Displaying 20 results from an estimated 3000 matches similar to: "Nouveau dmem NULL Pointer deref (SVM)"
2019 Mar 21
2
Nouveau dmem NULL Pointer deref (SVM)
On 21.03.19 18:12, Jerome Glisse wrote:
> On Thu, Mar 21, 2019 at 04:59:14PM +0100, Tobias Klausmann wrote:
>> Hi,
>>
>> just for your information and maybe for some help: with 5.1rc1 and SVM
>> enabled i see the following backtrace [1] when the nouveau card (reverse
>> prime) goes to sleep, for now i have papered over with [2] which leaves me
>> with
2020 Apr 21
2
[PATCH] nouveau/hmm: fix nouveau_dmem_chunk allocations
In nouveau_dmem_init(), a number of struct nouveau_dmem_chunk are allocated
and put on the dmem->chunk_empty list. Then in nouveau_dmem_pages_alloc(),
a nouveau_dmem_chunk is removed from the list and GPU memory is allocated.
However, the nouveau_dmem_chunk is never removed from the chunk_empty
list nor placed on the chunk_free or chunk_full lists. This results
in only one chunk ever being
2019 Jun 14
3
[PATCH] drm/nouveau/dmem: missing mutex_lock in error path
In nouveau_dmem_pages_alloc(), the drm->dmem->mutex is unlocked before
calling nouveau_dmem_chunk_alloc().
Reacquire the lock before continuing to the next page.
Signed-off-by: Ralph Campbell <rcampbell at nvidia.com>
---
I found this while testing Jason Gunthorpe's hmm tree but this is
independant of those changes. I guess it could go through
David Airlie's tree for nouveau
2019 Feb 22
1
[PATCH] drm/nouveau/dmem: Fix a NULL vs IS_ERR() check
The hmm_devmem_add() function doesn't return NULL, it returns error
pointers.
Fixes: 5be73b690875 ("drm/nouveau/dmem: device memory helpers for SVM")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
---
drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_dmem.c
2023 Aug 05
1
[PATCH drm-misc-next] nouveau/dmem: fix copy-paste error in nouveau_dmem_migrate_chunk()
Fix call to nouveau_fence_emit() with wrong channel parameter.
Fixes: 7f2a0b50b2b2 ("drm/nouveau: fence: separate fence alloc and emit")
Signed-off-by: Danilo Krummrich <dakr at redhat.com>
---
drivers/gpu/drm/nouveau/nouveau_dmem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_dmem.c b/drivers/gpu/drm/nouveau/nouveau_dmem.c
2024 Oct 08
3
[PATCH v4 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration
From: Yonatan Maman <Ymaman at Nvidia.com>
This patch series addresses two critical issues in the Nouveau driver
related to device channels, error handling, and sensitive data leaks.
- Vulnerability in migrate_to_ram: The migrate_to_ram function might
return a dirty HIGH_USER page when a copy push command (FW channel)
fails, potentially exposing sensitive data and posing a security
2024 Mar 06
1
[PATCH v3] nouveau/dmem: handle kcalloc() allocation failure
The kcalloc() in nouveau_dmem_evict_chunk() will return null if
the physical memory has run out. As a result, if we dereference
src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs
will happen.
Moreover, the GPU is going away. If the kcalloc() fails, we could not
evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL
flag in kcalloc().
Finally, as there is no need to
2024 Oct 08
2
[PATCH v3 0/2] drm/nouveau/dmem: Fix Vulnerability and Device Channels configuration
From: Yonatan Maman <Ymaman at Nvidia.com>
This patch series addresses two critical issues in the Nouveau driver
related to device channels, error handling, and sensitive data leaks.
- Vulnerability in migrate_to_ram: The migrate_to_ram function might
return a dirty HIGH_USER page when a copy push command (FW channel)
fails, potentially exposing sensitive data and posing a security
2024 Oct 15
5
[PATCH v1 0/4] GPU Direct RDMA (P2P DMA) for Device Private Pages
From: Yonatan Maman <Ymaman at Nvidia.com>
This patch series aims to enable Peer-to-Peer (P2P) DMA access in
GPU-centric applications that utilize RDMA and private device pages. This
enhancement is crucial for minimizing data transfer overhead by allowing
the GPU to directly expose device private page data to devices such as
NICs, eliminating the need to traverse system RAM, which is the
2019 Mar 21
0
Nouveau dmem NULL Pointer deref (SVM)
On Thu, Mar 21, 2019 at 04:59:14PM +0100, Tobias Klausmann wrote:
> Hi,
>
> just for your information and maybe for some help: with 5.1rc1 and SVM
> enabled i see the following backtrace [1] when the nouveau card (reverse
> prime) goes to sleep, for now i have papered over with [2] which leaves me
> with userspace hangs. Any pointers where to look for the actual culprit?
>
2019 Feb 21
1
[PATCH -next] drm/nouveau/dmem: remove set but not used variable 'drm'
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/gpu/drm/nouveau/nouveau_dmem.c: In function 'nouveau_dmem_free':
drivers/gpu/drm/nouveau/nouveau_dmem.c:103:22: warning:
variable 'drm' set but not used [-Wunused-but-set-variable]
struct nouveau_drm *drm;
^
Signed-off-by: YueHaibing <yuehaibing at huawei.com>
---
2024 Sep 23
1
[PATCH 2/2] nouveau/dmem: Fix memory leak in `migrate_to_ram` upon copy error
A copy push command might fail, causing `migrate_to_ram` to return a
dirty HIGH_USER page to the user.
This exposes a security vulnerability in the nouveau driver. To prevent
memory leaks in `migrate_to_ram` upon a copy error, allocate a zero
page for the destination page.
Signed-off-by: Yonatan Maman <Ymaman at Nvidia.com>
Signed-off-by: Gal Shalom <GalShalom at Nvidia.com>
---
2019 Aug 08
10
turn hmm migrate_vma upside down v2
Hi Jérôme, Ben and Jason,
below is a series against the hmm tree which starts revamping the
migrate_vma functionality. The prime idea is to export three slightly
lower level functions and thus avoid the need for migrate_vma_ops
callbacks.
Diffstat:
5 files changed, 281 insertions(+), 607 deletions(-)
A git tree is also available at:
git://git.infradead.org/users/hch/misc.git
2020 Jun 23
2
[RESEND PATCH 1/3] nouveau: fix migrate page regression
On 2020-06-22 16:38, Ralph Campbell wrote:
> The patch to add zero page migration to GPU memory inadvertantly included
inadvertently
> part of a future change which broke normal page migration to GPU memory
> by copying too much data and corrupting GPU memory.
> Fix this by only copying one page instead of a byte count.
>
> Fixes: 9d4296a7d4b3 ("drm/nouveau/nouveau/hmm:
2020 Mar 16
4
ensure device private pages have an owner
When acting on device private mappings a driver needs to know if the
device (or other entity in case of kvmppc) actually owns this private
mapping. This series adds an owner field and converts the migrate_vma
code over to check it. I looked into doing the same for
hmm_range_fault, but as far as I can tell that code has never been
wired up to actually work for device private memory, so instead of
2020 Mar 16
14
ensure device private pages have an owner v2
When acting on device private mappings a driver needs to know if the
device (or other entity in case of kvmppc) actually owns this private
mapping. This series adds an owner field and converts the migrate_vma
code over to check it. I looked into doing the same for
hmm_range_fault, but as far as I can tell that code has never been
wired up to actually work for device private memory, so instead of
2019 Jul 29
24
turn the hmm migrate_vma upside down
Hi Jérôme, Ben and Jason,
below is a series against the hmm tree which starts revamping the
migrate_vma functionality. The prime idea is to export three slightly
lower level functions and thus avoid the need for migrate_vma_ops
callbacks.
Diffstat:
4 files changed, 285 insertions(+), 602 deletions(-)
A git tree is also available at:
git://git.infradead.org/users/hch/misc.git
2019 Jun 14
1
[PATCH] drm/nouveau/dmem: missing mutex_lock in error path
On 6/13/19 5:49 PM, John Hubbard wrote:
> On 6/13/19 5:11 PM, Ralph Campbell wrote:
>> In nouveau_dmem_pages_alloc(), the drm->dmem->mutex is unlocked before
>> calling nouveau_dmem_chunk_alloc().
>> Reacquire the lock before continuing to the next page.
>>
>> Signed-off-by: Ralph Campbell <rcampbell at nvidia.com>
>> ---
>>
>> I found
2019 Jun 17
34
dev_pagemap related cleanups v2
Hi Dan, Jérôme and Jason,
below is a series that cleans up the dev_pagemap interface so that
it is more easily usable, which removes the need to wrap it in hmm
and thus allowing to kill a lot of code
Note: this series is on top of the rdma/hmm branch + the dev_pagemap
releas fix series from Dan that went into 5.2-rc5.
Git tree:
git://git.infradead.org/users/hch/misc.git
2020 Jun 22
7
[RESEND PATCH 0/3] nouveau: fixes for SVM
These are based on 5.8.0-rc2 and intended for Ben Skeggs' nouveau tree.
I believe the changes can be queued for 5.8-rcX after being reviewed.
These were part of a larger series but I'm resending them separately as
suggested by Jason Gunthorpe.
https://lore.kernel.org/linux-mm/20200619215649.32297-1-rcampbell at nvidia.com/
Note that in order to exercise/test patch 2 here, you will need a