* KASAN splat in vmwgfx driver
@ 2022-03-16 0:45 Chuck Lever III
2022-03-16 3:24 ` Zack Rusin
0 siblings, 1 reply; 2+ messages in thread
From: Chuck Lever III @ 2022-03-16 0:45 UTC (permalink / raw)
To: Zack Rusin; +Cc: dri-devel
For a kernel development project I'm working on, I'm using
Linux in a VMware guest. After kernel v5.16.2, I noticed
this KASAN splat:
Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: vgaarb: deactivate vga console
Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: Console: switching to colour dummy device 80x25
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: [TTM] Zone kernel: Available graphics memory: 2027952 KiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] FIFO at 0x00000000fe000000 size is 8192 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] VRAM at 0x00000000e8000000 size is 131072 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Running on SVGA version 2.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] DMA map mode: Caching DMA mappings.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Legacy memory limits: VRAM = 4096 kB, FIFO = 256 kB, surface = 0 kB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] MOB limits: max mob size = 1048576 kB, max mob pages = 2097152
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Capabilities: rect copy, cursor, cursor bypass, cursor bypass 2, 8bit e>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Capabilities2: grow otable, intra surface copy, dx2, gb memsize 2, scre>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max GMR ids is 64
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max number of GMR pages is 65536
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Maximum display memory size is 262144 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Screen Target display unit initialized
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Fifo max 0x00040000 min 0x00001000 cap 0x0000077f
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: ==================================================================
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: BUG: KASAN: slab-out-of-bounds in vmw_query_move_notify+0x206/0x230 [vmwgfx]
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: Read of size 8 at addr ffff88813101a1c8 by task systemd-udevd/405
Bisected to f6be23264bba ("drm/vmwgfx: Introduce a new placement for MOB page tables")
I don't see an obvious fix for this issue in the stream of
subsequent commits.
--
Chuck Lever
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: KASAN splat in vmwgfx driver
2022-03-16 0:45 KASAN splat in vmwgfx driver Chuck Lever III
@ 2022-03-16 3:24 ` Zack Rusin
0 siblings, 0 replies; 2+ messages in thread
From: Zack Rusin @ 2022-03-16 3:24 UTC (permalink / raw)
To: chuck.lever; +Cc: dri-devel
On Wed, 2022-03-16 at 00:45 +0000, Chuck Lever III wrote:
> For a kernel development project I'm working on, I'm using
> Linux in a VMware guest. After kernel v5.16.2, I noticed
> this KASAN splat:
Ah, yea, thanks. It's because vmw_bo_create_kernel creates a raw
ttm_buffer_object instead of vmw_buffer_object.
With the change to allocate those mob backed objects in VMW_PL_SYSTEM
we have to migrate them from TTM_PL_SYSTEM but vmw_query_move_notify
assumes that kernel objects never migrate and so are always
vmw_buffer_object which is not the case anymore.
KASAN here complains about the container_of(bo, struct
vmw_buffer_object, base); it's in general harmless because the results
are only used if new_mem->mem_type == TTM_PL_SYSTEM && old_mem-
>mem_type == VMW_PL_MOB which is not going to be the case here, but it
is an invalid read and we'll get to it as soon as we can.
z
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-16 3:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-16 0:45 KASAN splat in vmwgfx driver Chuck Lever III
2022-03-16 3:24 ` Zack Rusin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.