Frédéric Pierret
2020-Feb-08 19:43 UTC
[Nouveau] [PATCH] nv50_disp_chan_mthd: ensure mthd is not NULL
Pointer to structure array is assumed not NULL by default. It has the consequence to raise a kernel panic when it's not the case. Basically, running at least a RTX2080TI on Xen makes a bad mmio error which causes having 'mthd' pointer to be NULL in 'channv50.c'. From the code, it's assumed to be not NULL by accessing directly 'mthd->data[0]' which is the reason of the kernel panic. Simply check if the pointer is not NULL before continuing. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206299 Cc: stable at vger.kernel.org Signed-off-by: Fr?d?ric Pierret (fepitre) <frederic.pierret at qubes-os.org> --- drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c index bcf32d92ee5a..50e3539f33d2 100644 --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c @@ -74,6 +74,8 @@ nv50_disp_chan_mthd(struct nv50_disp_chan *chan, int debug) if (debug > subdev->debug) return; + if (!mthd) + return; for (i = 0; (list = mthd->data[i].mthd) != NULL; i++) { u32 base = chan->head * mthd->addr; -- 2.21.0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20200208/40a89103/attachment.sig>
Frédéric Pierret
2020-Feb-20 17:19 UTC
[Nouveau] [PATCH] nv50_disp_chan_mthd: ensure mthd is not NULL
Hi, Is anything missing here? How can I get this merged? Best regards, Fr?d?ric Pierret On 2020-02-08 20:43, Fr?d?ric Pierret wrote:> Pointer to structure array is assumed not NULL by default. It has > the consequence to raise a kernel panic when it's not the case. > > Basically, running at least a RTX2080TI on Xen makes a bad mmio error > which causes having 'mthd' pointer to be NULL in 'channv50.c'. From the > code, it's assumed to be not NULL by accessing directly 'mthd->data[0]' > which is the reason of the kernel panic. Simply check if the pointer > is not NULL before continuing. > > BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206299 > Cc: stable at vger.kernel.org > Signed-off-by: Fr?d?ric Pierret (fepitre) <frederic.pierret at qubes-os.org> > --- > drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > index bcf32d92ee5a..50e3539f33d2 100644 > --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > @@ -74,6 +74,8 @@ nv50_disp_chan_mthd(struct nv50_disp_chan *chan, int debug) > > if (debug > subdev->debug) > return; > + if (!mthd) > + return; > > for (i = 0; (list = mthd->data[i].mthd) != NULL; i++) { > u32 base = chan->head * mthd->addr; >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <https://lists.freedesktop.org/archives/nouveau/attachments/20200220/04ffb106/attachment.sig>
Ilia Mirkin
2020-Feb-20 17:32 UTC
[Nouveau] [PATCH] nv50_disp_chan_mthd: ensure mthd is not NULL
Hi Fr?d?ric, It appears Ben made his own version of this patch (probably based on the one you added to the kernel bz), and it's already upstream: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.6-rc2&id=0e6176c6d286316e9431b4f695940cfac4ffe6c2 Cheers, -ilia On Thu, Feb 20, 2020 at 12:19 PM Fr?d?ric Pierret <frederic.pierret at qubes-os.org> wrote:> > Hi, > Is anything missing here? How can I get this merged? > > Best regards, > Fr?d?ric Pierret > > On 2020-02-08 20:43, Fr?d?ric Pierret wrote: > > Pointer to structure array is assumed not NULL by default. It has > > the consequence to raise a kernel panic when it's not the case. > > > > Basically, running at least a RTX2080TI on Xen makes a bad mmio error > > which causes having 'mthd' pointer to be NULL in 'channv50.c'. From the > > code, it's assumed to be not NULL by accessing directly 'mthd->data[0]' > > which is the reason of the kernel panic. Simply check if the pointer > > is not NULL before continuing. > > > > BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206299 > > Cc: stable at vger.kernel.org > > Signed-off-by: Fr?d?ric Pierret (fepitre) <frederic.pierret at qubes-os.org> > > --- > > drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > > index bcf32d92ee5a..50e3539f33d2 100644 > > --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > > +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/channv50.c > > @@ -74,6 +74,8 @@ nv50_disp_chan_mthd(struct nv50_disp_chan *chan, int debug) > > > > if (debug > subdev->debug) > > return; > > + if (!mthd) > > + return; > > > > for (i = 0; (list = mthd->data[i].mthd) != NULL; i++) { > > u32 base = chan->head * mthd->addr; > > > > _______________________________________________ > Nouveau mailing list > Nouveau at lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/nouveau
Possibly Parallel Threads
- [PATCH] nv50_disp_chan_mthd: ensure mthd is not NULL
- nv50_disp_chan_mthd: ensure mthd is not NULL
- nv50_disp_chan_mthd: ensure mthd is not NULL
- [PATCH] nv50_disp_chan_mthd: ensure mthd is not NULL
- [PATCH][next] drm/nouveau/disp: avoid potential overflow on shift of int value