All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
@ 2022-05-23  0:24 Dave Airlie
  2022-05-23 20:06 ` Alex Deucher
  0 siblings, 1 reply; 2+ messages in thread
From: Dave Airlie @ 2022-05-23  0:24 UTC (permalink / raw)
  To: amd-gfx

From: Dave Airlie <airlied@redhat.com>

Submitting a cs with 0 chunks, causes an oops later, found trying
to execute the wrong userspace driver.

MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo

[172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8
[172536.665188] #PF: supervisor read access in kernel mode
[172536.665189] #PF: error_code(0x0000) - not-present page
[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
[172536.665195] Oops: 0000 [#1] SMP NOPTI
[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P           O      5.10.81 #1-NixOS
[172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
[172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246
[172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68
[172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38
[172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40
[172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28
[172536.665283] FS:  00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000
[172536.665284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0
[172536.665287] Call Trace:
[172536.665322]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665332]  drm_ioctl_kernel+0xaa/0xf0 [drm]
[172536.665338]  drm_ioctl+0x201/0x3b0 [drm]
[172536.665369]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665372]  ? selinux_file_ioctl+0x135/0x230
[172536.665399]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[172536.665403]  __x64_sys_ioctl+0x83/0xb0
[172536.665406]  do_syscall_64+0x33/0x40
[172536.665409]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
Reported-by: Michael Bishop
Signed-off-by: Dave Airlie <airlied@redhat.com>
Cc: stable@vger.kernel.org
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index d0d0ea565e3d..2019622191b5 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -116,7 +116,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, union drm_amdgpu_cs
 	int ret;
 
 	if (cs->in.num_chunks == 0)
-		return 0;
+		return -EINVAL;
 
 	chunk_array = kvmalloc_array(cs->in.num_chunks, sizeof(uint64_t), GFP_KERNEL);
 	if (!chunk_array)
-- 
2.35.3


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
  2022-05-23  0:24 [PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Dave Airlie
@ 2022-05-23 20:06 ` Alex Deucher
  0 siblings, 0 replies; 2+ messages in thread
From: Alex Deucher @ 2022-05-23 20:06 UTC (permalink / raw)
  To: Dave Airlie; +Cc: amd-gfx list

On Sun, May 22, 2022 at 8:32 PM Dave Airlie <airlied@gmail.com> wrote:
>
> From: Dave Airlie <airlied@redhat.com>
>
> Submitting a cs with 0 chunks, causes an oops later, found trying
> to execute the wrong userspace driver.
>
> MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo
>
> [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8
> [172536.665188] #PF: supervisor read access in kernel mode
> [172536.665189] #PF: error_code(0x0000) - not-present page
> [172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
> [172536.665195] Oops: 0000 [#1] SMP NOPTI
> [172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P           O      5.10.81 #1-NixOS
> [172536.665199] Hardware name: To be filled by O.E.M. To be filled by O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
> [172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
> [172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
> [172536.665276] RSP: 0018:ffffb47c0e81bbe0 EFLAGS: 00010246
> [172536.665277] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
> [172536.665278] RDX: 0000000000000000 RSI: ffffb47c0e81be28 RDI: ffffb47c0e81bd68
> [172536.665279] RBP: ffff936524080010 R08: 0000000000000000 R09: ffffb47c0e81be38
> [172536.665281] R10: ffff936524080010 R11: ffff936524080000 R12: ffffb47c0e81bc40
> [172536.665282] R13: ffffb47c0e81be28 R14: ffff9367bc410000 R15: ffffb47c0e81be28
> [172536.665283] FS:  00007fe35e05d740(0000) GS:ffff936c1edc0000(0000) knlGS:0000000000000000
> [172536.665284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [172536.665286] CR2: 00000000000001d8 CR3: 0000000532e46000 CR4: 00000000000406e0
> [172536.665287] Call Trace:
> [172536.665322]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
> [172536.665332]  drm_ioctl_kernel+0xaa/0xf0 [drm]
> [172536.665338]  drm_ioctl+0x201/0x3b0 [drm]
> [172536.665369]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
> [172536.665372]  ? selinux_file_ioctl+0x135/0x230
> [172536.665399]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
> [172536.665403]  __x64_sys_ioctl+0x83/0xb0
> [172536.665406]  do_syscall_64+0x33/0x40
> [172536.665409]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
> Reported-by: Michael Bishop
> Signed-off-by: Dave Airlie <airlied@redhat.com>
> Cc: stable@vger.kernel.org

Reviewed-by: Alex Deucher <alexander.deucher@amd.com>

And applied.

Alex


> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index d0d0ea565e3d..2019622191b5 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -116,7 +116,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser *p, union drm_amdgpu_cs
>         int ret;
>
>         if (cs->in.num_chunks == 0)
> -               return 0;
> +               return -EINVAL;
>
>         chunk_array = kvmalloc_array(cs->in.num_chunks, sizeof(uint64_t), GFP_KERNEL);
>         if (!chunk_array)
> --
> 2.35.3
>

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-05-23 20:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-23  0:24 [PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour Dave Airlie
2022-05-23 20:06 ` Alex Deucher

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.