* [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
@ 2022-03-03 6:04 Mastan Katragadda
2022-03-03 6:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
` (5 more replies)
0 siblings, 6 replies; 15+ messages in thread
From: Mastan Katragadda @ 2022-03-03 6:04 UTC (permalink / raw)
To: intel-gfx; +Cc: mastanx.katragadda, tejaskumarx.surendrakumar.upadhyay
Intel ID: PSIRT-PTK0002429
A missing bounds check in vm_access()can lead to an out-of-bounds read or
write in the adjacent memory area.The len attribute is not validated before
the memcpy at [1]or [2] occurs.
[ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000
[ 183.637934] #PF: supervisor read access in kernel mode
[ 183.637997] #PF: error_code(0x0000) - not-present page
[ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0
[ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
[ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1
[ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019
[ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10
[ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246
[ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc
[ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004
[ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000
[ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000
[ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000
[ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000
[ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0
[ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 183.650142] Call Trace:
[ 183.650988] <TASK>
[ 183.651793] vm_access+0x1f0/0x2a0 [i915]
[ 183.652726] __access_remote_vm+0x224/0x380
[ 183.653561] mem_rw.isra.0+0xf9/0x190
[ 183.654402] vfs_read+0x9d/0x1b0
[ 183.655238] ksys_read+0x63/0xe0
[ 183.656065] do_syscall_64+0x38/0xc0
[ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 183.657663] RIP: 0033:0x7fe5ef725142
[ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142
[ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005
[ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046
[ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0
[ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000
[ 183.664566] </TASK>
Changes since v1:
- Updated if condition with range_overflows_t [Chris Wilson]
Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
Suggested-by: Adam Zabrocki <adamza@microsoft.com>
Reported-by: Jackson Cody <cody.jackson@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Bloomfield Jon <jon.bloomfield@intel.com>
Cc: Dutt Sudeep <sudeep.dutt@intel.com>
---
drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
index efe69d6b86f4..c3ea243d414d 100644
--- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
@@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned long addr,
return -EACCES;
addr -= area->vm_start;
- if (addr >= obj->base.size)
+ if (range_overflows_t(u64, addr, len, obj->base.size))
return -EINVAL;
i915_gem_ww_ctx_init(&ww, true);
--
2.25.1
^ permalink raw reply related [flat|nested] 15+ messages in thread
* [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
@ 2022-03-03 6:48 ` Patchwork
2022-03-10 9:20 ` Matthew Auld
2022-03-03 9:00 ` [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Tvrtko Ursulin
` (4 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Patchwork @ 2022-03-03 6:48 UTC (permalink / raw)
To: Mastan Katragadda; +Cc: intel-gfx
[-- Attachment #1: Type: text/plain, Size: 8552 bytes --]
== Series Details ==
Series: drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
URL : https://patchwork.freedesktop.org/series/100932/
State : failure
== Summary ==
CI Bug Log - changes from CI_DRM_11316 -> Patchwork_22468
====================================================
Summary
-------
**FAILURE**
Serious unknown changes coming with Patchwork_22468 absolutely need to be
verified manually.
If you think the reported changes have nothing to do with the changes
introduced in Patchwork_22468, please notify your bug team to allow them
to document this new failure mode, which will reduce false positives in CI.
External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
Participating hosts (50 -> 41)
------------------------------
Additional (1): bat-adlp-4
Missing (10): fi-kbl-soraka shard-tglu bat-dg1-5 fi-hsw-4200u fi-bsw-cyan fi-ctg-p8600 shard-rkl shard-dg1 bat-jsl-2 fi-bdw-samus
Possible new issues
-------------------
Here are the unknown changes that may have been introduced in Patchwork_22468:
### IGT changes ###
#### Possible regressions ####
* igt@gem_exec_suspend@basic-s0@smem:
- fi-kbl-7567u: [PASS][1] -> [DMESG-WARN][2]
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
* igt@i915_pm_rpm@basic-pci-d3-state:
- fi-skl-6600u: [PASS][3] -> [FAIL][4]
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
Known issues
------------
Here are the changes found in Patchwork_22468 that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@gem_lmem_swapping@basic:
- bat-adlp-4: NOTRUN -> [SKIP][5] ([i915#4613]) +3 similar issues
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_lmem_swapping@basic.html
* igt@gem_tiled_pread_basic:
- bat-adlp-4: NOTRUN -> [SKIP][6] ([i915#3282])
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_tiled_pread_basic.html
* igt@kms_busy@basic@modeset:
- bat-adlp-4: NOTRUN -> [DMESG-WARN][7] ([i915#3576])
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_busy@basic@modeset.html
* igt@kms_chamelium@vga-hpd-fast:
- bat-adlp-4: NOTRUN -> [SKIP][8] ([fdo#111827]) +8 similar issues
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_chamelium@vga-hpd-fast.html
* igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy:
- bat-adlp-4: NOTRUN -> [SKIP][9] ([i915#4103]) +1 similar issue
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy.html
* igt@kms_force_connector_basic@force-load-detect:
- bat-adlp-4: NOTRUN -> [SKIP][10] ([fdo#109285])
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_force_connector_basic@force-load-detect.html
* igt@prime_vgem@basic-fence-read:
- bat-adlp-4: NOTRUN -> [SKIP][11] ([i915#3291] / [i915#3708]) +2 similar issues
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-fence-read.html
* igt@prime_vgem@basic-userptr:
- bat-adlp-4: NOTRUN -> [SKIP][12] ([i915#3301] / [i915#3708])
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-userptr.html
* igt@runner@aborted:
- fi-kbl-7567u: NOTRUN -> [FAIL][13] ([i915#4312])
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@runner@aborted.html
- fi-bdw-5557u: NOTRUN -> [FAIL][14] ([i915#2426] / [i915#4312])
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@runner@aborted.html
#### Possible fixes ####
* igt@gem_exec_suspend@basic-s3@smem:
- fi-bdw-5557u: [INCOMPLETE][15] ([i915#146]) -> [PASS][16]
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
* igt@i915_pm_rpm@module-reload:
- fi-icl-u2: [FAIL][17] ([i915#3049]) -> [PASS][18]
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
* igt@i915_selftest@live@evict:
- {bat-rpls-2}: [DMESG-WARN][19] ([i915#4391]) -> [PASS][20] +1 similar issue
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-rpls-2/igt@i915_selftest@live@evict.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-rpls-2/igt@i915_selftest@live@evict.html
* igt@i915_selftest@live@hangcheck:
- fi-icl-u2: [DMESG-WARN][21] ([i915#2867]) -> [PASS][22] +7 similar issues
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
- bat-dg1-6: [DMESG-FAIL][23] ([i915#4494] / [i915#4957]) -> [PASS][24]
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
* igt@i915_selftest@live@workarounds:
- {bat-adlp-6}: [DMESG-WARN][25] ([i915#5068]) -> [PASS][26]
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@i915_selftest@live@workarounds.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@i915_selftest@live@workarounds.html
* igt@kms_busy@basic@flip:
- {bat-adlp-6}: [DMESG-WARN][27] ([i915#3576]) -> [PASS][28] +1 similar issue
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@kms_busy@basic@flip.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@kms_busy@basic@flip.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#109285]: https://bugs.freedesktop.org/show_bug.cgi?id=109285
[fdo#111827]: https://bugs.freedesktop.org/show_bug.cgi?id=111827
[i915#146]: https://gitlab.freedesktop.org/drm/intel/issues/146
[i915#2426]: https://gitlab.freedesktop.org/drm/intel/issues/2426
[i915#2867]: https://gitlab.freedesktop.org/drm/intel/issues/2867
[i915#3049]: https://gitlab.freedesktop.org/drm/intel/issues/3049
[i915#3282]: https://gitlab.freedesktop.org/drm/intel/issues/3282
[i915#3291]: https://gitlab.freedesktop.org/drm/intel/issues/3291
[i915#3301]: https://gitlab.freedesktop.org/drm/intel/issues/3301
[i915#3576]: https://gitlab.freedesktop.org/drm/intel/issues/3576
[i915#3708]: https://gitlab.freedesktop.org/drm/intel/issues/3708
[i915#4103]: https://gitlab.freedesktop.org/drm/intel/issues/4103
[i915#4312]: https://gitlab.freedesktop.org/drm/intel/issues/4312
[i915#4391]: https://gitlab.freedesktop.org/drm/intel/issues/4391
[i915#4494]: https://gitlab.freedesktop.org/drm/intel/issues/4494
[i915#4613]: https://gitlab.freedesktop.org/drm/intel/issues/4613
[i915#4957]: https://gitlab.freedesktop.org/drm/intel/issues/4957
[i915#5068]: https://gitlab.freedesktop.org/drm/intel/issues/5068
Build changes
-------------
* Linux: CI_DRM_11316 -> Patchwork_22468
CI-20190529: 20190529
CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @ https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://anongit.freedesktop.org/gfx-ci/linux
== Linux commits ==
49f7781dc740 drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
[-- Attachment #2: Type: text/html, Size: 9854 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
2022-03-03 6:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
@ 2022-03-03 9:00 ` Tvrtko Ursulin
2022-03-03 10:43 ` Matthew Auld
2022-03-03 9:33 ` Jani Nikula
` (3 subsequent siblings)
5 siblings, 1 reply; 15+ messages in thread
From: Tvrtko Ursulin @ 2022-03-03 9:00 UTC (permalink / raw)
To: Mastan Katragadda, intel-gfx, Matthew Auld
Cc: tejaskumarx.surendrakumar.upadhyay
+ Matt
On 03/03/2022 06:04, Mastan Katragadda wrote:
> Intel ID: PSIRT-PTK0002429
>
> A missing bounds check in vm_access()can lead to an out-of-bounds read or
> write in the adjacent memory area.The len attribute is not validated before
> the memcpy at [1]or [2] occurs.
s/[1]or [2]/later in the function/ ?
>
> [ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000
> [ 183.637934] #PF: supervisor read access in kernel mode
> [ 183.637997] #PF: error_code(0x0000) - not-present page
> [ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0
> [ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1
> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019
> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10
> [ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246
> [ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc
> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004
> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000
> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000
> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000
> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000
> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0
> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 183.650142] Call Trace:
> [ 183.650988] <TASK>
> [ 183.651793] vm_access+0x1f0/0x2a0 [i915]
> [ 183.652726] __access_remote_vm+0x224/0x380
> [ 183.653561] mem_rw.isra.0+0xf9/0x190
> [ 183.654402] vfs_read+0x9d/0x1b0
> [ 183.655238] ksys_read+0x63/0xe0
> [ 183.656065] do_syscall_64+0x38/0xc0
> [ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae
> [ 183.657663] RIP: 0033:0x7fe5ef725142
> [ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142
> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005
> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046
> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0
> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000
> [ 183.664566] </TASK>
>
> Changes since v1:
> - Updated if condition with range_overflows_t [Chris Wilson]
>
> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
> Reported-by: Jackson Cody <cody.jackson@intel.com>
> Cc: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb access into mmaps")
Cc: <stable@vger.kernel.org> # v5.8+
Right?
There was a selftest added with the referenced patch and it sounds like it would be a good idea to extend it to cover this scenario. As a separate patch though so this one is easy to backport.
Regards,
Tvrtko
> ---
> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> index efe69d6b86f4..c3ea243d414d 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned long addr,
> return -EACCES;
>
> addr -= area->vm_start;
> - if (addr >= obj->base.size)
> + if (range_overflows_t(u64, addr, len, obj->base.size))
> return -EINVAL;
>
> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
2022-03-03 6:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
2022-03-03 9:00 ` [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Tvrtko Ursulin
@ 2022-03-03 9:33 ` Jani Nikula
2022-03-10 15:40 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
` (2 subsequent siblings)
5 siblings, 0 replies; 15+ messages in thread
From: Jani Nikula @ 2022-03-03 9:33 UTC (permalink / raw)
To: Mastan Katragadda, intel-gfx
Cc: mastanx.katragadda, tejaskumarx.surendrakumar.upadhyay
On Thu, 03 Mar 2022, Mastan Katragadda <mastanx.katragadda@intel.com> wrote:
> Intel ID: PSIRT-PTK0002429
What's that and why is it the first thing in the commit message?
BR,
Jani.
>
> A missing bounds check in vm_access()can lead to an out-of-bounds read or
> write in the adjacent memory area.The len attribute is not validated before
> the memcpy at [1]or [2] occurs.
>
> [ 183.637831] BUG: unable to handle page fault for address: ffffc90000c86000
> [ 183.637934] #PF: supervisor read access in kernel mode
> [ 183.637997] #PF: error_code(0x0000) - not-present page
> [ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0
> [ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D 5.17.0-rc6-ci-drm-11296+ #1
> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319 05/30/2019
> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10
> [ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246
> [ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX: 0000000000000ffc
> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI: ffff888109c14004
> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09: 0000000000000000
> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12: 0000000000001000
> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15: 0000000000001000
> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000) knlGS:0000000000000000
> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4: 00000000003706e0
> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 183.650142] Call Trace:
> [ 183.650988] <TASK>
> [ 183.651793] vm_access+0x1f0/0x2a0 [i915]
> [ 183.652726] __access_remote_vm+0x224/0x380
> [ 183.653561] mem_rw.isra.0+0xf9/0x190
> [ 183.654402] vfs_read+0x9d/0x1b0
> [ 183.655238] ksys_read+0x63/0xe0
> [ 183.656065] do_syscall_64+0x38/0xc0
> [ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae
> [ 183.657663] RIP: 0033:0x7fe5ef725142
> [ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX: 00007fe5ef725142
> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI: 0000000000000005
> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09: 0000000000000046
> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12: 0000557055dfb1c0
> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15: 0000000000000000
> [ 183.664566] </TASK>
>
> Changes since v1:
> - Updated if condition with range_overflows_t [Chris Wilson]
>
> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
> Reported-by: Jackson Cody <cody.jackson@intel.com>
> Cc: Chris Wilson <chris@chris-wilson.co.uk>
> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
> ---
> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> index efe69d6b86f4..c3ea243d414d 100644
> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned long addr,
> return -EACCES;
>
> addr -= area->vm_start;
> - if (addr >= obj->base.size)
> + if (range_overflows_t(u64, addr, len, obj->base.size))
> return -EINVAL;
>
> i915_gem_ww_ctx_init(&ww, true);
--
Jani Nikula, Intel Open Source Graphics Center
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-03 9:00 ` [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Tvrtko Ursulin
@ 2022-03-03 10:43 ` Matthew Auld
2022-03-04 4:07 ` Katragadda, MastanX
2022-03-09 1:46 ` Katragadda, MastanX
0 siblings, 2 replies; 15+ messages in thread
From: Matthew Auld @ 2022-03-03 10:43 UTC (permalink / raw)
To: Tvrtko Ursulin, Mastan Katragadda, intel-gfx
Cc: tejaskumarx.surendrakumar.upadhyay
On 03/03/2022 09:00, Tvrtko Ursulin wrote:
>
> + Matt
>
> On 03/03/2022 06:04, Mastan Katragadda wrote:
>> Intel ID: PSIRT-PTK0002429
>>
>> A missing bounds check in vm_access()can lead to an out-of-bounds read or
>> write in the adjacent memory area.The len attribute is not validated
>> before
>> the memcpy at [1]or [2] occurs.
>
> s/[1]or [2]/later in the function/ ?
>
>>
>> [ 183.637831] BUG: unable to handle page fault for address:
>> ffffc90000c86000
>> [ 183.637934] #PF: supervisor read access in kernel mode
>> [ 183.637997] #PF: error_code(0x0000) - not-present page
>> [ 183.638059] PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067
>> PTE 0
>> [ 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
>> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D
>> 5.17.0-rc6-ci-drm-11296+ #1
>> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client
>> Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319
>> 05/30/2019
>> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10
>> [ 183.640213] RSP: 0018:ffffc90001763d48 EFLAGS: 00010246
>> [ 183.641117] RAX: ffff888109c14000 RBX: ffff888111bece40 RCX:
>> 0000000000000ffc
>> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI:
>> ffff888109c14004
>> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09:
>> 0000000000000000
>> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12:
>> 0000000000001000
>> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15:
>> 0000000000001000
>> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000)
>> knlGS:0000000000000000
>> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> [ 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4:
>> 00000000003706e0
>> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 183.650142] Call Trace:
>> [ 183.650988] <TASK>
>> [ 183.651793] vm_access+0x1f0/0x2a0 [i915]
>> [ 183.652726] __access_remote_vm+0x224/0x380
>> [ 183.653561] mem_rw.isra.0+0xf9/0x190
>> [ 183.654402] vfs_read+0x9d/0x1b0
>> [ 183.655238] ksys_read+0x63/0xe0
>> [ 183.656065] do_syscall_64+0x38/0xc0
>> [ 183.656882] entry_SYSCALL_64_after_hwframe+0x44/0xae
>> [ 183.657663] RIP: 0033:0x7fe5ef725142
>> [ 183.659351] RSP: 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000000
>> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX:
>> 00007fe5ef725142
>> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI:
>> 0000000000000005
>> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09:
>> 0000000000000046
>> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12:
>> 0000557055dfb1c0
>> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15:
>> 0000000000000000
>> [ 183.664566] </TASK>
>>
>> Changes since v1:
>> - Updated if condition with range_overflows_t [Chris Wilson]
>>
>> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
>> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
>> Reported-by: Jackson Cody <cody.jackson@intel.com>
>> Cc: Chris Wilson <chris@chris-wilson.co.uk>
>> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
>> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
>
> Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb access
> into mmaps")
> Cc: <stable@vger.kernel.org> # v5.8+
>
> Right?
>
> There was a selftest added with the referenced patch and it sounds like
> it would be a good idea to extend it to cover this scenario. As a
> separate patch though so this one is easy to backport.
Agreed, a simple regression test(either selftest or igt) for this would
be nice, if possible.
>
> Regards,
>
> Tvrtko
>
>> ---
>> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> index efe69d6b86f4..c3ea243d414d 100644
>> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned
>> long addr,
>> return -EACCES;
>> addr -= area->vm_start;
>> - if (addr >= obj->base.size)
>> + if (range_overflows_t(u64, addr, len, obj->base.size))
>> return -EINVAL;
Other users like ttm_bo_vm_access are also checking if len <= 0, should
we also add an explicit check for that here? Otherwise LGTM.
>> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-03 10:43 ` Matthew Auld
@ 2022-03-04 4:07 ` Katragadda, MastanX
2022-03-09 1:46 ` Katragadda, MastanX
1 sibling, 0 replies; 15+ messages in thread
From: Katragadda, MastanX @ 2022-03-04 4:07 UTC (permalink / raw)
To: Auld, Matthew, Tvrtko Ursulin, intel-gfx
Cc: Surendrakumar Upadhyay, TejaskumarX
Hi Tvrtko
Can we need extend this patch by adding selftest?
Thanks,
Mastan
-----Original Message-----
From: Auld, Matthew <matthew.auld@intel.com>
Sent: 03 March 2022 16:14
To: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>; Katragadda, MastanX <mastanx.katragadda@intel.com>; intel-gfx@lists.freedesktop.org
Cc: Surendrakumar Upadhyay, TejaskumarX <tejaskumarx.surendrakumar.upadhyay@intel.com>
Subject: Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
On 03/03/2022 09:00, Tvrtko Ursulin wrote:
>
> + Matt
>
> On 03/03/2022 06:04, Mastan Katragadda wrote:
>> Intel ID: PSIRT-PTK0002429
>>
>> A missing bounds check in vm_access()can lead to an out-of-bounds
>> read or write in the adjacent memory area.The len attribute is not
>> validated before the memcpy at [1]or [2] occurs.
>
> s/[1]or [2]/later in the function/ ?
>
>>
>> [ 183.637831] BUG: unable to handle page fault for address:
>> ffffc90000c86000
>> [ 183.637934] #PF: supervisor read access in kernel mode [
>> 183.637997] #PF: error_code(0x0000) - not-present page [ 183.638059]
>> PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0 [
>> 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
>> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D
>> 5.17.0-rc6-ci-drm-11296+ #1
>> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client
>> Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319
>> 05/30/2019
>> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10 [ 183.640213] RSP:
>> 0018:ffffc90001763d48 EFLAGS: 00010246 [ 183.641117] RAX:
>> ffff888109c14000 RBX: ffff888111bece40 RCX:
>> 0000000000000ffc
>> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI:
>> ffff888109c14004
>> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09:
>> 0000000000000000
>> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12:
>> 0000000000001000
>> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15:
>> 0000000000001000
>> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000)
>> knlGS:0000000000000000
>> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
>> 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4:
>> 00000000003706e0
>> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 183.650142] Call Trace:
>> [ 183.650988] <TASK>
>> [ 183.651793] vm_access+0x1f0/0x2a0 [i915] [ 183.652726]
>> __access_remote_vm+0x224/0x380 [ 183.653561]
>> mem_rw.isra.0+0xf9/0x190 [ 183.654402] vfs_read+0x9d/0x1b0 [
>> 183.655238] ksys_read+0x63/0xe0 [ 183.656065]
>> do_syscall_64+0x38/0xc0 [ 183.656882]
>> entry_SYSCALL_64_after_hwframe+0x44/0xae
>> [ 183.657663] RIP: 0033:0x7fe5ef725142 [ 183.659351] RSP:
>> 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000000
>> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX:
>> 00007fe5ef725142
>> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI:
>> 0000000000000005
>> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09:
>> 0000000000000046
>> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12:
>> 0000557055dfb1c0
>> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15:
>> 0000000000000000
>> [ 183.664566] </TASK>
>>
>> Changes since v1:
>> - Updated if condition with range_overflows_t [Chris Wilson]
>>
>> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
>> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
>> Reported-by: Jackson Cody <cody.jackson@intel.com>
>> Cc: Chris Wilson <chris@chris-wilson.co.uk>
>> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
>> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
>
> Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb
> access into mmaps")
> Cc: <stable@vger.kernel.org> # v5.8+
>
> Right?
>
> There was a selftest added with the referenced patch and it sounds
> like it would be a good idea to extend it to cover this scenario. As
> a separate patch though so this one is easy to backport.
Agreed, a simple regression test(either selftest or igt) for this would be nice, if possible.
>
> Regards,
>
> Tvrtko
>
>> ---
>> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> index efe69d6b86f4..c3ea243d414d 100644
>> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned
>> long addr,
>> return -EACCES;
>> addr -= area->vm_start;
>> - if (addr >= obj->base.size)
>> + if (range_overflows_t(u64, addr, len, obj->base.size))
>> return -EINVAL;
Other users like ttm_bo_vm_access are also checking if len <= 0, should we also add an explicit check for that here? Otherwise LGTM.
>> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-03 10:43 ` Matthew Auld
2022-03-04 4:07 ` Katragadda, MastanX
@ 2022-03-09 1:46 ` Katragadda, MastanX
2022-03-09 11:19 ` Katragadda, MastanX
1 sibling, 1 reply; 15+ messages in thread
From: Katragadda, MastanX @ 2022-03-09 1:46 UTC (permalink / raw)
To: Auld, Matthew, Tvrtko Ursulin, intel-gfx
Cc: Surendrakumar Upadhyay, TejaskumarX
On 03/03/2022 09:00, Tvrtko Ursulin wrote:
>
> + Matt
>
> On 03/03/2022 06:04, Mastan Katragadda wrote:
>> Intel ID: PSIRT-PTK0002429
>>
>> A missing bounds check in vm_access()can lead to an out-of-bounds
>> read or write in the adjacent memory area.The len attribute is not
>> validated before the memcpy at [1]or [2] occurs.
>
> s/[1]or [2]/later in the function/ ?
>
>>
>> [ 183.637831] BUG: unable to handle page fault for address:
>> ffffc90000c86000
>> [ 183.637934] #PF: supervisor read access in kernel mode [
>> 183.637997] #PF: error_code(0x0000) - not-present page [ 183.638059]
>> PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0 [
>> 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
>> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D
>> 5.17.0-rc6-ci-drm-11296+ #1
>> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client
>> Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319
>> 05/30/2019
>> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10 [ 183.640213] RSP:
>> 0018:ffffc90001763d48 EFLAGS: 00010246 [ 183.641117] RAX:
>> ffff888109c14000 RBX: ffff888111bece40 RCX:
>> 0000000000000ffc
>> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI:
>> ffff888109c14004
>> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09:
>> 0000000000000000
>> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12:
>> 0000000000001000
>> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15:
>> 0000000000001000
>> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000)
>> knlGS:0000000000000000
>> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
>> 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4:
>> 00000000003706e0
>> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 183.650142] Call Trace:
>> [ 183.650988] <TASK>
>> [ 183.651793] vm_access+0x1f0/0x2a0 [i915] [ 183.652726]
>> __access_remote_vm+0x224/0x380 [ 183.653561]
>> mem_rw.isra.0+0xf9/0x190 [ 183.654402] vfs_read+0x9d/0x1b0 [
>> 183.655238] ksys_read+0x63/0xe0 [ 183.656065]
>> do_syscall_64+0x38/0xc0 [ 183.656882]
>> entry_SYSCALL_64_after_hwframe+0x44/0xae
>> [ 183.657663] RIP: 0033:0x7fe5ef725142 [ 183.659351] RSP:
>> 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000000
>> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX:
>> 00007fe5ef725142
>> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI:
>> 0000000000000005
>> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09:
>> 0000000000000046
>> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12:
>> 0000557055dfb1c0
>> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15:
>> 0000000000000000
>> [ 183.664566] </TASK>
>>
>> Changes since v1:
>> - Updated if condition with range_overflows_t [Chris Wilson]
>>
>> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
>> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
>> Reported-by: Jackson Cody <cody.jackson@intel.com>
>> Cc: Chris Wilson <chris@chris-wilson.co.uk>
>> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
>> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
>
> Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb
> access into mmaps")
> Cc: <stable@vger.kernel.org> # v5.8+
>
> Right?
>
> There was a selftest added with the referenced patch and it sounds
> like it would be a good idea to extend it to cover this scenario. As
> a separate patch though so this one is easy to backport.
Agreed, a simple regression test(either selftest or igt) for this would be nice, if possible.
>
> Regards,
>
> Tvrtko
>
>> ---
>> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> index efe69d6b86f4..c3ea243d414d 100644
>> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned
>> long addr,
>> return -EACCES;
>> addr -= area->vm_start;
>> - if (addr >= obj->base.size)
>> + if (range_overflows_t(u64, addr, len, obj->base.size))
>> return -EINVAL;
Other users like ttm_bo_vm_access are also checking if len <= 0, should we also add an explicit check for that here? Otherwise LGTM.
I think no need to add here len<=0, we already validating same range_overflows_t . converted following condition to range_overflow_t.
if (len < 1 || len > obj->base.size ||
addr >= obj->base.size ||
addr + len > obj->base.size)
>> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-09 1:46 ` Katragadda, MastanX
@ 2022-03-09 11:19 ` Katragadda, MastanX
2022-03-09 11:45 ` Matthew Auld
0 siblings, 1 reply; 15+ messages in thread
From: Katragadda, MastanX @ 2022-03-09 11:19 UTC (permalink / raw)
To: Auld, Matthew, Tvrtko Ursulin, intel-gfx
Cc: Surendrakumar Upadhyay, TejaskumarX
Hi,
can we have ack? or we need to do anything further to get r-o-b.
Thanks,
Mastan
-----Original Message-----
From: Katragadda, MastanX
Sent: 09 March 2022 07:16
To: Auld, Matthew <matthew.auld@intel.com>; Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>; intel-gfx@lists.freedesktop.org
Cc: Surendrakumar Upadhyay, TejaskumarX <tejaskumarx.surendrakumar.upadhyay@intel.com>
Subject: RE: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
On 03/03/2022 09:00, Tvrtko Ursulin wrote:
>
> + Matt
>
> On 03/03/2022 06:04, Mastan Katragadda wrote:
>> Intel ID: PSIRT-PTK0002429
>>
>> A missing bounds check in vm_access()can lead to an out-of-bounds
>> read or write in the adjacent memory area.The len attribute is not
>> validated before the memcpy at [1]or [2] occurs.
>
> s/[1]or [2]/later in the function/ ?
>
>>
>> [ 183.637831] BUG: unable to handle page fault for address:
>> ffffc90000c86000
>> [ 183.637934] #PF: supervisor read access in kernel mode [
>> 183.637997] #PF: error_code(0x0000) - not-present page [ 183.638059]
>> PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0 [
>> 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
>> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D
>> 5.17.0-rc6-ci-drm-11296+ #1
>> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client
>> Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319
>> 05/30/2019
>> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10 [ 183.640213] RSP:
>> 0018:ffffc90001763d48 EFLAGS: 00010246 [ 183.641117] RAX:
>> ffff888109c14000 RBX: ffff888111bece40 RCX:
>> 0000000000000ffc
>> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI:
>> ffff888109c14004
>> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09:
>> 0000000000000000
>> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12:
>> 0000000000001000
>> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15:
>> 0000000000001000
>> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000)
>> knlGS:0000000000000000
>> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
>> 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4:
>> 00000000003706e0
>> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>> 0000000000000000
>> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>> 0000000000000400
>> [ 183.650142] Call Trace:
>> [ 183.650988] <TASK>
>> [ 183.651793] vm_access+0x1f0/0x2a0 [i915] [ 183.652726]
>> __access_remote_vm+0x224/0x380 [ 183.653561]
>> mem_rw.isra.0+0xf9/0x190 [ 183.654402] vfs_read+0x9d/0x1b0 [
>> 183.655238] ksys_read+0x63/0xe0 [ 183.656065]
>> do_syscall_64+0x38/0xc0 [ 183.656882]
>> entry_SYSCALL_64_after_hwframe+0x44/0xae
>> [ 183.657663] RIP: 0033:0x7fe5ef725142 [ 183.659351] RSP:
>> 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX:
>> 0000000000000000
>> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX:
>> 00007fe5ef725142
>> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI:
>> 0000000000000005
>> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09:
>> 0000000000000046
>> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12:
>> 0000557055dfb1c0
>> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15:
>> 0000000000000000
>> [ 183.664566] </TASK>
>>
>> Changes since v1:
>> - Updated if condition with range_overflows_t [Chris Wilson]
>>
>> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
>> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
>> Reported-by: Jackson Cody <cody.jackson@intel.com>
>> Cc: Chris Wilson <chris@chris-wilson.co.uk>
>> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
>> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
>
> Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb
> access into mmaps")
> Cc: <stable@vger.kernel.org> # v5.8+
>
> Right?
>
> There was a selftest added with the referenced patch and it sounds
> like it would be a good idea to extend it to cover this scenario. As
> a separate patch though so this one is easy to backport.
Agreed, a simple regression test(either selftest or igt) for this would be nice, if possible.
>
> Regards,
>
> Tvrtko
>
>> ---
>> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> index efe69d6b86f4..c3ea243d414d 100644
>> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned
>> long addr,
>> return -EACCES;
>> addr -= area->vm_start;
>> - if (addr >= obj->base.size)
>> + if (range_overflows_t(u64, addr, len, obj->base.size))
>> return -EINVAL;
Other users like ttm_bo_vm_access are also checking if len <= 0, should we also add an explicit check for that here? Otherwise LGTM.
I think no need to add here len<=0, we already validating same range_overflows_t . converted following condition to range_overflow_t.
if (len < 1 || len > obj->base.size ||
addr >= obj->base.size ||
addr + len > obj->base.size)
>> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-09 11:19 ` Katragadda, MastanX
@ 2022-03-09 11:45 ` Matthew Auld
2022-03-11 10:37 ` Matthew Auld
0 siblings, 1 reply; 15+ messages in thread
From: Matthew Auld @ 2022-03-09 11:45 UTC (permalink / raw)
To: Katragadda, MastanX, Tvrtko Ursulin, intel-gfx
Cc: Surendrakumar Upadhyay, TejaskumarX
On 09/03/2022 11:19, Katragadda, MastanX wrote:
> Hi,
>
> can we have ack? or we need to do anything further to get r-o-b.
There was just the potential strangeness around len <= 0, and exactly
how we are meant to handle that, but if you are confident that is
already covered in a sane way, then feel free to add,
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
>
> Thanks,
> Mastan
>
> -----Original Message-----
> From: Katragadda, MastanX
> Sent: 09 March 2022 07:16
> To: Auld, Matthew <matthew.auld@intel.com>; Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>; intel-gfx@lists.freedesktop.org
> Cc: Surendrakumar Upadhyay, TejaskumarX <tejaskumarx.surendrakumar.upadhyay@intel.com>
> Subject: RE: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
>
> On 03/03/2022 09:00, Tvrtko Ursulin wrote:
>>
>> + Matt
>>
>> On 03/03/2022 06:04, Mastan Katragadda wrote:
>>> Intel ID: PSIRT-PTK0002429
>>>
>>> A missing bounds check in vm_access()can lead to an out-of-bounds
>>> read or write in the adjacent memory area.The len attribute is not
>>> validated before the memcpy at [1]or [2] occurs.
>>
>> s/[1]or [2]/later in the function/ ?
>>
>>>
>>> [ 183.637831] BUG: unable to handle page fault for address:
>>> ffffc90000c86000
>>> [ 183.637934] #PF: supervisor read access in kernel mode [
>>> 183.637997] #PF: error_code(0x0000) - not-present page [ 183.638059]
>>> PGD 100000067 P4D 100000067 PUD 100258067 PMD 106341067 PTE 0 [
>>> 183.638144] Oops: 0000 [#2] PREEMPT SMP NOPTI
>>> [ 183.638201] CPU: 3 PID: 1790 Comm: poc Tainted: G D
>>> 5.17.0-rc6-ci-drm-11296+ #1
>>> [ 183.638298] Hardware name: Intel Corporation CoffeeLake Client
>>> Platform/CoffeeLake H DDR4 RVP, BIOS CNLSFWR1.R00.X208.B00.1905301319
>>> 05/30/2019
>>> [ 183.638430] RIP: 0010:memcpy_erms+0x6/0x10 [ 183.640213] RSP:
>>> 0018:ffffc90001763d48 EFLAGS: 00010246 [ 183.641117] RAX:
>>> ffff888109c14000 RBX: ffff888111bece40 RCX:
>>> 0000000000000ffc
>>> [ 183.642029] RDX: 0000000000001000 RSI: ffffc90000c86000 RDI:
>>> ffff888109c14004
>>> [ 183.642946] RBP: 0000000000000ffc R08: 800000000000016b R09:
>>> 0000000000000000
>>> [ 183.643848] R10: ffffc90000c85000 R11: 0000000000000048 R12:
>>> 0000000000001000
>>> [ 183.644742] R13: ffff888111bed190 R14: ffff888109c14000 R15:
>>> 0000000000001000
>>> [ 183.645653] FS: 00007fe5ef807540(0000) GS:ffff88845b380000(0000)
>>> knlGS:0000000000000000
>>> [ 183.646570] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [
>>> 183.647481] CR2: ffffc90000c86000 CR3: 000000010ff02006 CR4:
>>> 00000000003706e0
>>> [ 183.648384] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
>>> 0000000000000000
>>> [ 183.649271] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
>>> 0000000000000400
>>> [ 183.650142] Call Trace:
>>> [ 183.650988] <TASK>
>>> [ 183.651793] vm_access+0x1f0/0x2a0 [i915] [ 183.652726]
>>> __access_remote_vm+0x224/0x380 [ 183.653561]
>>> mem_rw.isra.0+0xf9/0x190 [ 183.654402] vfs_read+0x9d/0x1b0 [
>>> 183.655238] ksys_read+0x63/0xe0 [ 183.656065]
>>> do_syscall_64+0x38/0xc0 [ 183.656882]
>>> entry_SYSCALL_64_after_hwframe+0x44/0xae
>>> [ 183.657663] RIP: 0033:0x7fe5ef725142 [ 183.659351] RSP:
>>> 002b:00007ffe1e81c7e8 EFLAGS: 00000246 ORIG_RAX:
>>> 0000000000000000
>>> [ 183.660227] RAX: ffffffffffffffda RBX: 0000557055dfb780 RCX:
>>> 00007fe5ef725142
>>> [ 183.661104] RDX: 0000000000001000 RSI: 00007ffe1e81d880 RDI:
>>> 0000000000000005
>>> [ 183.661972] RBP: 00007ffe1e81e890 R08: 0000000000000030 R09:
>>> 0000000000000046
>>> [ 183.662832] R10: 0000557055dfc2e0 R11: 0000000000000246 R12:
>>> 0000557055dfb1c0
>>> [ 183.663691] R13: 00007ffe1e81e980 R14: 0000000000000000 R15:
>>> 0000000000000000
>>> [ 183.664566] </TASK>
>>>
>>> Changes since v1:
>>> - Updated if condition with range_overflows_t [Chris Wilson]
>>>
>>> Signed-off-by: Mastan Katragadda <mastanx.katragadda@intel.com>
>>> Suggested-by: Adam Zabrocki <adamza@microsoft.com>
>>> Reported-by: Jackson Cody <cody.jackson@intel.com>
>>> Cc: Chris Wilson <chris@chris-wilson.co.uk>
>>> Cc: Bloomfield Jon <jon.bloomfield@intel.com>
>>> Cc: Dutt Sudeep <sudeep.dutt@intel.com>
>>
>> Fixes: 9f909e215fea ("drm/i915: Implement vm_ops->access for gdb
>> access into mmaps")
>> Cc: <stable@vger.kernel.org> # v5.8+
>>
>> Right?
>>
>> There was a selftest added with the referenced patch and it sounds
>> like it would be a good idea to extend it to cover this scenario. As
>> a separate patch though so this one is easy to backport.
>
> Agreed, a simple regression test(either selftest or igt) for this would be nice, if possible.
>
>>
>> Regards,
>>
>> Tvrtko
>>
>>> ---
>>> drivers/gpu/drm/i915/gem/i915_gem_mman.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>>> b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>>> index efe69d6b86f4..c3ea243d414d 100644
>>> --- a/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>>> +++ b/drivers/gpu/drm/i915/gem/i915_gem_mman.c
>>> @@ -455,7 +455,7 @@ vm_access(struct vm_area_struct *area, unsigned
>>> long addr,
>>> return -EACCES;
>>> addr -= area->vm_start;
>>> - if (addr >= obj->base.size)
>>> + if (range_overflows_t(u64, addr, len, obj->base.size))
>>> return -EINVAL;
>
> Other users like ttm_bo_vm_access are also checking if len <= 0, should we also add an explicit check for that here? Otherwise LGTM.
>
> I think no need to add here len<=0, we already validating same range_overflows_t . converted following condition to range_overflow_t.
>
> if (len < 1 || len > obj->base.size ||
> addr >= obj->base.size ||
> addr + len > obj->base.size)
>
>>> i915_gem_ww_ctx_init(&ww, true);
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-03 6:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
@ 2022-03-10 9:20 ` Matthew Auld
2022-03-10 16:33 ` Vudum, Lakshminarayana
0 siblings, 1 reply; 15+ messages in thread
From: Matthew Auld @ 2022-03-10 9:20 UTC (permalink / raw)
To: Intel Graphics Development, lakshminarayana.vudum; +Cc: Mastan Katragadda
[-- Attachment #1: Type: text/plain, Size: 8634 bytes --]
On Thu, 3 Mar 2022 at 06:48, Patchwork <patchwork@emeril.freedesktop.org>
wrote:
> *Patch Details*
> *Series:* drm/i915/gem: missing boundary check in vm_access leads to OOB
> read/write (rev2)
> *URL:* https://patchwork.freedesktop.org/series/100932/
> *State:* failure
> *Details:*
> https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html CI
> Bug Log - changes from CI_DRM_11316 -> Patchwork_22468 Summary
>
> *FAILURE*
>
> Serious unknown changes coming with Patchwork_22468 absolutely need to be
> verified manually.
>
> If you think the reported changes have nothing to do with the changes
> introduced in Patchwork_22468, please notify your bug team to allow them
> to document this new failure mode, which will reduce false positives in CI.
>
> External URL:
> https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
> Participating hosts (50 -> 41)
>
> Additional (1): bat-adlp-4
> Missing (10): fi-kbl-soraka shard-tglu bat-dg1-5 fi-hsw-4200u fi-bsw-cyan
> fi-ctg-p8600 shard-rkl shard-dg1 bat-jsl-2 fi-bdw-samus
> Possible new issues
>
> Here are the unknown changes that may have been introduced in
> Patchwork_22468:
> IGT changes Possible regressions
>
> -
>
> igt@gem_exec_suspend@basic-s0@smem:
> - fi-kbl-7567u: PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html>
> -> DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html>
> -
>
> igt@i915_pm_rpm@basic-pci-d3-state:
> - fi-skl-6600u: PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html>
> -> FAIL
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html>
>
>
These failures are not related.
>
> -
>
> Known issues
>
> Here are the changes found in Patchwork_22468 that come from known issues:
> IGT changes Issues hit
>
> -
>
> igt@gem_lmem_swapping@basic:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_lmem_swapping@basic.html>
> (i915#4613 <https://gitlab.freedesktop.org/drm/intel/issues/4613>)
> +3 similar issues
> -
>
> igt@gem_tiled_pread_basic:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_tiled_pread_basic.html>
> (i915#3282 <https://gitlab.freedesktop.org/drm/intel/issues/3282>)
> -
>
> igt@kms_busy@basic@modeset:
> - bat-adlp-4: NOTRUN -> DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_busy@basic@modeset.html>
> (i915#3576 <https://gitlab.freedesktop.org/drm/intel/issues/3576>)
> -
>
> igt@kms_chamelium@vga-hpd-fast:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_chamelium@vga-hpd-fast.html>
> (fdo#111827 <https://bugs.freedesktop.org/show_bug.cgi?id=111827>)
> +8 similar issues
> -
>
> igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy.html>
> (i915#4103 <https://gitlab.freedesktop.org/drm/intel/issues/4103>)
> +1 similar issue
> -
>
> igt@kms_force_connector_basic@force-load-detect:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_force_connector_basic@force-load-detect.html>
> (fdo#109285 <https://bugs.freedesktop.org/show_bug.cgi?id=109285>)
> -
>
> igt@prime_vgem@basic-fence-read:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-fence-read.html>
> (i915#3291 <https://gitlab.freedesktop.org/drm/intel/issues/3291> /
> i915#3708 <https://gitlab.freedesktop.org/drm/intel/issues/3708>)
> +2 similar issues
> -
>
> igt@prime_vgem@basic-userptr:
> - bat-adlp-4: NOTRUN -> SKIP
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-userptr.html>
> (i915#3301 <https://gitlab.freedesktop.org/drm/intel/issues/3301> /
> i915#3708 <https://gitlab.freedesktop.org/drm/intel/issues/3708>)
> -
>
> igt@runner@aborted:
> -
>
> fi-kbl-7567u: NOTRUN -> FAIL
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@runner@aborted.html>
> (i915#4312 <https://gitlab.freedesktop.org/drm/intel/issues/4312>)
> -
>
> fi-bdw-5557u: NOTRUN -> FAIL
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@runner@aborted.html>
> (i915#2426 <https://gitlab.freedesktop.org/drm/intel/issues/2426> /
> i915#4312 <https://gitlab.freedesktop.org/drm/intel/issues/4312>)
>
> Possible fixes
>
> -
>
> igt@gem_exec_suspend@basic-s3@smem:
> - fi-bdw-5557u: INCOMPLETE
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html>
> (i915#146 <https://gitlab.freedesktop.org/drm/intel/issues/146>) ->
> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html>
> -
>
> igt@i915_pm_rpm@module-reload:
> - fi-icl-u2: FAIL
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_pm_rpm@module-reload.html>
> (i915#3049 <https://gitlab.freedesktop.org/drm/intel/issues/3049>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_pm_rpm@module-reload.html>
> -
>
> igt@i915_selftest@live@evict:
> - {bat-rpls-2}: DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-rpls-2/igt@i915_selftest@live@evict.html>
> (i915#4391 <https://gitlab.freedesktop.org/drm/intel/issues/4391>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-rpls-2/igt@i915_selftest@live@evict.html>
> +1 similar issue
> -
>
> igt@i915_selftest@live@hangcheck:
> -
>
> fi-icl-u2: DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_selftest@live@hangcheck.html>
> (i915#2867 <https://gitlab.freedesktop.org/drm/intel/issues/2867>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_selftest@live@hangcheck.html>
> +7 similar issues
> -
>
> bat-dg1-6: DMESG-FAIL
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-dg1-6/igt@i915_selftest@live@hangcheck.html>
> (i915#4494 <https://gitlab.freedesktop.org/drm/intel/issues/4494> /
> i915#4957 <https://gitlab.freedesktop.org/drm/intel/issues/4957>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-dg1-6/igt@i915_selftest@live@hangcheck.html>
> -
>
> igt@i915_selftest@live@workarounds:
> - {bat-adlp-6}: DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@i915_selftest@live@workarounds.html>
> (i915#5068 <https://gitlab.freedesktop.org/drm/intel/issues/5068>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@i915_selftest@live@workarounds.html>
> -
>
> igt@kms_busy@basic@flip:
> - {bat-adlp-6}: DMESG-WARN
> <https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@kms_busy@basic@flip.html>
> (i915#3576 <https://gitlab.freedesktop.org/drm/intel/issues/3576>)
> -> PASS
> <https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@kms_busy@basic@flip.html>
> +1 similar issue
>
> {name}: This element is suppressed. This means it is ignored when computing
> the status of the difference (SUCCESS, WARNING, or FAILURE).
> Build changes
>
> - Linux: CI_DRM_11316 -> Patchwork_22468
>
> CI-20190529: 20190529
> CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://
> anongit.freedesktop.org/gfx-ci/linux
> IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @
> https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
> Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://
> anongit.freedesktop.org/gfx-ci/linux
>
> == Linux commits ==
>
> 49f7781dc740 drm/i915/gem: missing boundary check in vm_access leads to
> OOB read/write
>
[-- Attachment #2: Type: text/html, Size: 11645 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
` (2 preceding siblings ...)
2022-03-03 9:33 ` Jani Nikula
@ 2022-03-10 15:40 ` Patchwork
2022-03-10 15:52 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2022-03-10 18:48 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
5 siblings, 0 replies; 15+ messages in thread
From: Patchwork @ 2022-03-10 15:40 UTC (permalink / raw)
To: Katragadda, MastanX; +Cc: intel-gfx
[-- Attachment #1: Type: text/plain, Size: 16157 bytes --]
== Series Details ==
Series: drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
URL : https://patchwork.freedesktop.org/series/100932/
State : failure
== Summary ==
CI Bug Log - changes from CI_DRM_11316 -> Patchwork_22468
====================================================
Summary
-------
**FAILURE**
Serious unknown changes coming with Patchwork_22468 absolutely need to be
verified manually.
If you think the reported changes have nothing to do with the changes
introduced in Patchwork_22468, please notify your bug team to allow them
to document this new failure mode, which will reduce false positives in CI.
External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
Participating hosts (50 -> 44)
------------------------------
Additional (1): bat-adlp-4
Missing (7): fi-kbl-soraka fi-hsw-4200u bat-dg1-5 fi-bsw-cyan fi-ctg-p8600 bat-jsl-2 fi-bdw-samus
Possible new issues
-------------------
Here are the unknown changes that may have been introduced in Patchwork_22468:
### IGT changes ###
#### Possible regressions ####
* igt@i915_pm_rpm@basic-pci-d3-state:
- fi-skl-6600u: [PASS][1] -> [FAIL][2]
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
Known issues
------------
Here are the changes found in Patchwork_22468 that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@gem_exec_suspend@basic-s0@smem:
- fi-kbl-7567u: [PASS][3] -> [DMESG-WARN][4] ([i915#4116])
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
* igt@gem_lmem_swapping@basic:
- bat-adlp-4: NOTRUN -> [SKIP][5] ([i915#4613]) +3 similar issues
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_lmem_swapping@basic.html
* igt@gem_tiled_pread_basic:
- bat-adlp-4: NOTRUN -> [SKIP][6] ([i915#3282])
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_tiled_pread_basic.html
* igt@kms_busy@basic@modeset:
- bat-adlp-4: NOTRUN -> [DMESG-WARN][7] ([i915#3576])
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_busy@basic@modeset.html
* igt@kms_chamelium@vga-hpd-fast:
- bat-adlp-4: NOTRUN -> [SKIP][8] ([fdo#111827]) +8 similar issues
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_chamelium@vga-hpd-fast.html
* igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy:
- bat-adlp-4: NOTRUN -> [SKIP][9] ([i915#4103]) +1 similar issue
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy.html
* igt@kms_force_connector_basic@force-load-detect:
- bat-adlp-4: NOTRUN -> [SKIP][10] ([fdo#109285])
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_force_connector_basic@force-load-detect.html
* igt@prime_vgem@basic-fence-read:
- bat-adlp-4: NOTRUN -> [SKIP][11] ([i915#3291] / [i915#3708]) +2 similar issues
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-fence-read.html
* igt@prime_vgem@basic-userptr:
- bat-adlp-4: NOTRUN -> [SKIP][12] ([i915#3301] / [i915#3708])
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-userptr.html
* igt@runner@aborted:
- fi-kbl-7567u: NOTRUN -> [FAIL][13] ([i915#4312])
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@runner@aborted.html
- fi-bdw-5557u: NOTRUN -> [FAIL][14] ([i915#2426] / [i915#4312])
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@runner@aborted.html
#### Possible fixes ####
* igt@gem_exec_suspend@basic-s3@smem:
- fi-bdw-5557u: [INCOMPLETE][15] ([i915#146]) -> [PASS][16]
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
* igt@i915_pm_rpm@dpms-mode-unset-lpsp:
- {shard-dg1}: [SKIP][17] ([i915#1397]) -> [PASS][18] +1 similar issue
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-dg1-18/igt@i915_pm_rpm@dpms-mode-unset-lpsp.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-dg1-15/igt@i915_pm_rpm@dpms-mode-unset-lpsp.html
* igt@i915_pm_rpm@module-reload:
- fi-icl-u2: [FAIL][19] ([i915#3049]) -> [PASS][20]
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
* igt@i915_selftest@live@evict:
- {bat-rpls-2}: [DMESG-WARN][21] ([i915#4391]) -> [PASS][22] +1 similar issue
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-rpls-2/igt@i915_selftest@live@evict.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-rpls-2/igt@i915_selftest@live@evict.html
* igt@i915_selftest@live@hangcheck:
- fi-icl-u2: [DMESG-WARN][23] ([i915#2867]) -> [PASS][24] +7 similar issues
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
- bat-dg1-6: [DMESG-FAIL][25] ([i915#4494] / [i915#4957]) -> [PASS][26]
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
* igt@i915_selftest@live@workarounds:
- {bat-adlp-6}: [DMESG-WARN][27] ([i915#5068]) -> [PASS][28]
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@i915_selftest@live@workarounds.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@i915_selftest@live@workarounds.html
* igt@kms_big_fb@y-tiled-32bpp-rotate-0:
- {shard-tglu}: [DMESG-WARN][29] ([i915#402]) -> [PASS][30]
[29]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-tglu-6/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
[30]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-tglu-3/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
* igt@kms_busy@basic@flip:
- {bat-adlp-6}: [DMESG-WARN][31] ([i915#3576]) -> [PASS][32] +1 similar issue
[31]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@kms_busy@basic@flip.html
[32]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@kms_busy@basic@flip.html
* igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge:
- {shard-rkl}: [SKIP][33] ([i915#4098]) -> [PASS][34]
[33]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-4/igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge.html
[34]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#109274]: https://bugs.freedesktop.org/show_bug.cgi?id=109274
[fdo#109279]: https://bugs.freedesktop.org/show_bug.cgi?id=109279
[fdo#109280]: https://bugs.freedesktop.org/show_bug.cgi?id=109280
[fdo#109283]: https://bugs.freedesktop.org/show_bug.cgi?id=109283
[fdo#109285]: https://bugs.freedesktop.org/show_bug.cgi?id=109285
[fdo#109289]: https://bugs.freedesktop.org/show_bug.cgi?id=109289
[fdo#109291]: https://bugs.freedesktop.org/show_bug.cgi?id=109291
[fdo#109295]: https://bugs.freedesktop.org/show_bug.cgi?id=109295
[fdo#109506]: https://bugs.freedesktop.org/show_bug.cgi?id=109506
[fdo#110189]: https://bugs.freedesktop.org/show_bug.cgi?id=110189
[fdo#110254]: https://bugs.freedesktop.org/show_bug.cgi?id=110254
[fdo#110723]: https://bugs.freedesktop.org/show_bug.cgi?id=110723
[fdo#111068]: https://bugs.freedesktop.org/show_bug.cgi?id=111068
[fdo#111314]: https://bugs.freedesktop.org/show_bug.cgi?id=111314
[fdo#111615]: https://bugs.freedesktop.org/show_bug.cgi?id=111615
[fdo#111825]: https://bugs.freedesktop.org/show_bug.cgi?id=111825
[fdo#111827]: https://bugs.freedesktop.org/show_bug.cgi?id=111827
[fdo#112022]: https://bugs.freedesktop.org/show_bug.cgi?id=112022
[fdo#112054]: https://bugs.freedesktop.org/show_bug.cgi?id=112054
[fdo#112283]: https://bugs.freedesktop.org/show_bug.cgi?id=112283
[i915#1072]: https://gitlab.freedesktop.org/drm/intel/issues/1072
[i915#1149]: https://gitlab.freedesktop.org/drm/intel/issues/1149
[i915#132]: https://gitlab.freedesktop.org/drm/intel/issues/132
[i915#1397]: https://gitlab.freedesktop.org/drm/intel/issues/1397
[i915#146]: https://gitlab.freedesktop.org/drm/intel/issues/146
[i915#1825]: https://gitlab.freedesktop.org/drm/intel/issues/1825
[i915#1845]: https://gitlab.freedesktop.org/drm/intel/issues/1845
[i915#1849]: https://gitlab.freedesktop.org/drm/intel/issues/1849
[i915#1850]: https://gitlab.freedesktop.org/drm/intel/issues/1850
[i915#2190]: https://gitlab.freedesktop.org/drm/intel/issues/2190
[i915#2426]: https://gitlab.freedesktop.org/drm/intel/issues/2426
[i915#2433]: https://gitlab.freedesktop.org/drm/intel/issues/2433
[i915#2435]: https://gitlab.freedesktop.org/drm/intel/issues/2435
[i915#2527]: https://gitlab.freedesktop.org/drm/intel/issues/2527
[i915#2530]: https://gitlab.freedesktop.org/drm/intel/issues/2530
[i915#2587]: https://gitlab.freedesktop.org/drm/intel/issues/2587
[i915#2672]: https://gitlab.freedesktop.org/drm/intel/issues/2672
[i915#2705]: https://gitlab.freedesktop.org/drm/intel/issues/2705
[i915#2722]: https://gitlab.freedesktop.org/drm/intel/issues/2722
[i915#280]: https://gitlab.freedesktop.org/drm/intel/issues/280
[i915#284]: https://gitlab.freedesktop.org/drm/intel/issues/284
[i915#2842]: https://gitlab.freedesktop.org/drm/intel/issues/2842
[i915#2849]: https://gitlab.freedesktop.org/drm/intel/issues/2849
[i915#2856]: https://gitlab.freedesktop.org/drm/intel/issues/2856
[i915#2867]: https://gitlab.freedesktop.org/drm/intel/issues/2867
[i915#2994]: https://gitlab.freedesktop.org/drm/intel/issues/2994
[i915#3002]: https://gitlab.freedesktop.org/drm/intel/issues/3002
[i915#3049]: https://gitlab.freedesktop.org/drm/intel/issues/3049
[i915#3281]: https://gitlab.freedesktop.org/drm/intel/issues/3281
[i915#3282]: https://gitlab.freedesktop.org/drm/intel/issues/3282
[i915#3291]: https://gitlab.freedesktop.org/drm/intel/issues/3291
[i915#3297]: https://gitlab.freedesktop.org/drm/intel/issues/3297
[i915#3301]: https://gitlab.freedesktop.org/drm/intel/issues/3301
[i915#3318]: https://gitlab.freedesktop.org/drm/intel/issues/3318
[i915#3319]: https://gitlab.freedesktop.org/drm/intel/issues/3319
[i915#3323]: https://gitlab.freedesktop.org/drm/intel/issues/3323
[i915#3359]: https://gitlab.freedesktop.org/drm/intel/issues/3359
[i915#3458]: https://gitlab.freedesktop.org/drm/intel/issues/3458
[i915#3539]: https://gitlab.freedesktop.org/drm/intel/issues/3539
[i915#3555]: https://gitlab.freedesktop.org/drm/intel/issues/3555
[i915#3558]: https://gitlab.freedesktop.org/drm/intel/issues/3558
[i915#3576]: https://gitlab.freedesktop.org/drm/intel/issues/3576
[i915#3637]: https://gitlab.freedesktop.org/drm/intel/issues/3637
[i915#3689]: https://gitlab.freedesktop.org/drm/intel/issues/3689
[i915#3701]: https://gitlab.freedesktop.org/drm/intel/issues/3701
[i915#3708]: https://gitlab.freedesktop.org/drm/intel/issues/3708
[i915#3734]: https://gitlab.freedesktop.org/drm/intel/issues/3734
[i915#3742]: https://gitlab.freedesktop.org/drm/intel/issues/3742
[i915#3804]: https://gitlab.freedesktop.org/drm/intel/issues/3804
[i915#3826]: https://gitlab.freedesktop.org/drm/intel/issues/3826
[i915#3886]: https://gitlab.freedesktop.org/drm/intel/issues/3886
[i915#3952]: https://gitlab.freedesktop.org/drm/intel/issues/3952
[i915#3955]: https://gitlab.freedesktop.org/drm/intel/issues/3955
[i915#402]: https://gitlab.freedesktop.org/drm/intel/issues/402
[i915#4036]: https://gitlab.freedesktop.org/drm/intel/issues/4036
[i915#4070]: https://gitlab.freedesktop.org/drm/intel/issues/4070
[i915#4077]: https://gitlab.freedesktop.org/drm/intel/issues/4077
[i915#4079]: https://gitlab.freedesktop.org/drm/intel/issues/4079
[i915#4083]: https://gitlab.freedesktop.org/drm/intel/issues/4083
[i915#4098]: https://gitlab.freedesktop.org/drm/intel/issues/4098
[i915#4103]: https://gitlab.freedesktop.org/drm/intel/issues/4103
[i915#4116]: https://gitlab.freedesktop.org/drm/intel/issues/4116
[i915#4212]: https://gitlab.freedesktop.org/drm/intel/issues/4212
[i915#4270]: https://gitlab.freedesktop.org/drm/intel/issues/4270
[i915#4278]: https://gitlab.freedesktop.org/drm/intel/issues/4278
[i915#4312]: https://gitlab.freedesktop.org/drm/intel/issues/4312
[i915#433]: https://gitlab.freedesktop.org/drm/intel/issues/433
[i915#4391]: https://gitlab.freedesktop.org/drm/intel/issues/4391
[i915#4494]: https://gitlab.freedesktop.org/drm/intel/issues/4494
[i915#4525]: https://gitlab.freedesktop.org/drm/intel/issues/4525
[i915#4538]: https://gitlab.freedesktop.org/drm/intel/issues/4538
[i915#4613]: https://gitlab.freedesktop.org/drm/intel/issues/4613
[i915#4807]: https://gitlab.freedesktop.org/drm/intel/issues/4807
[i915#4812]: https://gitlab.freedesktop.org/drm/intel/issues/4812
[i915#4833]: https://gitlab.freedesktop.org/drm/intel/issues/4833
[i915#4842]: https://gitlab.freedesktop.org/drm/intel/issues/4842
[i915#4852]: https://gitlab.freedesktop.org/drm/intel/issues/4852
[i915#4853]: https://gitlab.freedesktop.org/drm/intel/issues/4853
[i915#4855]: https://gitlab.freedesktop.org/drm/intel/issues/4855
[i915#4860]: https://gitlab.freedesktop.org/drm/intel/issues/4860
[i915#4873]: https://gitlab.freedesktop.org/drm/intel/issues/4873
[i915#4874]: https://gitlab.freedesktop.org/drm/intel/issues/4874
[i915#4876]: https://gitlab.freedesktop.org/drm/intel/issues/4876
[i915#4880]: https://gitlab.freedesktop.org/drm/intel/issues/4880
[i915#4886]: https://gitlab.freedesktop.org/drm/intel/issues/4886
[i915#4899]: https://gitlab.freedesktop.org/drm/intel/issues/4899
[i915#4905]: https://gitlab.freedesktop.org/drm/intel/issues/4905
[i915#4928]: https://gitlab.freedesktop.org/drm/intel/issues/4928
[i915#4957]: https://gitlab.freedesktop.org/drm/intel/issues/4957
[i915#5068]: https://gitlab.freedesktop.org/drm/intel/issues/5068
[i915#5076]: https://gitlab.freedesktop.org/drm/intel/issues/5076
[i915#5176]: https://gitlab.freedesktop.org/drm/intel/issues/5176
[i915#533]: https://gitlab.freedesktop.org/drm/intel/issues/533
[i915#658]: https://gitlab.freedesktop.org/drm/intel/issues/658
Build changes
-------------
* Linux: CI_DRM_11316 -> Patchwork_22468
CI-20190529: 20190529
CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @ https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://anongit.freedesktop.org/gfx-ci/linux
== Linux commits ==
49f7781dc740 drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
[-- Attachment #2: Type: text/html, Size: 11279 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Intel-gfx] ✓ Fi.CI.BAT: success for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
` (3 preceding siblings ...)
2022-03-10 15:40 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
@ 2022-03-10 15:52 ` Patchwork
2022-03-10 18:48 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
5 siblings, 0 replies; 15+ messages in thread
From: Patchwork @ 2022-03-10 15:52 UTC (permalink / raw)
To: Katragadda, MastanX; +Cc: intel-gfx
[-- Attachment #1: Type: text/plain, Size: 15759 bytes --]
== Series Details ==
Series: drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
URL : https://patchwork.freedesktop.org/series/100932/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_11316 -> Patchwork_22468
====================================================
Summary
-------
**SUCCESS**
No regressions found.
External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
Participating hosts (50 -> 44)
------------------------------
Additional (1): bat-adlp-4
Missing (7): fi-kbl-soraka fi-hsw-4200u bat-dg1-5 fi-bsw-cyan fi-ctg-p8600 bat-jsl-2 fi-bdw-samus
Known issues
------------
Here are the changes found in Patchwork_22468 that come from known issues:
### IGT changes ###
#### Issues hit ####
* igt@gem_exec_suspend@basic-s0@smem:
- fi-kbl-7567u: [PASS][1] -> [DMESG-WARN][2] ([i915#4116])
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html
* igt@gem_lmem_swapping@basic:
- bat-adlp-4: NOTRUN -> [SKIP][3] ([i915#4613]) +3 similar issues
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_lmem_swapping@basic.html
* igt@gem_tiled_pread_basic:
- bat-adlp-4: NOTRUN -> [SKIP][4] ([i915#3282])
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_tiled_pread_basic.html
* igt@i915_pm_rpm@basic-pci-d3-state:
- fi-skl-6600u: [PASS][5] -> [FAIL][6] ([i915#5290])
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html
* igt@kms_busy@basic@modeset:
- bat-adlp-4: NOTRUN -> [DMESG-WARN][7] ([i915#3576])
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_busy@basic@modeset.html
* igt@kms_chamelium@vga-hpd-fast:
- bat-adlp-4: NOTRUN -> [SKIP][8] ([fdo#111827]) +8 similar issues
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_chamelium@vga-hpd-fast.html
* igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy:
- bat-adlp-4: NOTRUN -> [SKIP][9] ([i915#4103]) +1 similar issue
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy.html
* igt@kms_force_connector_basic@force-load-detect:
- bat-adlp-4: NOTRUN -> [SKIP][10] ([fdo#109285])
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_force_connector_basic@force-load-detect.html
* igt@prime_vgem@basic-fence-read:
- bat-adlp-4: NOTRUN -> [SKIP][11] ([i915#3291] / [i915#3708]) +2 similar issues
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-fence-read.html
* igt@prime_vgem@basic-userptr:
- bat-adlp-4: NOTRUN -> [SKIP][12] ([i915#3301] / [i915#3708])
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-userptr.html
* igt@runner@aborted:
- fi-kbl-7567u: NOTRUN -> [FAIL][13] ([i915#4312])
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@runner@aborted.html
- fi-bdw-5557u: NOTRUN -> [FAIL][14] ([i915#2426] / [i915#4312])
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@runner@aborted.html
#### Possible fixes ####
* igt@gem_exec_suspend@basic-s3@smem:
- fi-bdw-5557u: [INCOMPLETE][15] ([i915#146]) -> [PASS][16]
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html
* igt@i915_pm_rpm@dpms-mode-unset-lpsp:
- {shard-dg1}: [SKIP][17] ([i915#1397]) -> [PASS][18] +1 similar issue
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-dg1-18/igt@i915_pm_rpm@dpms-mode-unset-lpsp.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-dg1-15/igt@i915_pm_rpm@dpms-mode-unset-lpsp.html
* igt@i915_pm_rpm@module-reload:
- fi-icl-u2: [FAIL][19] ([i915#3049]) -> [PASS][20]
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_pm_rpm@module-reload.html
* igt@i915_selftest@live@evict:
- {bat-rpls-2}: [DMESG-WARN][21] ([i915#4391]) -> [PASS][22] +1 similar issue
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-rpls-2/igt@i915_selftest@live@evict.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-rpls-2/igt@i915_selftest@live@evict.html
* igt@i915_selftest@live@hangcheck:
- fi-icl-u2: [DMESG-WARN][23] ([i915#2867]) -> [PASS][24] +7 similar issues
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_selftest@live@hangcheck.html
- bat-dg1-6: [DMESG-FAIL][25] ([i915#4494] / [i915#4957]) -> [PASS][26]
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-dg1-6/igt@i915_selftest@live@hangcheck.html
* igt@i915_selftest@live@workarounds:
- {bat-adlp-6}: [DMESG-WARN][27] ([i915#5068]) -> [PASS][28]
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@i915_selftest@live@workarounds.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@i915_selftest@live@workarounds.html
* igt@kms_big_fb@y-tiled-32bpp-rotate-0:
- {shard-tglu}: [DMESG-WARN][29] ([i915#402]) -> [PASS][30]
[29]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-tglu-6/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
[30]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-tglu-3/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
* igt@kms_busy@basic@flip:
- {bat-adlp-6}: [DMESG-WARN][31] ([i915#3576]) -> [PASS][32] +1 similar issue
[31]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@kms_busy@basic@flip.html
[32]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@kms_busy@basic@flip.html
* igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge:
- {shard-rkl}: [SKIP][33] ([i915#4098]) -> [PASS][34]
[33]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-4/igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge.html
[34]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/igt@kms_cursor_edge_walk@pipe-a-256x256-bottom-edge.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#109274]: https://bugs.freedesktop.org/show_bug.cgi?id=109274
[fdo#109279]: https://bugs.freedesktop.org/show_bug.cgi?id=109279
[fdo#109280]: https://bugs.freedesktop.org/show_bug.cgi?id=109280
[fdo#109283]: https://bugs.freedesktop.org/show_bug.cgi?id=109283
[fdo#109285]: https://bugs.freedesktop.org/show_bug.cgi?id=109285
[fdo#109289]: https://bugs.freedesktop.org/show_bug.cgi?id=109289
[fdo#109291]: https://bugs.freedesktop.org/show_bug.cgi?id=109291
[fdo#109295]: https://bugs.freedesktop.org/show_bug.cgi?id=109295
[fdo#109506]: https://bugs.freedesktop.org/show_bug.cgi?id=109506
[fdo#110189]: https://bugs.freedesktop.org/show_bug.cgi?id=110189
[fdo#110254]: https://bugs.freedesktop.org/show_bug.cgi?id=110254
[fdo#110723]: https://bugs.freedesktop.org/show_bug.cgi?id=110723
[fdo#111068]: https://bugs.freedesktop.org/show_bug.cgi?id=111068
[fdo#111314]: https://bugs.freedesktop.org/show_bug.cgi?id=111314
[fdo#111615]: https://bugs.freedesktop.org/show_bug.cgi?id=111615
[fdo#111825]: https://bugs.freedesktop.org/show_bug.cgi?id=111825
[fdo#111827]: https://bugs.freedesktop.org/show_bug.cgi?id=111827
[fdo#112022]: https://bugs.freedesktop.org/show_bug.cgi?id=112022
[fdo#112054]: https://bugs.freedesktop.org/show_bug.cgi?id=112054
[fdo#112283]: https://bugs.freedesktop.org/show_bug.cgi?id=112283
[i915#1072]: https://gitlab.freedesktop.org/drm/intel/issues/1072
[i915#1149]: https://gitlab.freedesktop.org/drm/intel/issues/1149
[i915#132]: https://gitlab.freedesktop.org/drm/intel/issues/132
[i915#1397]: https://gitlab.freedesktop.org/drm/intel/issues/1397
[i915#146]: https://gitlab.freedesktop.org/drm/intel/issues/146
[i915#1825]: https://gitlab.freedesktop.org/drm/intel/issues/1825
[i915#1845]: https://gitlab.freedesktop.org/drm/intel/issues/1845
[i915#1849]: https://gitlab.freedesktop.org/drm/intel/issues/1849
[i915#1850]: https://gitlab.freedesktop.org/drm/intel/issues/1850
[i915#2190]: https://gitlab.freedesktop.org/drm/intel/issues/2190
[i915#2426]: https://gitlab.freedesktop.org/drm/intel/issues/2426
[i915#2433]: https://gitlab.freedesktop.org/drm/intel/issues/2433
[i915#2435]: https://gitlab.freedesktop.org/drm/intel/issues/2435
[i915#2527]: https://gitlab.freedesktop.org/drm/intel/issues/2527
[i915#2530]: https://gitlab.freedesktop.org/drm/intel/issues/2530
[i915#2587]: https://gitlab.freedesktop.org/drm/intel/issues/2587
[i915#2672]: https://gitlab.freedesktop.org/drm/intel/issues/2672
[i915#2705]: https://gitlab.freedesktop.org/drm/intel/issues/2705
[i915#2722]: https://gitlab.freedesktop.org/drm/intel/issues/2722
[i915#280]: https://gitlab.freedesktop.org/drm/intel/issues/280
[i915#284]: https://gitlab.freedesktop.org/drm/intel/issues/284
[i915#2842]: https://gitlab.freedesktop.org/drm/intel/issues/2842
[i915#2849]: https://gitlab.freedesktop.org/drm/intel/issues/2849
[i915#2856]: https://gitlab.freedesktop.org/drm/intel/issues/2856
[i915#2867]: https://gitlab.freedesktop.org/drm/intel/issues/2867
[i915#2994]: https://gitlab.freedesktop.org/drm/intel/issues/2994
[i915#3002]: https://gitlab.freedesktop.org/drm/intel/issues/3002
[i915#3049]: https://gitlab.freedesktop.org/drm/intel/issues/3049
[i915#3281]: https://gitlab.freedesktop.org/drm/intel/issues/3281
[i915#3282]: https://gitlab.freedesktop.org/drm/intel/issues/3282
[i915#3291]: https://gitlab.freedesktop.org/drm/intel/issues/3291
[i915#3297]: https://gitlab.freedesktop.org/drm/intel/issues/3297
[i915#3301]: https://gitlab.freedesktop.org/drm/intel/issues/3301
[i915#3318]: https://gitlab.freedesktop.org/drm/intel/issues/3318
[i915#3319]: https://gitlab.freedesktop.org/drm/intel/issues/3319
[i915#3323]: https://gitlab.freedesktop.org/drm/intel/issues/3323
[i915#3359]: https://gitlab.freedesktop.org/drm/intel/issues/3359
[i915#3458]: https://gitlab.freedesktop.org/drm/intel/issues/3458
[i915#3539]: https://gitlab.freedesktop.org/drm/intel/issues/3539
[i915#3555]: https://gitlab.freedesktop.org/drm/intel/issues/3555
[i915#3558]: https://gitlab.freedesktop.org/drm/intel/issues/3558
[i915#3576]: https://gitlab.freedesktop.org/drm/intel/issues/3576
[i915#3637]: https://gitlab.freedesktop.org/drm/intel/issues/3637
[i915#3689]: https://gitlab.freedesktop.org/drm/intel/issues/3689
[i915#3701]: https://gitlab.freedesktop.org/drm/intel/issues/3701
[i915#3708]: https://gitlab.freedesktop.org/drm/intel/issues/3708
[i915#3734]: https://gitlab.freedesktop.org/drm/intel/issues/3734
[i915#3742]: https://gitlab.freedesktop.org/drm/intel/issues/3742
[i915#3804]: https://gitlab.freedesktop.org/drm/intel/issues/3804
[i915#3826]: https://gitlab.freedesktop.org/drm/intel/issues/3826
[i915#3886]: https://gitlab.freedesktop.org/drm/intel/issues/3886
[i915#3952]: https://gitlab.freedesktop.org/drm/intel/issues/3952
[i915#3955]: https://gitlab.freedesktop.org/drm/intel/issues/3955
[i915#402]: https://gitlab.freedesktop.org/drm/intel/issues/402
[i915#4036]: https://gitlab.freedesktop.org/drm/intel/issues/4036
[i915#4070]: https://gitlab.freedesktop.org/drm/intel/issues/4070
[i915#4077]: https://gitlab.freedesktop.org/drm/intel/issues/4077
[i915#4079]: https://gitlab.freedesktop.org/drm/intel/issues/4079
[i915#4083]: https://gitlab.freedesktop.org/drm/intel/issues/4083
[i915#4098]: https://gitlab.freedesktop.org/drm/intel/issues/4098
[i915#4103]: https://gitlab.freedesktop.org/drm/intel/issues/4103
[i915#4116]: https://gitlab.freedesktop.org/drm/intel/issues/4116
[i915#4212]: https://gitlab.freedesktop.org/drm/intel/issues/4212
[i915#4270]: https://gitlab.freedesktop.org/drm/intel/issues/4270
[i915#4278]: https://gitlab.freedesktop.org/drm/intel/issues/4278
[i915#4312]: https://gitlab.freedesktop.org/drm/intel/issues/4312
[i915#433]: https://gitlab.freedesktop.org/drm/intel/issues/433
[i915#4391]: https://gitlab.freedesktop.org/drm/intel/issues/4391
[i915#4494]: https://gitlab.freedesktop.org/drm/intel/issues/4494
[i915#4525]: https://gitlab.freedesktop.org/drm/intel/issues/4525
[i915#4538]: https://gitlab.freedesktop.org/drm/intel/issues/4538
[i915#4613]: https://gitlab.freedesktop.org/drm/intel/issues/4613
[i915#4807]: https://gitlab.freedesktop.org/drm/intel/issues/4807
[i915#4812]: https://gitlab.freedesktop.org/drm/intel/issues/4812
[i915#4833]: https://gitlab.freedesktop.org/drm/intel/issues/4833
[i915#4842]: https://gitlab.freedesktop.org/drm/intel/issues/4842
[i915#4852]: https://gitlab.freedesktop.org/drm/intel/issues/4852
[i915#4853]: https://gitlab.freedesktop.org/drm/intel/issues/4853
[i915#4855]: https://gitlab.freedesktop.org/drm/intel/issues/4855
[i915#4860]: https://gitlab.freedesktop.org/drm/intel/issues/4860
[i915#4873]: https://gitlab.freedesktop.org/drm/intel/issues/4873
[i915#4874]: https://gitlab.freedesktop.org/drm/intel/issues/4874
[i915#4876]: https://gitlab.freedesktop.org/drm/intel/issues/4876
[i915#4880]: https://gitlab.freedesktop.org/drm/intel/issues/4880
[i915#4886]: https://gitlab.freedesktop.org/drm/intel/issues/4886
[i915#4899]: https://gitlab.freedesktop.org/drm/intel/issues/4899
[i915#4905]: https://gitlab.freedesktop.org/drm/intel/issues/4905
[i915#4928]: https://gitlab.freedesktop.org/drm/intel/issues/4928
[i915#4957]: https://gitlab.freedesktop.org/drm/intel/issues/4957
[i915#5068]: https://gitlab.freedesktop.org/drm/intel/issues/5068
[i915#5076]: https://gitlab.freedesktop.org/drm/intel/issues/5076
[i915#5176]: https://gitlab.freedesktop.org/drm/intel/issues/5176
[i915#5290]: https://gitlab.freedesktop.org/drm/intel/issues/5290
[i915#533]: https://gitlab.freedesktop.org/drm/intel/issues/533
[i915#658]: https://gitlab.freedesktop.org/drm/intel/issues/658
Build changes
-------------
* Linux: CI_DRM_11316 -> Patchwork_22468
CI-20190529: 20190529
CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @ https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://anongit.freedesktop.org/gfx-ci/linux
== Linux commits ==
49f7781dc740 drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
[-- Attachment #2: Type: text/html, Size: 10869 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-10 9:20 ` Matthew Auld
@ 2022-03-10 16:33 ` Vudum, Lakshminarayana
0 siblings, 0 replies; 15+ messages in thread
From: Vudum, Lakshminarayana @ 2022-03-10 16:33 UTC (permalink / raw)
To: Matthew Auld, Intel Graphics Development; +Cc: Katragadda, MastanX
[-- Attachment #1: Type: text/plain, Size: 8822 bytes --]
From: Matthew Auld <matthew.william.auld@gmail.com>
Sent: Thursday, March 10, 2022 1:21 AM
To: Intel Graphics Development <intel-gfx@lists.freedesktop.org>; Vudum, Lakshminarayana <lakshminarayana.vudum@intel.com>
Cc: Katragadda, MastanX <mastanx.katragadda@intel.com>
Subject: Re: [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
On Thu, 3 Mar 2022 at 06:48, Patchwork <patchwork@emeril.freedesktop.org<mailto:patchwork@emeril.freedesktop.org>> wrote:
Patch Details
Series:
drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
URL:
https://patchwork.freedesktop.org/series/100932/
State:
failure
Details:
https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
CI Bug Log - changes from CI_DRM_11316 -> Patchwork_22468
Summary
FAILURE
Serious unknown changes coming with Patchwork_22468 absolutely need to be
verified manually.
If you think the reported changes have nothing to do with the changes
introduced in Patchwork_22468, please notify your bug team to allow them
to document this new failure mode, which will reduce false positives in CI.
External URL: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
Participating hosts (50 -> 41)
Additional (1): bat-adlp-4
Missing (10): fi-kbl-soraka shard-tglu bat-dg1-5 fi-hsw-4200u fi-bsw-cyan fi-ctg-p8600 shard-rkl shard-dg1 bat-jsl-2 fi-bdw-samus
Possible new issues
Here are the unknown changes that may have been introduced in Patchwork_22468:
IGT changes
Possible regressions
* igt@gem_exec_suspend@basic-s0@smem:
* fi-kbl-7567u: PASS<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html> -> DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@gem_exec_suspend@basic-s0@smem.html>
Lakshmi: This issue is related to https://gitlab.freedesktop.org/drm/intel/-/issues/4116
* igt@i915_pm_rpm@basic-pci-d3-state:
* fi-skl-6600u: PASS<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html> -> FAIL<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-skl-6600u/igt@i915_pm_rpm@basic-pci-d3-state.html>
Lakshmi: This looks like a new issue, so filed
https://gitlab.freedesktop.org/drm/intel/-/issues/5290
igt@i915_pm_rpm@basic-pci-d3-state - fail - Failed assertion: igt_wait(device_in_pci_d3(), \d+, \d+)
These failures are not related.
*
Known issues
Here are the changes found in Patchwork_22468 that come from known issues:
IGT changes
Issues hit
* igt@gem_lmem_swapping@basic:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_lmem_swapping@basic.html> (i915#4613<https://gitlab.freedesktop.org/drm/intel/issues/4613>) +3 similar issues
* igt@gem_tiled_pread_basic:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@gem_tiled_pread_basic.html> (i915#3282<https://gitlab.freedesktop.org/drm/intel/issues/3282>)
* igt@kms_busy@basic@modeset:
* bat-adlp-4: NOTRUN -> DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_busy@basic@modeset.html> (i915#3576<https://gitlab.freedesktop.org/drm/intel/issues/3576>)
* igt@kms_chamelium@vga-hpd-fast:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_chamelium@vga-hpd-fast.html> (fdo#111827<https://bugs.freedesktop.org/show_bug.cgi?id=111827>) +8 similar issues
* igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_cursor_legacy@basic-busy-flip-before-cursor-legacy.html> (i915#4103<https://gitlab.freedesktop.org/drm/intel/issues/4103>) +1 similar issue
* igt@kms_force_connector_basic@force-load-detect:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@kms_force_connector_basic@force-load-detect.html> (fdo#109285<https://bugs.freedesktop.org/show_bug.cgi?id=109285>)
* igt@prime_vgem@basic-fence-read:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-fence-read.html> (i915#3291<https://gitlab.freedesktop.org/drm/intel/issues/3291> / i915#3708<https://gitlab.freedesktop.org/drm/intel/issues/3708>) +2 similar issues
* igt@prime_vgem@basic-userptr:
* bat-adlp-4: NOTRUN -> SKIP<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-4/igt@prime_vgem@basic-userptr.html> (i915#3301<https://gitlab.freedesktop.org/drm/intel/issues/3301> / i915#3708<https://gitlab.freedesktop.org/drm/intel/issues/3708>)
* igt@runner@aborted:
* fi-kbl-7567u: NOTRUN -> FAIL<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-kbl-7567u/igt@runner@aborted.html> (i915#4312<https://gitlab.freedesktop.org/drm/intel/issues/4312>)
* fi-bdw-5557u: NOTRUN -> FAIL<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@runner@aborted.html> (i915#2426<https://gitlab.freedesktop.org/drm/intel/issues/2426> / i915#4312<https://gitlab.freedesktop.org/drm/intel/issues/4312>)
Possible fixes
* igt@gem_exec_suspend@basic-s3@smem:
* fi-bdw-5557u: INCOMPLETE<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html> (i915#146<https://gitlab.freedesktop.org/drm/intel/issues/146>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-bdw-5557u/igt@gem_exec_suspend@basic-s3@smem.html>
* igt@i915_pm_rpm@module-reload:
* fi-icl-u2: FAIL<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_pm_rpm@module-reload.html> (i915#3049<https://gitlab.freedesktop.org/drm/intel/issues/3049>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_pm_rpm@module-reload.html>
* igt@i915_selftest@live@evict:
* {bat-rpls-2}: DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-rpls-2/igt@i915_selftest@live@evict.html> (i915#4391<https://gitlab.freedesktop.org/drm/intel/issues/4391>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-rpls-2/igt@i915_selftest@live@evict.html> +1 similar issue
* igt@i915_selftest@live@hangcheck:
* fi-icl-u2: DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/fi-icl-u2/igt@i915_selftest@live@hangcheck.html> (i915#2867<https://gitlab.freedesktop.org/drm/intel/issues/2867>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/fi-icl-u2/igt@i915_selftest@live@hangcheck.html> +7 similar issues
* bat-dg1-6: DMESG-FAIL<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-dg1-6/igt@i915_selftest@live@hangcheck.html> (i915#4494<https://gitlab.freedesktop.org/drm/intel/issues/4494> / i915#4957<https://gitlab.freedesktop.org/drm/intel/issues/4957>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-dg1-6/igt@i915_selftest@live@hangcheck.html>
* igt@i915_selftest@live@workarounds:
* {bat-adlp-6}: DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@i915_selftest@live@workarounds.html> (i915#5068<https://gitlab.freedesktop.org/drm/intel/issues/5068>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@i915_selftest@live@workarounds.html>
* igt@kms_busy@basic@flip:
* {bat-adlp-6}: DMESG-WARN<https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/bat-adlp-6/igt@kms_busy@basic@flip.html> (i915#3576<https://gitlab.freedesktop.org/drm/intel/issues/3576>) -> PASS<https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/bat-adlp-6/igt@kms_busy@basic@flip.html> +1 similar issue
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
Build changes
* Linux: CI_DRM_11316 -> Patchwork_22468
CI-20190529: 20190529
CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://anongit.freedesktop.org/gfx-ci/linux<http://anongit.freedesktop.org/gfx-ci/linux>
IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @ https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://anongit.freedesktop.org/gfx-ci/linux<http://anongit.freedesktop.org/gfx-ci/linux>
== Linux commits ==
49f7781dc740 drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
[-- Attachment #2: Type: text/html, Size: 31318 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* [Intel-gfx] ✓ Fi.CI.IGT: success for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
` (4 preceding siblings ...)
2022-03-10 15:52 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
@ 2022-03-10 18:48 ` Patchwork
5 siblings, 0 replies; 15+ messages in thread
From: Patchwork @ 2022-03-10 18:48 UTC (permalink / raw)
To: Katragadda, MastanX; +Cc: intel-gfx
[-- Attachment #1: Type: text/plain, Size: 19045 bytes --]
== Series Details ==
Series: drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2)
URL : https://patchwork.freedesktop.org/series/100932/
State : success
== Summary ==
CI Bug Log - changes from CI_DRM_11316_full -> Patchwork_22468_full
====================================================
Summary
-------
**SUCCESS**
No regressions found.
Participating hosts (13 -> 13)
------------------------------
No changes in participating hosts
Possible new issues
-------------------
Here are the unknown changes that may have been introduced in Patchwork_22468_full:
### IGT changes ###
#### Suppressed ####
The following results come from untrusted machines, tests, or statuses.
They do not affect the overall result.
* igt@gem_exec_schedule@deep@vecs0:
- {shard-rkl}: [PASS][1] -> [INCOMPLETE][2]
[1]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/igt@gem_exec_schedule@deep@vecs0.html
[2]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/igt@gem_exec_schedule@deep@vecs0.html
Known issues
------------
Here are the changes found in Patchwork_22468_full that come from known issues:
### CI changes ###
#### Possible fixes ####
* boot:
- {shard-rkl}: ([PASS][3], [PASS][4], [PASS][5], [PASS][6], [PASS][7], [PASS][8], [PASS][9], [PASS][10], [PASS][11], [PASS][12], [PASS][13], [PASS][14], [PASS][15], [FAIL][16], [PASS][17], [PASS][18], [PASS][19], [PASS][20], [PASS][21], [PASS][22], [PASS][23], [PASS][24]) ([i915#5131]) -> ([PASS][25], [PASS][26], [PASS][27], [PASS][28], [PASS][29], [PASS][30], [PASS][31], [PASS][32], [PASS][33], [PASS][34], [PASS][35], [PASS][36], [PASS][37], [PASS][38], [PASS][39], [PASS][40], [PASS][41], [PASS][42], [PASS][43], [PASS][44], [PASS][45])
[3]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[4]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[5]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[6]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[7]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[8]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[9]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[10]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[11]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[12]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/boot.html
[13]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[14]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[15]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[16]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[17]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[18]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/boot.html
[19]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-4/boot.html
[20]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-4/boot.html
[21]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[22]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[23]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[24]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/boot.html
[25]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-4/boot.html
[26]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/boot.html
[27]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/boot.html
[28]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[29]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[30]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[31]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[32]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[33]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/boot.html
[34]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-4/boot.html
[35]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-4/boot.html
[36]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-4/boot.html
[37]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[38]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[39]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[40]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[41]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[42]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/boot.html
[43]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-1/boot.html
[44]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-1/boot.html
[45]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-1/boot.html
### IGT changes ###
#### Possible fixes ####
* igt@gem_ctx_persistence@many-contexts:
- {shard-rkl}: [FAIL][46] ([i915#2410]) -> [PASS][47]
[46]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@gem_ctx_persistence@many-contexts.html
[47]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/igt@gem_ctx_persistence@many-contexts.html
* igt@gem_eio@in-flight-suspend:
- {shard-rkl}: [FAIL][48] ([fdo#103375]) -> [PASS][49]
[48]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@gem_eio@in-flight-suspend.html
[49]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-1/igt@gem_eio@in-flight-suspend.html
* igt@gem_softpin@softpin:
- {shard-rkl}: [INCOMPLETE][50] ([i915#5080]) -> [PASS][51]
[50]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@gem_softpin@softpin.html
[51]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-2/igt@gem_softpin@softpin.html
* igt@gem_userptr_blits@create-destroy-sync:
- {shard-rkl}: [INCOMPLETE][52] ([i915#3297]) -> ([PASS][53], [PASS][54])
[52]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@gem_userptr_blits@create-destroy-sync.html
[53]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/igt@gem_userptr_blits@create-destroy-sync.html
[54]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-4/igt@gem_userptr_blits@create-destroy-sync.html
* igt@i915_pm_dc@dc9-dpms:
- {shard-tglu}: [SKIP][55] ([i915#4281]) -> [PASS][56]
[55]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-tglu-8/igt@i915_pm_dc@dc9-dpms.html
[56]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-tglu-2/igt@i915_pm_dc@dc9-dpms.html
* igt@i915_pm_rpm@dpms-lpsp:
- {shard-dg1}: [SKIP][57] ([i915#1397]) -> [PASS][58] +2 similar issues
[57]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-dg1-18/igt@i915_pm_rpm@dpms-lpsp.html
[58]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-dg1-12/igt@i915_pm_rpm@dpms-lpsp.html
* igt@i915_pm_rps@min-max-config-idle:
- {shard-rkl}: [FAIL][59] ([i915#4016]) -> [PASS][60]
[59]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-1/igt@i915_pm_rps@min-max-config-idle.html
[60]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/igt@i915_pm_rps@min-max-config-idle.html
* igt@i915_selftest@live@requests:
- {shard-rkl}: [INCOMPLETE][61] -> [PASS][62]
[61]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@i915_selftest@live@requests.html
[62]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-1/igt@i915_selftest@live@requests.html
* igt@kms_big_fb@y-tiled-32bpp-rotate-0:
- {shard-tglu}: [DMESG-WARN][63] ([i915#402]) -> [PASS][64]
[63]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-tglu-6/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
[64]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-tglu-3/igt@kms_big_fb@y-tiled-32bpp-rotate-0.html
* igt@kms_cursor_legacy@pipe-c-single-move:
- {shard-rkl}: [SKIP][65] ([i915#4070]) -> [PASS][66]
[65]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-2/igt@kms_cursor_legacy@pipe-c-single-move.html
[66]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-5/igt@kms_cursor_legacy@pipe-c-single-move.html
* igt@kms_frontbuffer_tracking@fbc-1p-primscrn-shrfb-pgflip-blt:
- {shard-rkl}: [SKIP][67] ([i915#1849]) -> [PASS][68] +1 similar issue
[67]: https://intel-gfx-ci.01.org/tree/drm-tip/CI_DRM_11316/shard-rkl-5/igt@kms_frontbuffer_tracking@fbc-1p-primscrn-shrfb-pgflip-blt.html
[68]: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/shard-rkl-6/igt@kms_frontbuffer_tracking@fbc-1p-primscrn-shrfb-pgflip-blt.html
{name}: This element is suppressed. This means it is ignored when computing
the status of the difference (SUCCESS, WARNING, or FAILURE).
[fdo#103375]: https://bugs.freedesktop.org/show_bug.cgi?id=103375
[fdo#109274]: https://bugs.freedesktop.org/show_bug.cgi?id=109274
[fdo#109279]: https://bugs.freedesktop.org/show_bug.cgi?id=109279
[fdo#109280]: https://bugs.freedesktop.org/show_bug.cgi?id=109280
[fdo#109283]: https://bugs.freedesktop.org/show_bug.cgi?id=109283
[fdo#109289]: https://bugs.freedesktop.org/show_bug.cgi?id=109289
[fdo#109291]: https://bugs.freedesktop.org/show_bug.cgi?id=109291
[fdo#109307]: https://bugs.freedesktop.org/show_bug.cgi?id=109307
[fdo#109313]: https://bugs.freedesktop.org/show_bug.cgi?id=109313
[fdo#109502]: https://bugs.freedesktop.org/show_bug.cgi?id=109502
[fdo#109506]: https://bugs.freedesktop.org/show_bug.cgi?id=109506
[fdo#110189]: https://bugs.freedesktop.org/show_bug.cgi?id=110189
[fdo#110723]: https://bugs.freedesktop.org/show_bug.cgi?id=110723
[fdo#111068]: https://bugs.freedesktop.org/show_bug.cgi?id=111068
[fdo#111314]: https://bugs.freedesktop.org/show_bug.cgi?id=111314
[fdo#111615]: https://bugs.freedesktop.org/show_bug.cgi?id=111615
[fdo#111825]: https://bugs.freedesktop.org/show_bug.cgi?id=111825
[fdo#111827]: https://bugs.freedesktop.org/show_bug.cgi?id=111827
[fdo#112022]: https://bugs.freedesktop.org/show_bug.cgi?id=112022
[fdo#112054]: https://bugs.freedesktop.org/show_bug.cgi?id=112054
[fdo#112283]: https://bugs.freedesktop.org/show_bug.cgi?id=112283
[i915#1063]: https://gitlab.freedesktop.org/drm/intel/issues/1063
[i915#1072]: https://gitlab.freedesktop.org/drm/intel/issues/1072
[i915#1149]: https://gitlab.freedesktop.org/drm/intel/issues/1149
[i915#1155]: https://gitlab.freedesktop.org/drm/intel/issues/1155
[i915#132]: https://gitlab.freedesktop.org/drm/intel/issues/132
[i915#1397]: https://gitlab.freedesktop.org/drm/intel/issues/1397
[i915#1769]: https://gitlab.freedesktop.org/drm/intel/issues/1769
[i915#1825]: https://gitlab.freedesktop.org/drm/intel/issues/1825
[i915#1839]: https://gitlab.freedesktop.org/drm/intel/issues/1839
[i915#1845]: https://gitlab.freedesktop.org/drm/intel/issues/1845
[i915#1849]: https://gitlab.freedesktop.org/drm/intel/issues/1849
[i915#1911]: https://gitlab.freedesktop.org/drm/intel/issues/1911
[i915#2029]: https://gitlab.freedesktop.org/drm/intel/issues/2029
[i915#2295]: https://gitlab.freedesktop.org/drm/intel/issues/2295
[i915#2410]: https://gitlab.freedesktop.org/drm/intel/issues/2410
[i915#2433]: https://gitlab.freedesktop.org/drm/intel/issues/2433
[i915#2437]: https://gitlab.freedesktop.org/drm/intel/issues/2437
[i915#2527]: https://gitlab.freedesktop.org/drm/intel/issues/2527
[i915#2530]: https://gitlab.freedesktop.org/drm/intel/issues/2530
[i915#2582]: https://gitlab.freedesktop.org/drm/intel/issues/2582
[i915#2587]: https://gitlab.freedesktop.org/drm/intel/issues/2587
[i915#2658]: https://gitlab.freedesktop.org/drm/intel/issues/2658
[i915#2672]: https://gitlab.freedesktop.org/drm/intel/issues/2672
[i915#2705]: https://gitlab.freedesktop.org/drm/intel/issues/2705
[i915#2722]: https://gitlab.freedesktop.org/drm/intel/issues/2722
[i915#280]: https://gitlab.freedesktop.org/drm/intel/issues/280
[i915#284]: https://gitlab.freedesktop.org/drm/intel/issues/284
[i915#2842]: https://gitlab.freedesktop.org/drm/intel/issues/2842
[i915#2846]: https://gitlab.freedesktop.org/drm/intel/issues/2846
[i915#2849]: https://gitlab.freedesktop.org/drm/intel/issues/2849
[i915#2856]: https://gitlab.freedesktop.org/drm/intel/issues/2856
[i915#2994]: https://gitlab.freedesktop.org/drm/intel/issues/2994
[i915#3002]: https://gitlab.freedesktop.org/drm/intel/issues/3002
[i915#3063]: https://gitlab.freedesktop.org/drm/intel/issues/3063
[i915#3281]: https://gitlab.freedesktop.org/drm/intel/issues/3281
[i915#3282]: https://gitlab.freedesktop.org/drm/intel/issues/3282
[i915#3297]: https://gitlab.freedesktop.org/drm/intel/issues/3297
[i915#3301]: https://gitlab.freedesktop.org/drm/intel/issues/3301
[i915#3318]: https://gitlab.freedesktop.org/drm/intel/issues/3318
[i915#3323]: https://gitlab.freedesktop.org/drm/intel/issues/3323
[i915#3359]: https://gitlab.freedesktop.org/drm/intel/issues/3359
[i915#3361]: https://gitlab.freedesktop.org/drm/intel/issues/3361
[i915#3458]: https://gitlab.freedesktop.org/drm/intel/issues/3458
[i915#3464]: https://gitlab.freedesktop.org/drm/intel/issues/3464
[i915#3539]: https://gitlab.freedesktop.org/drm/intel/issues/3539
[i915#3555]: https://gitlab.freedesktop.org/drm/intel/issues/3555
[i915#3558]: https://gitlab.freedesktop.org/drm/intel/issues/3558
[i915#3580]: https://gitlab.freedesktop.org/drm/intel/issues/3580
[i915#3637]: https://gitlab.freedesktop.org/drm/intel/issues/3637
[i915#3638]: https://gitlab.freedesktop.org/drm/intel/issues/3638
[i915#3689]: https://gitlab.freedesktop.org/drm/intel/issues/3689
[i915#3701]: https://gitlab.freedesktop.org/drm/intel/issues/3701
[i915#3708]: https://gitlab.freedesktop.org/drm/intel/issues/3708
[i915#3719]: https://gitlab.freedesktop.org/drm/intel/issues/3719
[i915#3734]: https://gitlab.freedesktop.org/drm/intel/issues/3734
[i915#3742]: https://gitlab.freedesktop.org/drm/intel/issues/3742
[i915#3804]: https://gitlab.freedesktop.org/drm/intel/issues/3804
[i915#3810]: https://gitlab.freedesktop.org/drm/intel/issues/3810
[i915#3826]: https://gitlab.freedesktop.org/drm/intel/issues/3826
[i915#3886]: https://gitlab.freedesktop.org/drm/intel/issues/3886
[i915#3952]: https://gitlab.freedesktop.org/drm/intel/issues/3952
[i915#4016]: https://gitlab.freedesktop.org/drm/intel/issues/4016
[i915#402]: https://gitlab.freedesktop.org/drm/intel/issues/402
[i915#4070]: https://gitlab.freedesktop.org/drm/intel/issues/4070
[i915#4077]: https://gitlab.freedesktop.org/drm/intel/issues/4077
[i915#4078]: https://gitlab.freedesktop.org/drm/intel/issues/4078
[i915#4079]: https://gitlab.freedesktop.org/drm/intel/issues/4079
[i915#4083]: https://gitlab.freedesktop.org/drm/intel/issues/4083
[i915#4098]: https://gitlab.freedesktop.org/drm/intel/issues/4098
[i915#4103]: https://gitlab.freedesktop.org/drm/intel/issues/4103
[i915#4212]: https://gitlab.freedesktop.org/drm/intel/issues/4212
[i915#4270]: https://gitlab.freedesktop.org/drm/intel/issues/4270
[i915#4278]: https://gitlab.freedesktop.org/drm/intel/issues/4278
[i915#4281]: https://gitlab.freedesktop.org/drm/intel/issues/4281
[i915#4312]: https://gitlab.freedesktop.org/drm/intel/issues/4312
[i915#4349]: https://gitlab.freedesktop.org/drm/intel/issues/4349
[i915#4369]: https://gitlab.freedesktop.org/drm/intel/issues/4369
[i915#4391]: https://gitlab.freedesktop.org/drm/intel/issues/4391
[i915#4525]: https://gitlab.freedesktop.org/drm/intel/issues/4525
[i915#4538]: https://gitlab.freedesktop.org/drm/intel/issues/4538
[i915#4613]: https://gitlab.freedesktop.org/drm/intel/issues/4613
[i915#4807]: https://gitlab.freedesktop.org/drm/intel/issues/4807
[i915#4812]: https://gitlab.freedesktop.org/drm/intel/issues/4812
[i915#4818]: https://gitlab.freedesktop.org/drm/intel/issues/4818
[i915#4833]: https://gitlab.freedesktop.org/drm/intel/issues/4833
[i915#4842]: https://gitlab.freedesktop.org/drm/intel/issues/4842
[i915#4852]: https://gitlab.freedesktop.org/drm/intel/issues/4852
[i915#4853]: https://gitlab.freedesktop.org/drm/intel/issues/4853
[i915#4855]: https://gitlab.freedesktop.org/drm/intel/issues/4855
[i915#4859]: https://gitlab.freedesktop.org/drm/intel/issues/4859
[i915#4860]: https://gitlab.freedesktop.org/drm/intel/issues/4860
[i915#4872]: https://gitlab.freedesktop.org/drm/intel/issues/4872
[i915#4873]: https://gitlab.freedesktop.org/drm/intel/issues/4873
[i915#4876]: https://gitlab.freedesktop.org/drm/intel/issues/4876
[i915#4880]: https://gitlab.freedesktop.org/drm/intel/issues/4880
[i915#4886]: https://gitlab.freedesktop.org/drm/intel/issues/4886
[i915#4893]: https://gitlab.freedesktop.org/drm/intel/issues/4893
[i915#4899]: https://gitlab.freedesktop.org/drm/intel/issues/4899
[i915#4928]: https://gitlab.freedesktop.org/drm/intel/issues/4928
[i915#5076]: https://gitlab.freedesktop.org/drm/intel/issues/5076
[i915#5080]: https://gitlab.freedesktop.org/drm/intel/issues/5080
[i915#5098]: https://gitlab.freedesktop.org/drm/intel/issues/5098
[i915#5131]: https://gitlab.freedesktop.org/drm/intel/issues/5131
[i915#5176]: https://gitlab.freedesktop.org/drm/intel/issues/5176
[i915#5235]: https://gitlab.freedesktop.org/drm/intel/issues/5235
[i915#5257]: https://gitlab.freedesktop.org/drm/intel/issues/5257
[i915#533]: https://gitlab.freedesktop.org/drm/intel/issues/533
[i915#658]: https://gitlab.freedesktop.org/drm/intel/issues/658
Build changes
-------------
* Linux: CI_DRM_11316 -> Patchwork_22468
CI-20190529: 20190529
CI_DRM_11316: 41f05cc5d1eed1879e572ef203ef2dbe9a75aff8 @ git://anongit.freedesktop.org/gfx-ci/linux
IGT_6361: 2372a4beb6a33c5f0799a4a8ccbb93794f52dbca @ https://gitlab.freedesktop.org/drm/igt-gpu-tools.git
Patchwork_22468: 49f7781dc74065aad8b8517b6a9e2d963890da62 @ git://anongit.freedesktop.org/gfx-ci/linux
piglit_4509: fdc5a4ca11124ab8413c7988896eec4c97336694 @ git://anongit.freedesktop.org/piglit
== Logs ==
For more details see: https://intel-gfx-ci.01.org/tree/drm-tip/Patchwork_22468/index.html
[-- Attachment #2: Type: text/html, Size: 12040 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write
2022-03-09 11:45 ` Matthew Auld
@ 2022-03-11 10:37 ` Matthew Auld
0 siblings, 0 replies; 15+ messages in thread
From: Matthew Auld @ 2022-03-11 10:37 UTC (permalink / raw)
To: Matthew Auld
Cc: Katragadda, MastanX, intel-gfx, Surendrakumar Upadhyay, TejaskumarX
On Wed, 9 Mar 2022 at 11:46, Matthew Auld <matthew.auld@intel.com> wrote:
>
> On 09/03/2022 11:19, Katragadda, MastanX wrote:
> > Hi,
> >
> > can we have ack? or we need to do anything further to get r-o-b.
>
> There was just the potential strangeness around len <= 0, and exactly
> how we are meant to handle that, but if you are confident that is
> already covered in a sane way, then feel free to add,
> Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Pushed to drm-intel-gt-next, with the commit message fixed up. Thanks
for the fix.
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2022-03-11 10:38 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-03 6:04 [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Mastan Katragadda
2022-03-03 6:48 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
2022-03-10 9:20 ` Matthew Auld
2022-03-10 16:33 ` Vudum, Lakshminarayana
2022-03-03 9:00 ` [Intel-gfx] [v2] drm/i915/gem: missing boundary check in vm_access leads to OOB read/write Tvrtko Ursulin
2022-03-03 10:43 ` Matthew Auld
2022-03-04 4:07 ` Katragadda, MastanX
2022-03-09 1:46 ` Katragadda, MastanX
2022-03-09 11:19 ` Katragadda, MastanX
2022-03-09 11:45 ` Matthew Auld
2022-03-11 10:37 ` Matthew Auld
2022-03-03 9:33 ` Jani Nikula
2022-03-10 15:40 ` [Intel-gfx] ✗ Fi.CI.BAT: failure for drm/i915/gem: missing boundary check in vm_access leads to OOB read/write (rev2) Patchwork
2022-03-10 15:52 ` [Intel-gfx] ✓ Fi.CI.BAT: success " Patchwork
2022-03-10 18:48 ` [Intel-gfx] ✓ Fi.CI.IGT: " Patchwork
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.