Re: 答复: [PATCH] drm/amd/amdgpu: fix over-bound accessing in amdgpu_cs_wait_any_fence
Chunming Zhou
zhoucm1 at amd.com
Fri Nov 17 05:33:50 UTC 2017
On 2017年11月17日 13:31, He, Roger wrote:
> Theoretically, if first < fence_count, array[first] will not be NULL.
that's what I mean:
if (first < fence_count && array[first])
r = array[first]->error;
else
r = 0;
Regards,
David Zhou
>
> Hi Emily:
>
> do you remember the issue you fixed has same error log?
>
>
> Thanks
> Roger(Hongbo.He)
> -----Original Message-----
> From: Zhou, David(ChunMing)
> Sent: Friday, November 17, 2017 1:24 PM
> To: Qu, Jim <Jim.Qu at amd.com>; He, Roger <Hongbo.He at amd.com>; amd-gfx at lists.freedesktop.org
> Cc: Zhou, David(ChunMing) <David1.Zhou at amd.com>; Koenig, Christian <Christian.Koenig at amd.com>
> Subject: Re: 答复: [PATCH] drm/amd/amdgpu: fix over-bound accessing in amdgpu_cs_wait_any_fence
>
> Yes, As Jim pointed out, you lacks the array[] checking.
>
> you can just change to if (first < fence_count && array[first]), otherwise it's a good fix for regression.
>
>
> Regards,
>
> David Zhou
>
>
> On 2017年11月17日 13:16, Qu, Jim wrote:
>> Hi Roger:
>>
>> - if (array[first])
>> - r = array[first]->error;
>> - else
>> + if (first == ~0)
>> r = 0;
>> + else
>> + r = array[first]->error;
>>
>> // The patch looks like change original logic that miss to check array[first].
>>
>> Thanks
>> JimQu
>>
>> ________________________________________
>> 发件人: amd-gfx <amd-gfx-bounces at lists.freedesktop.org> 代表 Roger He <Hongbo.He at amd.com>
>> 发送时间: 2017年11月17日 13:04
>> 收件人: amd-gfx at lists.freedesktop.org
>> 抄送: Zhou, David(ChunMing); He, Roger; Koenig, Christian
>> 主题: [PATCH] drm/amd/amdgpu: fix over-bound accessing in amdgpu_cs_wait_any_fence
>>
>> fix the following issue:
>>
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.712090] Oops: 0000 [#2] SMP
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.712481] Modules linked in: amdgpu(OE) chash ttm(OE) drm_kms_helper(OE) drm(OE) i2c_algo_bit fb_sys_fops syscopyarea sysfillrect sysimgblt intel_rapl snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_hdmi coretemp snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm kvm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_seq_device snd_timer aesni_intel snd mei_me mei aes_x86_64 crypto_simd serio_raw eeepc_wmi glue_helper asus_wmi sparse_keymap cryptd soundcore shpchp wmi_bmof lpc_ich mac_hid tpm_infineon nfsd auth_rpcgss nfs_acl lockd parport_pc grace ppdev sunrpc lp parport autofs4 hid_generic usbhid ahci mxm_wmi r8169 libahci hid mii wmi video
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.715120] CPU: 1 PID: 1330 Comm: deqp-vk Tainted: G D OE 4.13.0-custom #1
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.715879] Hardware name: ASUS All Series/Z87-A, BIOS 1802 01/28/2014
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.716658] task: ffff9b7115728000 task.stack: ffffb178016e0000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.717494] RIP: 0010:amdgpu_cs_wait_fences_ioctl+0x20b/0x2e0 [amdgpu]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.718312] RSP: 0018:ffffb178016e3cb0 EFLAGS: 00010246
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.719270] RAX: 00000000ffffffff RBX: ffffb178016e3d90 RCX: 0000000000000000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.720247] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9b7116a1d8a8
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.721246] RBP: ffffb178016e3d00 R08: 00000000ffffffff R09: 0000000000000000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.722262] R10: 000000000000ed00 R11: ffffb178016e3d90 R12: ffff9b7116a1d8a8
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.723299] R13: ffff9b7000707020 R14: 0000000000000001 R15: 0000000000000000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.724358] FS: 00007f89f3af4740(0000) GS:ffff9b712ec80000(0000) knlGS:0000000000000000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.725447] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.726550] CR2: ffff9b7916a1d8a0 CR3: 000000022042e000 CR4: 00000000001406e0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.727687] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.728837] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.729992] Call Trace:
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.731193] ? amdgpu_cs_fence_to_handle_ioctl+0x1c0/0x1c0 [amdgpu]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.732406] drm_ioctl_kernel+0x69/0xb0 [drm]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.733626] drm_ioctl+0x2d2/0x390 [drm]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.734883] ? amdgpu_cs_fence_to_handle_ioctl+0x1c0/0x1c0 [amdgpu]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.736135] ? __do_fault+0x1e/0x70
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.737392] ? __handle_mm_fault+0x8ae/0x10f0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.738665] ? apparmor_mmap_file+0x18/0x20
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.739980] amdgpu_drm_ioctl+0x4c/0x80 [amdgpu]
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.741277] do_vfs_ioctl+0x96/0x5b0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.742582] ? handle_mm_fault+0xd3/0x1f0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.743899] ? sched_clock+0x9/0x10
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.745224] SyS_ioctl+0x79/0x90
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.746553] ? vtime_user_exit+0x29/0x70
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.747897] do_syscall_64+0x6e/0x160
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.749247] entry_SYSCALL64_slow_path+0x25/0x25
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.750614] RIP: 0033:0x7f89f1fdff07
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.751987] RSP: 002b:00007ffd4c6262d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.753407] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f89f1fdff07
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.754847] RDX: 00007ffd4c6263a0 RSI: 00000000c0186452 RDI: 0000000000000005
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.756302] RBP: 00007ffd4c626310 R08: 0000000000000001 R09: 00007ffd4c62642c
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.757768] R10: 000000000000edf2 R11: 0000000000000202 R12: 00007ffd4c6264b0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.759243] R13: 00000000000186a0 R14: 0000000000000000 R15: 00007ffd4c626700
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.760725] Code: ff ff ff e8 08 38 cd e6 eb e0 44 89 45 d4 44 89 c0 ba 01 00 00 00 48 c7 43 08 00 00 00 00 48 c7 43 10 00 00 00 00 89 13 89 43 04 <4b> 8b 04 c4 4c 63 78 58 eb a5 48 8b 4d b0 4c 8d 45 d4 ba 01 00
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.762416] RIP: amdgpu_cs_wait_fences_ioctl+0x20b/0x2e0 [amdgpu] RSP: ffffb178016e3cb0
>> Nov 15 17:40:25 jenkins-MS-7984 kernel: [ 146.764058] CR2: ffff9b7916a1d8a0
>>
>> Change-Id: I60d90d13dda69cd8aa6396f0246379f8390e3fb1
>> Signed-off-by: Roger He <Hongbo.He at amd.com>
>> ---
>> drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 6 +++---
>> 1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> index ee77364..ad00f01 100644
>> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
>> @@ -1503,10 +1503,10 @@ static int amdgpu_cs_wait_any_fence(struct amdgpu_device *adev,
>> wait->out.status = (r > 0);
>> wait->out.first_signaled = first;
>>
>> - if (array[first])
>> - r = array[first]->error;
>> - else
>> + if (first == ~0)
>> r = 0;
>> + else
>> + r = array[first]->error;
>>
>> err_free_fence_array:
>> for (i = 0; i < fence_count; i++)
>> --
>> 2.7.4
>>
>> _______________________________________________
>> amd-gfx mailing list
>> amd-gfx at lists.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/amd-gfx
More information about the amd-gfx
mailing list