[PATCH] drm/i915/gvt: Fix an error reported by KASAN

Thu Oct 26 03:06:37 UTC 2017

On 2017.10.23 15:37:03 +0800, Zhi Wang wrote:
> The error message is:
> 
> [   10.103977] ==================================================================
> [   10.104899] BUG: KASAN: stack-out-of-bounds in find_first_bit+0xa8/0xc0
> [   10.104899] Read of size 8 at addr ffff88079259f910 by task swapper/0/1
> 
> [   10.104899] CPU: 5 PID: 1 Comm: swapper/0 Not tainted 4.14.0-rc5+ #188
> [   10.104899] Hardware name:                  /NUC6i7KYB, BIOS KYSKLi70.86A.0045.2017.0314.1601 03/14/2017
> [   10.104899] Call Trace:
> [   10.104899]  dump_stack+0x67/0x99
> [   10.104899]  print_address_description+0x7c/0x290
> [   10.104899]  ? find_first_bit+0xa8/0xc0
> [   10.104899]  kasan_report+0x26e/0x350
> [   10.104899]  __asan_report_load8_noabort+0x19/0x20
> [   10.104899]  find_first_bit+0xa8/0xc0
> [   10.104899]  intel_gvt_init_cmd_parser+0x197/0x740
> [   10.104899]  ? intel_gvt_clean_cmd_parser+0x10/0x10
> [   10.104899]  ? tbs_sched_init+0xab/0x190
> [   10.104899]  intel_gvt_init_device+0x4db/0xba0
> [   10.104899]  intel_gvt_init+0x118/0x1e0
> [   10.104899]  i915_driver_load+0x1c73/0x2390
> [   10.104899]  ? __i915_printk+0x2a0/0x2a0
> [   10.104899]  ? lock_downgrade+0x670/0x670
> [   10.104899]  ? __pm_runtime_resume+0x6e/0x100
> [   10.104899]  ? _raw_spin_unlock_irqrestore+0x57/0x70
> [   10.104899]  ? __pm_runtime_resume+0x89/0x100
> [   10.104899]  ? preempt_count_sub+0xfd/0x1c0
> [   10.104899]  i915_pci_probe+0xd9/0x1c0
> [   10.104899]  pci_device_probe+0x1be/0x3a0
> [   10.104899]  driver_probe_device+0x464/0xc60
> [   10.104899]  ? driver_probe_device+0xc60/0xc60
> [   10.104899]  __driver_attach+0x185/0x1e0
> [   10.104899]  bus_for_each_dev+0x11f/0x1a0
> [   10.104899]  ? kset_create_and_add+0x170/0x170
> [   10.104899]  ? subsys_dev_iter_exit+0x10/0x10
> [   10.104899]  ? preempt_count_sub+0xfd/0x1c0
> [   10.104899]  ? _raw_spin_unlock+0x31/0x50
> [   10.104899]  driver_attach+0x3d/0x50
> [   10.104899]  bus_add_driver+0x49a/0x730
> [   10.104899]  ? mipi_dsi_bus_init+0x17/0x17
> [   10.104899]  ? mipi_dsi_bus_init+0x17/0x17
> [   10.104899]  driver_register+0x18c/0x3b0
> [   10.104899]  ? __raw_spin_lock_init+0x32/0x100
> [   10.104899]  __pci_register_driver+0x18c/0x240
> [   10.104899]  i915_init+0xc4/0xc9
> [   10.104899]  do_one_initcall+0x91/0x210
> [   10.104899]  ? initcall_blacklisted+0x160/0x160
> [   10.104899]  kernel_init_freeable+0x416/0x4a3
> [   10.104899]  ? rest_init+0x250/0x250
> [   10.104899]  kernel_init+0x13/0x120
> [   10.104899]  ? rest_init+0x250/0x250
> [   10.104899]  ret_from_fork+0x27/0x40
> 
> Signed-off-by: Zhi Wang <zhi.a.wang at intel.com>
> ---
>  drivers/gpu/drm/i915/gvt/cmd_parser.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/i915/gvt/cmd_parser.c b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> index 8c8514e..957467d 100644
> --- a/drivers/gpu/drm/i915/gvt/cmd_parser.c
> +++ b/drivers/gpu/drm/i915/gvt/cmd_parser.c
> @@ -2805,7 +2805,7 @@ int intel_gvt_scan_and_shadow_wa_ctx(struct intel_shadow_wa_ctx *wa_ctx)
>  }
>  
>  static struct cmd_info *find_cmd_entry_any_ring(struct intel_gvt *gvt,
> -		unsigned int opcode, int rings)
> +		unsigned int opcode, unsigned long rings)
>  {

Looks only user is for uint16_t (btw, need to use kernel type u16) and
why cast to "unsigned long" later?

>  	struct cmd_info *info = NULL;
>  	unsigned int ring;
> -- 
> 2.7.4
> 
> _______________________________________________
> intel-gvt-dev mailing list
> intel-gvt-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/intel-gvt-dev

-- 
Open Source Technology Center, Intel ltd.

$gpg --keyserver wwwkeys.pgp.net --recv-keys 4D781827
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/intel-gvt-dev/attachments/20171026/3519f98e/attachment.sig>