[PATCH] drm/xe/vm: Avoid reserving zero fences
Matthew Auld
matthew.auld at intel.com
Thu Feb 8 18:19:42 UTC 2024
On 08/02/2024 15:19, Thomas Hellström wrote:
> On Thu, 2024-02-08 at 15:05 +0000, Matthew Auld wrote:
>> On 08/02/2024 13:21, Thomas Hellström wrote:
>>> The function xe_vm_prepare_vma was blindly accepting zero as the
>>> number of fences and forwarded that to drm_exec_prepare_obj.
>>>
>>> However, that leads to an out-of-bounds shift in the
>>> dma_resv_reserve_fences() and while one could argue that the
>>> dma_resv code should be robust against that, avoid attempting
>>> to reserve zero fences.
>>>
>>> Relevant stack trace:
>>>
>>> [773.183188] ------------[ cut here ]------------
>>> [773.183199] UBSAN: shift-out-of-bounds in
>>> ../include/linux/log2.h:57:13
>>> [773.183241] shift exponent 64 is too large for 64-bit type 'long
>>> unsigned int'
>>> [773.183254] CPU: 2 PID: 1816 Comm: xe_evict Tainted: G
>>> U 6.8.0-rc3-xe #1
>>> [773.183256] Hardware name: ASUS System Product Name/PRIME Z690-P
>>> D4, BIOS 2014 10/14/2022
>>> [773.183257] Call Trace:
>>> [773.183258] <TASK>
>>> [773.183260] dump_stack_lvl+0xaf/0xd0
>>> [773.183266] dump_stack+0x10/0x20
>>> [773.183283] ubsan_epilogue+0x9/0x40
>>> [773.183286] __ubsan_handle_shift_out_of_bounds+0x10f/0x170
>>> [773.183293] dma_resv_reserve_fences.cold+0x2b/0x48
>>> [773.183295] ? ww_mutex_lock+0x3c/0x110
>>> [773.183301] drm_exec_prepare_obj+0x45/0x60 [drm_exec]
>>> [773.183313] xe_vm_prepare_vma+0x33/0x70 [xe]
>>> [773.183375] xe_vma_destroy_unlocked+0x55/0xa0 [xe]
>>> [773.183427] xe_vm_close_and_put+0x526/0x940 [xe]
>>>
>>> Fixes: 2714d5093620 ("drm/xe: Convert pagefaulting code to use
>>> drm_exec")
>>> Cc: Thomas Hellström <thomas.hellstrom at linux.intel.com>
>>> Cc: Matthew Brost <matthew.brost at intel.com>
>>> Cc: Rodrigo Vivi <rodrigo.vivi at intel.com>
>>> Signed-off-by: Thomas Hellström <thomas.hellstrom at linux.intel.com>
>> Reviewed-by: Matthew Auld <matthew.auld at intel.com>
>
> Thanks, Matthew
> What happened to your dma-resv patch you had for this?
I don't recall any dma-resv patch, or am I misremembering? :)
>
>
> /Thomas
More information about the Intel-xe
mailing list