]: https://bugs.freedesktop.org/show_bug.cgi?id=109373
  [fdo#109441]: https://bugs.freedesktop.org/show_bug.cgi?id=109441
  [fdo#109507]: https://bugs.freedesktop.org/show_bug.cgi?id=109507
  [fdo#109593]: https://bugs.freedesktop.org/show_bug.cgi?id=109593
  [fdo#109638]: https://bugs.freedesktop.org/show_bug.cgi?id=109638
  [fdo#109642]: https://bugs.freedesktop.org/show_bug.cgi?id=109642
  [fdo#109673]: https://bugs.freedesktop.org/show_bug.cgi?id=109673
  [fdo#109766]: https://bugs.freedesktop.org/show_bug.cgi?id=109766
  [fdo#109801]: https://bugs.freedesktop.org/show_bug.cgi?id=109801
  [fdo#110033]: https://bugs.freedesktop.org/show_bug.cgi?id=110033
  [fdo#110037]: https://bugs.freedesktop.org/show_bug.cgi?id=110037
  [fdo#110038]: https://bugs.freedesktop.org/show_bug.cgi?id=110038
  [fdo#110098]: https://bugs.freedesktop.org/show_bug.cgi?id=110098
  [fdo#110129]: https://bugs.freedesktop.org/show_bug.cgi?id=110129
  [fdo#99912]: https://bugs.freedesktop.org/show_bug.cgi?id=99912


Participating hosts (10 -> 10)
------------------------------

  No changes in participating hosts


Build changes
-------------

    * Linux: CI_DRM_5753 -> Patchwork_12482

  CI_DRM_5753: 0eb0838c0c26378949de6816166117c8b2d73caa @ git://anongit.freedesktop.org/gfx-ci/linux
  IGT_4887: 5a7c7575b5bb9542f722ed6ba095b9d62609cd56 @ git://anongit.freedesktop.org/xorg/app/intel-gpu-tools
  Patchwork_12482: d9eab627eda90aa4297246079a55436fd8340089 @ git://anongit.freedesktop.org/gfx-ci/linux
  piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit

== Logs ==

For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_12482/
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [PATCH] drm/i915: Sanity check mmap length against object size

[Chris Wilson]

Quoting Chris Wilson (2019-03-14 07:58:29)
> We assumed that vm_mmap() would reject an attempt to mmap past the end of
> the filp (our object), but we were wrong.

Applications that tried to use the mmap beyond the end of the object
would be greeted by a SIGBUS.

> Reported-by: Antonio Argenziano <antonio.argenziano@intel.com>
> Testcase: igt/gem_mmap/bad-size
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Antonio Argenziano <antonio.argenziano@intel.com>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org

Re: [PATCH] drm/i915: Sanity check mmap length against object size

[Joonas Lahtinen]

Quoting Chris Wilson (2019-03-14 09:58:29)
> We assumed that vm_mmap() would reject an attempt to mmap past the end of
> the filp (our object), but we were wrong.
> 
> Reported-by: Antonio Argenziano <antonio.argenziano@intel.com>
> Testcase: igt/gem_mmap/bad-size
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Antonio Argenziano <antonio.argenziano@intel.com>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org

With the SIGBUS => EINVAL difference documented this is:

Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

Regards, Joonas

> ---
>  drivers/gpu/drm/i915/i915_gem.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index b38c9531b5e8..b7086c8d4726 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -1639,8 +1639,13 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>          * pages from.
>          */
>         if (!obj->base.filp) {
> -               i915_gem_object_put(obj);
> -               return -ENXIO;
> +               addr = -ENXIO;
> +               goto err;
> +       }
> +
> +       if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
> +               addr = -EINVAL;
> +               goto err;
>         }
>  
>         addr = vm_mmap(obj->base.filp, 0, args->size,
> @@ -1654,8 +1659,8 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>                 struct vm_area_struct *vma;
>  
>                 if (down_write_killable(&mm->mmap_sem)) {
> -                       i915_gem_object_put(obj);
> -                       return -EINTR;
> +                       addr = -EINTR;
> +                       goto err;
>                 }
>                 vma = find_vma(mm, addr);
>                 if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
> @@ -1673,12 +1678,10 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>         i915_gem_object_put(obj);
>  
>         args->addr_ptr = (u64)addr;
> -
>         return 0;
>  
>  err:
>         i915_gem_object_put(obj);
> -
>         return addr;
>  }
>  
> -- 
> 2.20.1
> 

Re: [PATCH] drm/i915: Sanity check mmap length against object size

[Joonas Lahtinen]

Quoting Chris Wilson (2019-03-14 09:58:29)
> We assumed that vm_mmap() would reject an attempt to mmap past the end of
> the filp (our object), but we were wrong.
> 
> Reported-by: Antonio Argenziano <antonio.argenziano@intel.com>
> Testcase: igt/gem_mmap/bad-size
> Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Antonio Argenziano <antonio.argenziano@intel.com>
> Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
> Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
> Cc: stable@vger.kernel.org

With the SIGBUS => EINVAL difference documented this is:

Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>

Regards, Joonas

> ---
>  drivers/gpu/drm/i915/i915_gem.c | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index b38c9531b5e8..b7086c8d4726 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -1639,8 +1639,13 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>          * pages from.
>          */
>         if (!obj->base.filp) {
> -               i915_gem_object_put(obj);
> -               return -ENXIO;
> +               addr = -ENXIO;
> +               goto err;
> +       }
> +
> +       if (range_overflows(args->offset, args->size, (u64)obj->base.size)) {
> +               addr = -EINVAL;
> +               goto err;
>         }
>  
>         addr = vm_mmap(obj->base.filp, 0, args->size,
> @@ -1654,8 +1659,8 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>                 struct vm_area_struct *vma;
>  
>                 if (down_write_killable(&mm->mmap_sem)) {
> -                       i915_gem_object_put(obj);
> -                       return -EINTR;
> +                       addr = -EINTR;
> +                       goto err;
>                 }
>                 vma = find_vma(mm, addr);
>                 if (vma && __vma_matches(vma, obj->base.filp, addr, args->size))
> @@ -1673,12 +1678,10 @@ i915_gem_mmap_ioctl(struct drm_device *dev, void *data,
>         i915_gem_object_put(obj);
>  
>         args->addr_ptr = (u64)addr;
> -
>         return 0;
>  
>  err:
>         i915_gem_object_put(obj);
> -
>         return addr;
>  }
>  
> -- 
> 2.20.1
> 

Re: [PATCH] drm/i915: Sanity check mmap length against object size

[Sasha Levin]

Hi,

[This is an automated email]

This commit has been processed because it contains a -stable tag.
The stable tag indicates that it's relevant for the following trees: all

The bot has tested the following trees: v5.0.3, v4.19.30, v4.14.107, v4.9.164, v4.4.176, v3.18.136.

v5.0.3: Failed to apply! Possible dependencies:
    739f3abdbfcf ("drm/i915: small isolated c99 types to kernel types switch")
    ebfb6977801d ("drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set")

v4.19.30: Failed to apply! Possible dependencies:
    739f3abdbfcf ("drm/i915: small isolated c99 types to kernel types switch")
    ebfb6977801d ("drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set")
    f28ec6f4ea48 ("drm/i915: Constify power well descriptors")

v4.14.107: Failed to apply! Possible dependencies:
    0d6fc92a73e0 ("drm/i915: Separate RPS and RC6 handling for VLV")
    274b2462a049 ("drm/i915: Object w/o backing storage is banned by -ENXIO")
    3e8ddd9e5071 ("drm/i915: Nuke some bogus tabs from the pcode defines")
    48469eced282 ("drm/i915: Use cdclk_state->voltage on CNL")
    5161d058dff4 ("drm/i915: Fix BXT lane latency optimal setting with MST")
    53e9bf5e8159 ("drm/i915: Adjust system agent voltage on CNL if required by DDI ports")
    61843f0e6212 ("drm/i915: Name the IPS_PCODE_CONTROL bit")
    739f3abdbfcf ("drm/i915: small isolated c99 types to kernel types switch")
    960e54652cee ("drm/i915: Separate RPS and RC6 handling for gen6+")
    9f817501bd7f ("drm/i915: Move rps.hw_lock to dev_priv and s/hw_lock/pcu_lock")
    d305e0614601 ("drm/i915: Track minimum acceptable cdclk instead of "minimum dotclock"")
    d46b00dc38c8 ("drm/i915: Separate RPS and RC6 handling for CHV")

v4.9.164: Failed to apply! Possible dependencies:
    0e70447605f4 ("drm/i915: Move common code out of i915_gpu_error.c")
    1b36595ffb35 ("drm/i915: Show RING registers through debugfs")
    3b3f1650b1ca ("drm/i915: Allocate intel_engine_cs structure only for the enabled engines")
    9c870d03674f ("drm/i915: Use RPM as the barrier for controlling user mmap access")
    bb6dc8d96b68 ("drm/i915: Implement pread without struct-mutex")
    d636951ec01b ("drm/i915: Cleanup instdone collection")
    f0cd518206e1 ("drm/i915: Use lockless object free")
    f9e613728090 ("drm/i915: Try to print INSTDONE bits for all slice/subslice")

v4.4.176: Failed to apply! Possible dependencies:
    03ac0642f67a ("drm/i915: Wrap drm_gem_object_lookup in i915_gem_object_lookup")
    1b5708ffb103 ("drm/amdgpu: export amd_powerplay_func to amdgpu and other ip block")
    1ea863fd736e ("drm/amdgpu: keep the prefered/allowed domains in the BO")
    1f7371b2a5fa ("drm/amd/powerplay: add basic powerplay framework")
    288912cb95d1 ("drm/amdgpu: use $(src) in Makefile (v2)")
    2a7d9bdabec2 ("drm/amdgpu: cleanup amdgpu_cs_parser_relocs")
    2f4b9400336e ("drm/amdgpu: clean up hw semaphore support in driver")
    36409d122cb8 ("drm/amdgpu: cleanup amdgpu_cs_list_validate")
    3a2c788d95a2 ("drm/amdgpu: share struct amdgpu_pm_state_type with powerplay module")
    3af76f23a45b ("drm/amdgpu: export fan control functions to amdgpu")
    3c0eea6c35d9 ("drm/amdgpu: put VM page tables directly into duplicates list")
    4ff37a83f19d ("drm/amdgpu: fix VM faults caused by vm_grab_id() v4")
    56467ebfb254 ("drm/amdgpu: split VM PD and PT handling during CS")
    636ce25c3001 ("drm/amdgpu: cleanup bo list bucket handling")
    758ac17f963f ("drm/amdgpu: fix and cleanup user fence handling v2")
    8d0a7cea824a ("drm/amdgpu: grab VMID before submitting job v5")
    a8ad0bd84f98 ("drm: Remove unused drm_device from drm_gem_object_lookup()")
    be86c606b50a ("drm/amdgpu: cleanup amdgpu_sync_rings V2")
    c5637837ba5d ("drm/amdgpu: keep vm in job instead of ib (v2)")
    cc325d191347 ("drm/amdgpu: check userptrs mm earlier")
    d8e0cae64550 ("drm/amdgpu: validate duplicates first")
    e61710c59dd2 ("drm/amdgpu: support per device powerplay enablement (v2)")
    edf600dac65e ("drm/amd: cleanup remaining spaces and tabs v2")
    ee1782c3f27f ("drm/amdgpu: keep the PTs validation list in the VM v2")
    f69f90a113f2 ("drm/amdgpu: fix amdgpu_cs_get_threshold_for_moves handling")

v3.18.136: Failed to apply! Possible dependencies:
    03ac0642f67a ("drm/i915: Wrap drm_gem_object_lookup in i915_gem_object_lookup")
    049fc527b464 ("drm/amdgpu: dispatch jobs in cs")
    1d263474c441 ("drm/amdgpu: unwind properly in amdgpu_cs_parser_init()")
    2a7d9bdabec2 ("drm/amdgpu: cleanup amdgpu_cs_parser_relocs")
    3cb485f34049 ("drm/amdgpu: fix context switch")
    46651cc5dbee ("drm/amdgpu fix amdgpu.dpm=0 (v2)")
    564ea7900cff ("drm/amdgpu: enable uvd dpm and powergating")
    5fc3aeeb9e55 ("drm/amdgpu: rename amdgpu_ip_funcs to amd_ip_funcs (v2)")
    636ce25c3001 ("drm/amdgpu: cleanup bo list bucket handling")
    72efa7ebdea0 ("drm/amdgpu: check context id for context switching (v2)")
    81629cba1f12 ("drm/amdgpu: add amdgpu uapi header (v4)")
    840d51445f15 ("drm/amdgpu: fix bug occurs when bo_list is NULL")
    8e9198d0698a ("drm/amdgpu: move some atombios definitions to common folder (v2)")
    97b2e202fba0 ("drm/amdgpu: add amdgpu.h (v2)")
    a2e73f56fa62 ("drm/amdgpu: Add support for CIK parts")
    a3348bb801ba ("drm/amdgpu: don't need to use bo_list_clone any more")
    a5b750583eb4 ("drm/amdgpu: validate duplicates in the CS as well")
    a8ad0bd84f98 ("drm: Remove unused drm_device from drm_gem_object_lookup()")
    a961ea7349d0 ("drm/amdgpu: fix userptr lockup")
    aa2bdb247620 ("drm/amdgpu: add CE preamble flag v3")
    aaa36a976bbb ("drm/amdgpu: Add initial VI support")
    b80d8475c1fd ("drm/amdgpu: add scheduler initialization")
    c1b69ed0c62f ("drm/amdgpu: add backend implementation of gpu scheduler (v2)")
    cc325d191347 ("drm/amdgpu: check userptrs mm earlier")
    d2edb07b10fc ("drm/amdgpu: cleanup HDP flush handling")
    d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)")
    d7006964d46d ("drm/amdgpu: fix issue with overlapping userptrs")
    d919ad49ac04 ("drm/amdgpu: fix dereference before check")
    de807f818b95 ("drm/amdgpu: add flags for amdgpu_ib structure")


How should we proceed with this patch?

--
Thanks,
Sasha
_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx