mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/gpu/drm/i915
History
Maarten Lankhorst a581483b1e drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. 
This fixes the following KASAN splash on module reload:
[  145.136327] ==================================================================
[  145.136502] BUG: KASAN: use-after-free in intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136514] Read of size 8 at addr ffff888216641830 by task kworker/1:1/134

[  145.136535] CPU: 1 PID: 134 Comm: kworker/1:1 Tainted: G     U          T 5.5.0-rc7-valkyria+ #5783
[  145.136539] Hardware name: GIGABYTE GB-BKi3A-7100/MFLP3AP-00, BIOS F1 07/27/2016
[  145.136546] Workqueue: events drm_connector_free_work_fn
[  145.136551] Call Trace:
[  145.136560]  dump_stack+0xa1/0xe0
[  145.136571]  print_address_description.constprop.0+0x1e/0x210
[  145.136639]  ? intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136703]  ? intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136710]  __kasan_report.cold+0x1b/0x37
[  145.136790]  ? intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136863]  ? intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136870]  kasan_report+0x27/0x30
[  145.136881]  __asan_report_load8_noabort+0x1c/0x20
[  145.136946]  intel_hdmi_destroy+0x74/0x80 [i915]
[  145.136954]  drm_connector_free_work_fn+0xd1/0x100
[  145.136967]  process_one_work+0x86e/0x1610
[  145.136987]  ? pwq_dec_nr_in_flight+0x2f0/0x2f0
[  145.137004]  ? move_linked_works+0x128/0x2c0
[  145.137021]  worker_thread+0x63e/0xc90
[  145.137048]  kthread+0x2f6/0x3f0
[  145.137054]  ? calculate_sigpending+0x81/0xa0
[  145.137059]  ? process_one_work+0x1610/0x1610
[  145.137064]  ? kthread_bind+0x40/0x40
[  145.137075]  ret_from_fork+0x24/0x30

[  145.137111] Allocated by task 0:
[  145.137119] (stack is not available)

[  145.137137] Freed by task 5053:
[  145.137147]  save_stack+0x28/0x90
[  145.137152]  __kasan_slab_free+0x136/0x180
[  145.137157]  kasan_slab_free+0x26/0x30
[  145.137161]  kfree+0xe6/0x350
[  145.137242]  intel_ddi_encoder_destroy+0x60/0x80 [i915]
[  145.137252]  drm_mode_config_cleanup+0x11d/0x8f0
[  145.137329]  intel_modeset_driver_remove+0x1f5/0x350 [i915]
[  145.137403]  i915_driver_remove+0xc4/0x130 [i915]
[  145.137482]  i915_pci_remove+0x3e/0x90 [i915]
[  145.137489]  pci_device_remove+0x108/0x2d0
[  145.137494]  device_release_driver_internal+0x1e6/0x4a0
[  145.137499]  driver_detach+0xcb/0x198
[  145.137503]  bus_remove_driver+0xde/0x204
[  145.137508]  driver_unregister+0x6d/0xa0
[  145.137513]  pci_unregister_driver+0x2e/0x230
[  145.137576]  i915_exit+0x1f/0x26 [i915]
[  145.137157]  kasan_slab_free+0x26/0x30
[  145.137161]  kfree+0xe6/0x350
[  145.137242]  intel_ddi_encoder_destroy+0x60/0x80 [i915]
[  145.137252]  drm_mode_config_cleanup+0x11d/0x8f0
[  145.137329]  intel_modeset_driver_remove+0x1f5/0x350 [i915]
[  145.137403]  i915_driver_remove+0xc4/0x130 [i915]
[  145.137482]  i915_pci_remove+0x3e/0x90 [i915]
[  145.137489]  pci_device_remove+0x108/0x2d0
[  145.137494]  device_release_driver_internal+0x1e6/0x4a0
[  145.137499]  driver_detach+0xcb/0x198
[  145.137503]  bus_remove_driver+0xde/0x204
[  145.137508]  driver_unregister+0x6d/0xa0
[  145.137513]  pci_unregister_driver+0x2e/0x230
[  145.137576]  i915_exit+0x1f/0x26 [i915]
[  145.137581]  __x64_sys_delete_module+0x35b/0x470
[  145.137586]  do_syscall_64+0x99/0x4e0
[  145.137591]  entry_SYSCALL_64_after_hwframe+0x49/0xbe

[  145.137606] The buggy address belongs to the object at ffff888216640000
                which belongs to the cache kmalloc-8k of size 8192
[  145.137618] The buggy address is located 6192 bytes inside of
                8192-byte region [ffff888216640000, ffff888216642000)
[  145.137630] The buggy address belongs to the page:
[  145.137640] page:ffffea0008599000 refcount:1 mapcount:0 mapping:ffff888107c02a80 index:0xffff888216644000 compound_mapcount: 0
[  145.137647] raw: 0200000000010200 0000000000000000 0000000100000001 ffff888107c02a80
[  145.137652] raw: ffff888216644000 0000000080020001 00000001ffffffff 0000000000000000
[  145.137656] page dumped because: kasan: bad access detected

[  145.137668] Memory state around the buggy address:
[  145.137678]  ffff888216641700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.137687]  ffff888216641780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.137697] >ffff888216641800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.137706]                                      ^
[  145.137715]  ffff888216641880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.137724]  ffff888216641900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.137733] ==================================================================
[  145.137742] Disabling lock debugging due to kernel taint

Changes since v1:
- Add fixes tags.
- Use early unregister.

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Fixes: 9c229127ae ("drm/i915: hdmi: add CEC notifier to intel_hdmi")
Cc: <stable@vger.kernel.org> # v4.19+
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20200212135445.1469133-1-maarten.lankhorst@linux.intel.com
2020-07-14 13:32:05 +02:00
..
display drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2. 2020-07-14 13:32:05 +02:00
gem drm/i915: Remove i915_gem_object_get_dirty_page() 2020-07-08 22:05:51 +01:00
gt drm/i915: Skip signaling a signaled request 2020-07-13 17:57:54 +01:00
gvt drm/i915: Move the engine mask to intel_gt_info 2020-07-08 21:07:11 +01:00
selftests drm/i915/selftest: fix an error return path where err is not being set 2020-07-13 15:45:32 +01:00
.gitignore
i915_active.c
i915_active.h
i915_active_types.h
i915_buddy.c
i915_buddy.h
i915_cmd_parser.c drm/i915: Whitelist context-local timestamp in the gen9 cmdparser 2020-06-02 16:35:29 +03:00
i915_config.c drm/i915: Replace the hardcoded I915_FENCE_TIMEOUT 2020-05-09 12:57:57 +01:00
i915_debugfs.c drm/i915/dg1: add support for the master unit interrupt 2020-07-14 02:47:19 -07:00
i915_debugfs.h
i915_debugfs_params.c drm/i915/params: switch to device specific parameters 2020-06-22 23:26:40 +03:00
i915_debugfs_params.h
i915_drv.c drm/i915: Introduce gt_init_mmio 2020-07-08 21:07:13 +01:00
i915_drv.h drm/i915/dg1: add initial DG-1 definitions 2020-07-14 02:47:17 -07:00
i915_fixed.h
i915_gem.c drm/i915: Leave vma intact as they are discarded 2020-06-12 10:13:07 +01:00
i915_gem.h drm/i915: Print caller when tainting for CI 2020-07-06 19:21:07 +01:00
i915_gem_evict.c drm/i915: Handle idling during i915_gem_evict_something busy loops 2020-05-13 14:39:41 -07:00
i915_gem_gtt.c drm/i915: Update dma-attributes for our sg DMA 2020-07-07 11:00:47 +01:00
i915_gem_gtt.h drm/i915: Remove PIN_UPDATE for i915_vma_pin 2020-05-21 17:33:51 +01:00
i915_getparam.c drm/i915/sseu: Move sseu_info under gt_info 2020-07-08 21:13:09 +01:00
i915_globals.c
i915_globals.h
i915_gpu_error.c drm/i915: Pull printing GT capabilities on error to err_print_gt 2020-07-10 22:06:35 +01:00
i915_gpu_error.h drm/i915: Move the engine mask to intel_gt_info 2020-07-08 21:07:11 +01:00
i915_ioc32.c i915 compat ioctl(): just use drm_ioctl_kernel() 2020-05-01 20:35:26 -04:00
i915_ioc32.h
i915_irq.c drm/i915/dg1: Remove SHPD_FILTER_CNT register programming 2020-07-14 02:47:20 -07:00
i915_irq.h
i915_memcpy.c
i915_memcpy.h
i915_mm.c mm: don't include asm/pgtable.h if linux/mm.h is already included 2020-06-09 09:39:13 -07:00
i915_params.c drm/i915: fix a couple of spelling mistakes in kernel parameter help text 2020-06-30 11:30:02 +03:00
i915_params.h drm/i915: Add psr_safest_params 2020-06-04 19:36:48 -07:00
i915_pci.c drm/i915/dg1: add initial DG-1 definitions 2020-07-14 02:47:17 -07:00
i915_perf.c drm/i915/perf: Use GTT when saving/restoring engine GPR 2020-07-10 10:20:34 +01:00
i915_perf.h
i915_perf_types.h
i915_pmu.c drm/i915/gt: Always report the sample time for busy-stats 2020-06-18 09:26:54 +01:00
i915_pmu.h
i915_priolist_types.h drm/i915/gt: Prevent timeslicing into unpreemptable requests 2020-06-16 11:34:23 +03:00
i915_pvinfo.h
i915_query.c drm/i915/sseu: Move sseu_info under gt_info 2020-07-08 21:13:09 +01:00
i915_query.h
i915_reg.h drm/i915/dg1: add support for the master unit interrupt 2020-07-14 02:47:19 -07:00
i915_request.c drm/i915: Skip signaling a signaled request 2020-07-13 17:57:54 +01:00
i915_request.h drm/i915: Mark up inline getters as taking a const i915_request 2020-06-16 21:13:58 +01:00
i915_scatterlist.c
i915_scatterlist.h
i915_scheduler.c drm/i915: Don't set queue-priority hint when supressing the reschedule 2020-05-25 15:40:26 +03:00
i915_scheduler.h drm/i915: Mark concurrent submissions with a weak-dependency 2020-05-11 10:54:04 -07:00
i915_scheduler_types.h drm/i915: Drop no-semaphore boosting 2020-05-14 06:14:33 +01:00
i915_selftest.h drm/i915/gem: Implement legacy MI_STORE_DATA_IMM 2020-05-04 15:15:04 +01:00
i915_suspend.c
i915_suspend.h
i915_sw_fence.c drm/i915: Tidy awaiting on dma-fences 2020-05-11 12:56:45 +01:00
i915_sw_fence.h
i915_sw_fence_work.c
i915_sw_fence_work.h
i915_switcheroo.c
i915_switcheroo.h
i915_syncmap.c
i915_syncmap.h
i915_sysfs.c
i915_sysfs.h
i915_trace.h drm/i915: Drop i915_request.i915 backpointer 2020-06-03 13:53:39 +01:00
i915_trace_points.c
i915_user_extensions.c
i915_user_extensions.h
i915_utils.c drm/i915: Don't taint when using fault injection 2020-07-06 19:21:07 +01:00
i915_utils.h drm/i915: Print caller when tainting for CI 2020-07-06 19:21:07 +01:00
i915_vgpu.c
i915_vgpu.h
i915_vma.c drm/i915: Export ppgtt_bind_vma 2020-07-03 15:14:35 +01:00
i915_vma.h drm/i915/gt: Remove local entries from GGTT on suspend 2020-05-28 16:55:15 +01:00
i915_vma_types.h drm/i915: Export ppgtt_bind_vma 2020-07-03 15:14:35 +01:00
intel_device_info.c drm/i915/dg1: add initial DG-1 definitions 2020-07-14 02:47:17 -07:00
intel_device_info.h drm/i915/dg1: add initial DG-1 definitions 2020-07-14 02:47:17 -07:00
intel_dram.c
intel_dram.h
intel_gvt.c drm/i915/params: switch to device specific parameters 2020-06-22 23:26:40 +03:00
intel_gvt.h
intel_memory_region.c
intel_memory_region.h
intel_pch.c drm/i915/dg1: Add fake PCH 2020-07-14 02:47:21 -07:00
intel_pch.h drm/i915/dg1: Add fake PCH 2020-07-14 02:47:21 -07:00
intel_pm.c drm/i915: Document FBC related w/as more thoroughly 2020-07-09 16:50:53 +03:00
intel_pm.h drm/i915: Fix includes and local vars order 2020-05-22 14:40:35 +01:00
intel_region_lmem.c drm/i915/params: switch to device specific parameters 2020-06-22 23:26:40 +03:00
intel_region_lmem.h
intel_runtime_pm.c Merge drm/drm-next into drm-intel-next-queued 2020-06-25 18:05:03 +03:00
intel_runtime_pm.h
intel_sideband.c drm/i915: Added required new PCode commands 2020-05-05 13:59:55 +03:00
intel_sideband.h
intel_uncore.c drm/i915: Move the engine mask to intel_gt_info 2020-07-08 21:07:11 +01:00
intel_uncore.h drm/i915: Use the gt in HAS_ENGINE 2020-07-08 21:07:09 +01:00
intel_wakeref.c
intel_wakeref.h
intel_wopcm.c drm/i915: Remove cnl pre-prod workarounds 2020-05-04 18:44:52 +03:00
intel_wopcm.h
Kconfig
Kconfig.debug
Kconfig.profile drm/i915: Replace the hardcoded I915_FENCE_TIMEOUT 2020-05-09 12:57:57 +01:00
Kconfig.unstable
Makefile drm/i915: Move sseu debugfs under gt/ 2020-07-08 21:40:15 +01:00
vlv_suspend.c
vlv_suspend.h