All of lore.kernel.org
 help / color / mirror / Atom feed
From: Zack Rusin <zackr@vmware.com>
To: "chuck.lever@oracle.com" <chuck.lever@oracle.com>
Cc: "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>
Subject: Re: KASAN splat in vmwgfx driver
Date: Wed, 16 Mar 2022 03:24:07 +0000	[thread overview]
Message-ID: <bf950aa65380a4e3b1f61a24dbff20ca40690cf4.camel@vmware.com> (raw)
In-Reply-To: <A31D4988-1D08-438D-B1D3-F80DDB244D62@oracle.com>

On Wed, 2022-03-16 at 00:45 +0000, Chuck Lever III wrote:
> For a kernel development project I'm working on, I'm using
> Linux in a VMware guest. After kernel v5.16.2, I noticed
> this KASAN splat:

Ah, yea, thanks. It's because vmw_bo_create_kernel creates a raw
ttm_buffer_object instead of vmw_buffer_object. 

With the change to allocate those mob backed objects in VMW_PL_SYSTEM
we have to migrate them from TTM_PL_SYSTEM but vmw_query_move_notify
assumes that kernel objects never migrate and so are always
vmw_buffer_object which is not the case anymore.

KASAN here complains about the container_of(bo, struct
vmw_buffer_object, base); it's in general harmless because the results
are only used if new_mem->mem_type == TTM_PL_SYSTEM && old_mem-
>mem_type == VMW_PL_MOB which is not going to be the case here, but it
is an invalid read and we'll get to it as soon as we can.

z

      reply	other threads:[~2022-03-16  3:24 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-16  0:45 KASAN splat in vmwgfx driver Chuck Lever III
2022-03-16  3:24 ` Zack Rusin [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bf950aa65380a4e3b1f61a24dbff20ca40690cf4.camel@vmware.com \
    --to=zackr@vmware.com \
    --cc=chuck.lever@oracle.com \
    --cc=dri-devel@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.