KASAN splat in vmwgfx driver
Chuck Lever III
chuck.lever at oracle.com
Wed Mar 16 00:45:44 UTC 2022
For a kernel development project I'm working on, I'm using
Linux in a VMware guest. After kernel v5.16.2, I noticed
this KASAN splat:
Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: vgaarb: deactivate vga console
Mar 15 14:50:39 oracle-102.nfsv4.dev kernel: Console: switching to colour dummy device 80x25
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: [TTM] Zone kernel: Available graphics memory: 2027952 KiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] FIFO at 0x00000000fe000000 size is 8192 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] VRAM at 0x00000000e8000000 size is 131072 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Running on SVGA version 2.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] DMA map mode: Caching DMA mappings.
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Legacy memory limits: VRAM = 4096 kB, FIFO = 256 kB, surface = 0 kB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] MOB limits: max mob size = 1048576 kB, max mob pages = 2097152
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Capabilities: rect copy, cursor, cursor bypass, cursor bypass 2, 8bit e>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Capabilities2: grow otable, intra surface copy, dx2, gb memsize 2, scre>
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max GMR ids is 64
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Max number of GMR pages is 65536
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Maximum display memory size is 262144 kiB
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Screen Target display unit initialized
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: vmwgfx 0000:00:0f.0: [drm] Fifo max 0x00040000 min 0x00001000 cap 0x0000077f
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: ==================================================================
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: BUG: KASAN: slab-out-of-bounds in vmw_query_move_notify+0x206/0x230 [vmwgfx]
Mar 15 14:50:40 oracle-102.nfsv4.dev kernel: Read of size 8 at addr ffff88813101a1c8 by task systemd-udevd/405
Bisected to f6be23264bba ("drm/vmwgfx: Introduce a new placement for MOB page tables")
I don't see an obvious fix for this issue in the stream of
subsequent commits.
--
Chuck Lever
More information about the dri-devel
mailing list