[PATCH 0/1] drm/i915: Debug potential GEM object UAF
Janusz Krzysztofik
janusz.krzysztofik at linux.intel.com
Fri Mar 10 13:03:18 UTC 2023
CI report on abort from igt at gem_exec_whisper@basic-fds-priority-all with
traces from drm_i915_gem_object poison overwritten and its kmem_cache list
node->next poisoned at the time of deletion from its list looks for me
like caused by GEM object use after free.
Trigger a bug and dump ftrace if a GEM object to be freed occurs not a
valid kmem object, both before we call_rcu() for its deletion and then
before we call kmem_cache_free().
Test with the subtest of interest placed at the top of BAT testlist to get
quick results from 100 runs on the broadest possible range of platforms.
Test-with: <20230309143610.59512-1-janusz.krzysztofik at linux.intel.com>
Janusz Krzysztofik (1):
drm/i915: Debug potential GEM object UAF
drivers/gpu/drm/i915/gem/i915_gem_object.c | 2 ++
drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 1 +
2 files changed, 3 insertions(+)
--
2.25.1
More information about the Intel-gfx-trybot
mailing list