niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity
linux/drivers/gpu/drm/i915/gt
History
Janusz Krzysztofik 996c3412a0 drm/i915/gt: Fix potential UAF by revoke of fence registers 
CI has been sporadically reporting the following issue triggered by
igt@i915_selftest@live@hangcheck on ADL-P and similar machines:

<6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence
...
<6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled
<6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled
<3> [414.070354] Unable to pin Y-tiled fence; err:-4
<3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active))
...
<4>[  609.603992] ------------[ cut here ]------------
<2>[  609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!
<4>[  609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[  609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G     U  W          6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1
<4>[  609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023
<4>[  609.604010] Workqueue: i915 __i915_gem_free_work [i915]
<4>[  609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]
...
<4>[  609.604271] Call Trace:
<4>[  609.604273]  <TASK>
...
<4>[  609.604716]  __i915_vma_evict+0x2e9/0x550 [i915]
<4>[  609.604852]  __i915_vma_unbind+0x7c/0x160 [i915]
<4>[  609.604977]  force_unbind+0x24/0xa0 [i915]
<4>[  609.605098]  i915_vma_destroy+0x2f/0xa0 [i915]
<4>[  609.605210]  __i915_gem_object_pages_fini+0x51/0x2f0 [i915]
<4>[  609.605330]  __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]
<4>[  609.605440]  process_scheduled_works+0x351/0x690
...

In the past, there were similar failures reported by CI from other IGT
tests, observed on other platforms.

Before commit 63baf4f3d5 ("drm/i915/gt: Only wait for GPU activity
before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for
idleness of vma->active via fence_update().   That commit introduced
vma->fence->active in order for the fence_update() to be able to wait
selectively on that one instead of vma->active since only idleness of
fence registers was needed.  But then, another commit 0d86ee3509
("drm/i915/gt: Make fence revocation unequivocal") replaced the call to
fence_update() in i915_vma_revoke_fence() with only fence_write(), and
also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front.
No justification was provided on why we might then expect idleness of
vma->fence->active without first waiting on it.

The issue can be potentially caused by a race among revocation of fence
registers on one side and sequential execution of signal callbacks invoked
on completion of a request that was using them on the other, still
processed in parallel to revocation of those fence registers.  Fix it by
waiting for idleness of vma->fence->active in i915_vma_revoke_fence().

Fixes: 0d86ee3509 ("drm/i915/gt: Make fence revocation unequivocal")
Closes: https://gitlab.freedesktop.org/drm/intel/issues/10021
Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
Cc: stable@vger.kernel.org # v5.8+
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240603195446.297690-2-janusz.krzysztofik@linux.intel.com
(cherry picked from commit 24bb052d3d)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
2024-06-24 13:05:15 +03:00
..
selftests
shaders drm/i915: Include asm sources for {ivb, hsw}_clear_kernel.c 2020-06-29 11:29:12 +03:00
uc drm/i915/guc: avoid FIELD_PREP warning 2024-05-29 11:35:26 +03:00
gen2_engine_cs.c drm/i915: use direct alias for i915 in requests 2023-07-24 17:24:35 +02:00
gen2_engine_cs.h
gen6_engine_cs.c drm/i915/gt: Move engine registers to their own header 2022-01-11 14:03:25 -08:00
gen6_engine_cs.h
gen6_ppgtt.c drm/i915: use pat_index instead of cache_level 2023-05-11 17:38:55 +02:00
gen6_ppgtt.h drm/i915: Create a dummy object for gen6 ppgtt 2021-11-19 17:38:03 +00:00
gen6_renderstate.c drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
gen7_renderclear.c drm/i915: Wrap all access to i915_vma.node.start|size 2022-12-06 10:52:42 +01:00
gen7_renderclear.h
gen7_renderstate.c drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
gen8_engine_cs.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
gen8_engine_cs.h drm/i915/gt: Support aux invalidation on all engines 2023-07-26 14:35:32 +02:00
gen8_ppgtt.c Linux 6.9-rc5 2024-04-22 14:35:52 +10:00
gen8_ppgtt.h drm/i915: use pat_index instead of cache_level 2023-05-11 17:38:55 +02:00
gen8_renderstate.c drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
gen9_renderstate.c drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
hsw_clear_kernel.c
intel_breadcrumbs.c drm/i915/gt: Disarm breadcrumbs if engines are already idle 2024-05-29 11:35:15 +03:00
intel_breadcrumbs.h drm/i915/guc: Direct all breadcrumbs for a class to single breadcrumbs 2021-07-27 17:31:35 -07:00
intel_breadcrumbs_types.h drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
intel_context.c drm/i915: Account ring buffer and context state storage 2023-11-10 11:49:02 +00:00
intel_context.h drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
intel_context_param.h drm/i915/gem: Set the watchdog timeout directly in intel_context_set_gem (v2) 2021-07-08 19:43:49 +02:00
intel_context_sseu.c drm/i915/lrc: move lrc_get_runtime() to intel_lrc.c 2022-02-17 15:42:09 +02:00
intel_context_types.h drm/i915/guc: Use context hints for GT frequency 2024-03-07 10:25:06 -08:00
intel_engine.h drm/i915: Create a kernel context for GGTT updates 2023-09-30 13:49:17 +02:00
intel_engine_cs.c drm/i915/gt: Fix CCS id's calculation for CCS mode setting 2024-05-29 11:35:38 +03:00
intel_engine_heartbeat.c Merge drm/drm-next into drm-misc-next-fixes 2024-02-26 15:12:53 +01:00
intel_engine_heartbeat.h drm/i915: Reset GPU immediately if submission is disabled 2021-07-27 17:31:45 -07:00
intel_engine_pm.c drm/i915/gt: Reset queue_priority_hint on parking 2024-03-28 12:16:16 -04:00
intel_engine_pm.h drm/i915: Move for_each_engine* out of i915_drv.h 2023-11-06 09:04:52 +00:00
intel_engine_regs.h drm/i915/xelpmp: Add Wa_16021867713 2023-11-07 13:25:46 -08:00
intel_engine_stats.h drm/i915/pmu: Add a name to the execlists stats 2021-10-28 11:02:18 -07:00
intel_engine_types.h drm/i915/guc: Enable Wa_14019159160 2024-03-07 15:26:47 -08:00
intel_engine_user.c drm/i915/gsc: Mark internal GSC engine with reserved uabi class 2023-11-29 10:23:11 +02:00
intel_engine_user.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_execlists_submission.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_execlists_submission.h drm/i915: Fix up locking around dumping requests lists 2023-01-30 15:48:21 -05:00
intel_ggtt.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_ggtt_fencing.c drm/i915/gt: Fix potential UAF by revoke of fence registers 2024-06-24 13:05:15 +03:00
intel_ggtt_fencing.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_ggtt_gmch.c drm/i915/gt: Fix parameter in gmch_ggtt_insert_{entries, page}() 2023-06-02 02:46:09 +02:00
intel_ggtt_gmch.h drm/i915/gt: Re-do the intel-gtt split 2022-06-22 15:52:56 -07:00
intel_gpu_commands.h drm/i915/gt: Poll aux invalidation register bit on invalidation 2023-07-26 14:35:32 +02:00
intel_gsc.c drm/i915: Drop dead code for xehpsdv 2024-03-22 14:14:39 -07:00
intel_gsc.h drm/i915/gt: reconcile Excess struct member kernel-doc warnings 2024-01-10 11:56:19 +02:00
intel_gt.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_gt.h Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_gt_buffer_pool.c drm/i915: add a dedicated workqueue inside drm_i915_private 2023-06-10 06:33:11 +03:00
intel_gt_buffer_pool.h drm/i915: Defer pin calls in buffer pool until first use by caller. 2021-03-24 17:27:20 +01:00
intel_gt_buffer_pool_types.h Merge tag 'drm-intel-gt-next-2021-04-06' of git://anongit.freedesktop.org/drm/drm-intel into drm-next 2021-04-08 12:46:12 +10:00
intel_gt_ccs_mode.c drm/i915/gt: Fix CCS id's calculation for CCS mode setting 2024-05-29 11:35:38 +03:00
intel_gt_ccs_mode.h drm/i915/gt: Automate CCS Mode setting during engine resets 2024-05-06 14:15:24 -04:00
intel_gt_clock_utils.c drm/i915/gt: Start adding module oriented dmesg output 2023-01-17 15:28:28 -08:00
intel_gt_clock_utils.h drm/i915/gt: Consolidate the CS timestamp clocks 2020-12-23 21:10:41 +00:00
intel_gt_debugfs.c drm/i915/gt: Create per-gt debugfs files 2023-03-21 10:09:31 +01:00
intel_gt_debugfs.h drm/i915/debugfs: Do not return '0' if there is nothing to return 2022-03-22 10:08:20 +00:00
intel_gt_defines.h i915/drm/gt: Move the gt defines in the gt directory 2023-08-02 15:41:31 +02:00
intel_gt_engines_debugfs.c drm/i915: Move for_each_engine* out of i915_drv.h 2023-11-06 09:04:52 +00:00
intel_gt_engines_debugfs.h drm/i915: rename debugfs_engines files 2021-09-18 23:33:22 -07:00
intel_gt_irq.c drm/i915/gt: Create the gt_to_guc() wrapper 2024-03-01 13:19:43 +01:00
intel_gt_irq.h drm/i915/gt: Move CS interrupt handler to the backend 2021-05-25 15:14:40 +02:00
intel_gt_mcr.c drm/i915: Drop dead code for pvc 2024-03-22 14:14:56 -07:00
intel_gt_mcr.h drm/i915: Update IP_VER(12, 50) 2024-03-22 14:14:52 -07:00
intel_gt_pm.c drm/i915: Refactor confusing __intel_gt_reset() 2024-04-24 18:48:31 +02:00
intel_gt_pm.h drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
intel_gt_pm_debugfs.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_gt_pm_debugfs.h drm/i915/debugfs: Do not return '0' if there is nothing to return 2022-03-22 10:08:20 +00:00
intel_gt_pm_irq.c drm/i915/mtl: Use primary GT's irq lock for media GT 2022-09-12 15:23:12 +03:00
intel_gt_pm_irq.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_gt_print.h drm/i915/gt: More use of GT specific print helpers 2023-10-10 15:40:24 -07:00
intel_gt_regs.h Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_gt_requests.c drm/i915: add a dedicated workqueue inside drm_i915_private 2023-06-10 06:33:11 +03:00
intel_gt_requests.h drm/i915: use linux/stddef.h due to "isystem: trim/fixup stdarg.h and other headers" 2021-09-06 09:31:23 +02:00
intel_gt_sysfs.c drm/i915: Make kobj_type structures constant 2023-02-17 11:50:28 +02:00
intel_gt_sysfs.h drm/i915: Fix CFI violations in gt_sysfs 2022-10-27 19:14:53 +02:00
intel_gt_sysfs_pm.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_gt_sysfs_pm.h drm/i915/gt: Create per-tile RC6 sysfs interface 2022-03-21 08:37:42 +00:00
intel_gt_types.h drm/i915/gt: Fix CCS id's calculation for CCS mode setting 2024-05-29 11:35:38 +03:00
intel_gtt.c drm/i915: Update IP_VER(12, 50) 2024-03-22 14:14:52 -07:00
intel_gtt.h drm/i915: Record which client owns a VM 2023-11-10 11:48:54 +00:00
intel_hwconfig.h drm/i915/guc: Add fetch of hwconfig blob 2022-03-17 19:51:48 -07:00
intel_llc.c drm/i915/slpc: Let's fix the PCODE min freq table setup for SLPC 2022-09-06 14:51:43 -04:00
intel_llc.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_llc_types.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_lrc.c drm/i915: Update IP_VER(12, 50) 2024-03-22 14:14:52 -07:00
intel_lrc.h drm/i915/perf: Fix OA filtering logic for GuC mode 2022-10-27 12:35:56 -07:00
intel_lrc_reg.h drm/i915/gt: Move engine registers to their own header 2022-01-11 14:03:25 -08:00
intel_migrate.c drm/i915: Update IP_VER(12, 50) 2024-03-22 14:14:52 -07:00
intel_migrate.h drm/i915: use pat_index instead of cache_level 2023-05-11 17:38:55 +02:00
intel_migrate_types.h drm/i915/gt: Pipelined page migration 2021-06-17 14:23:05 +01:00
intel_mocs.c drm/i915: Drop dead code for pvc 2024-03-22 14:14:56 -07:00
intel_mocs.h drm/i915/gt: Add "intel_" as prefix in set_mocs_index() 2021-09-20 08:23:27 -07:00
intel_ppgtt.c drm/i915: Invalidate the TLBs on each GT 2023-08-02 15:56:44 +02:00
intel_rc6.c drm/i915/gt: Create the gt_to_guc() wrapper 2024-03-01 13:19:43 +01:00
intel_rc6.h drm/i915/mtl: Synchronize i915/BIOS on C6 enabling 2023-03-24 08:43:32 -07:00
intel_rc6_types.h drm/i915/mtl: Synchronize i915/BIOS on C6 enabling 2023-03-24 08:43:32 -07:00
intel_region_lmem.c drm/i915: Rename the DSM/GSM registers 2024-02-07 01:59:01 +02:00
intel_region_lmem.h drm/i915: Kill the fake lmem support 2022-02-18 22:31:46 -08:00
intel_renderstate.c drm/i915: Wrap all access to i915_vma.node.start|size 2022-12-06 10:52:42 +01:00
intel_renderstate.h drm/i915: Break out dma_resv ww locking utilities to separate files 2021-06-17 14:22:59 +01:00
intel_reset.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_reset.h drm/i915: Refactor confusing __intel_gt_reset() 2024-04-24 18:48:31 +02:00
intel_reset_types.h drm/i915/gt: Rename dev_priv to i915 for private data naming consistency 2023-02-27 23:22:54 +01:00
intel_ring.c drm/i915: Make i915_coherent_map_type GT-centric 2023-08-10 14:14:11 +02:00
intel_ring.h drm/i915/gt: Pipelined page migration 2021-06-17 14:23:05 +01:00
intel_ring_submission.c drm/i915: use direct alias for i915 in requests 2023-07-24 17:24:35 +02:00
intel_ring_types.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
intel_rps.c Merge tag 'drm-intel-gt-next-2024-04-26' of https://anongit.freedesktop.org/git/drm/drm-intel into drm-next 2024-04-30 14:40:43 +10:00
intel_rps.h drm/i915: Add helpers for managing rps thresholds 2023-07-19 11:28:28 +01:00
intel_rps_types.h drm/i915/gt: Rename dev_priv to i915 for private data naming consistency 2023-02-27 23:22:54 +01:00
intel_sa_media.c drm/i915/uncore: add intel_uncore_regs() helper 2023-07-04 17:12:48 +03:00
intel_sa_media.h drm/i915/xelpmp: Expose media as another GT 2022-09-12 15:23:12 +03:00
intel_sseu.c drm/i915: Drop dead code for pvc 2024-03-22 14:14:56 -07:00
intel_sseu.h drm/i915/sseu: fix max_subslices array-index-out-of-bounds access 2023-03-13 11:38:05 +02:00
intel_sseu_debugfs.c drm/i915/sseu: Disassociate internal subslice mask representation from uapi 2022-06-02 07:20:59 -07:00
intel_sseu_debugfs.h drm/i915: Move sseu debugfs under gt/ 2020-07-08 21:40:15 +01:00
intel_timeline.c drm/i915: don't include drm_cache.h in i915_drv.h 2022-02-14 13:19:37 +02:00
intel_timeline.h Merge tag 'drm-intel-gt-next-2021-04-06' of git://anongit.freedesktop.org/drm/drm-intel into drm-next 2021-04-08 12:46:12 +10:00
intel_timeline_types.h Merge tag 'drm-intel-gt-next-2021-04-06' of git://anongit.freedesktop.org/drm/drm-intel into drm-next 2021-04-08 12:46:12 +10:00
intel_tlb.c drm/i915/gt: Create the gt_to_guc() wrapper 2024-03-01 13:19:43 +01:00
intel_tlb.h drm/i915/gt: Move TLB invalidation to its own file 2023-08-02 15:40:11 +02:00
intel_wopcm.c drm/i915/mtl: Handle wopcm per-GT and limit calculations. 2022-11-14 10:11:47 -08:00
intel_wopcm.h drm/i915/mtl: Handle wopcm per-GT and limit calculations. 2022-11-14 10:11:47 -08:00
intel_workarounds.c drm for 6.10-rc1 2024-05-15 09:43:42 -07:00
intel_workarounds.h drm/i915: Make wa list per-gt 2021-09-20 08:06:36 -07:00
intel_workarounds_types.h drm/i915: Partial abandonment of legacy DRM logging macros 2022-11-10 12:35:46 +00:00
ivb_clear_kernel.c
mock_engine.c drm/i915: Add ww ctx to i915_gem_object_trylock 2021-12-21 13:27:29 +01:00
mock_engine.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
selftest_context.c drm/i915: switch from drm_debug_printer() to device specific drm_dbg_printer() 2024-02-09 11:52:06 +02:00
selftest_engine.c drm/i915/gt: Use to_gt() helper 2021-12-17 21:50:06 -08:00
selftest_engine.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
selftest_engine_cs.c drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
selftest_engine_heartbeat.c drm/i915: use drm_printf() with the drm_err_printer intead of pr_err() 2024-02-09 11:52:09 +02:00
selftest_engine_heartbeat.h drm/i915/selftest: Fix hangcheck self test for GuC submission 2021-07-27 17:32:23 -07:00
selftest_engine_pm.c drm/i915/gt: Use gt_err for GT info 2023-05-03 12:56:10 +02:00
selftest_execlists.c drm/i915/gt: Use the correct error value when kernel_context() fails 2023-06-01 18:14:53 +02:00
selftest_gt_pm.c drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
selftest_hangcheck.c drm/i915/selftest_hangcheck: Check sanity with more patience 2024-03-05 17:42:05 +01:00
selftest_llc.c drm/i915: remove unnecessary intel_pm.h includes 2023-03-06 18:26:30 +02:00
selftest_llc.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
selftest_lrc.c drm/i915/gt: add selftest to exercise WABB 2023-10-31 13:06:21 +01:00
selftest_migrate.c As usual, lots of singleton and doubleton patches all over the tree and 2023-11-02 20:53:31 -10:00
selftest_mocs.c drm/i915: use direct alias for i915 in requests 2023-07-24 17:24:35 +02:00
selftest_rc6.c drm/i915/selftests: Increasing the sleep time for live_rc6_manual 2024-02-13 19:55:52 +05:30
selftest_rc6.h drm/i915/gt: SPDX cleanup 2021-03-24 19:30:34 +01:00
selftest_reset.c drm/i915: Refactor confusing __intel_gt_reset() 2024-04-24 18:48:31 +02:00
selftest_ring.c
selftest_ring_submission.c drm/i915: Wrap all access to i915_vma.node.start|size 2022-12-06 10:52:42 +01:00
selftest_rps.c drm/i915: Track gt pm wakerefs 2023-11-20 12:36:56 +01:00
selftest_rps.h
selftest_slpc.c drm/i915/gt: Create the gt_to_guc() wrapper 2024-03-01 13:19:43 +01:00
selftest_timeline.c drm/i915: use direct alias for i915 in requests 2023-07-24 17:24:35 +02:00
selftest_tlb.c drm/i915: Use struct resource for memory region IO as well 2024-02-07 01:58:40 +02:00
selftest_workarounds.c drm/i915/selftest: use igt_vma_move_to_active_unlocked if possible 2023-01-09 14:23:52 +01:00
shmem_utils.c fix missing vmalloc.h includes 2024-04-25 20:55:49 -07:00
shmem_utils.h drm/i915/gt: Add helper for shmem copy to iosys_map 2022-02-25 15:23:18 -08:00
st_shmem_utils.c
sysfs_engines.c drm/i915/gt: make kobj attributes const 2023-03-15 12:20:11 +02:00
sysfs_engines.h