This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain (or other memory restricted domain) that results in a null-pointer dereference.
One of the original fixes was already backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
Sushma Kalakota (3): drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor
drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-)
From: Jon Derrick jonathan.derrick@intel.com
commit 307a312df9c43fdea286ad17f748aaf777cc434a upstream
This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain that results in a null-pointer dereference.
Check bar1's new vmm creation return value for errors.
Signed-off-by: Jon Derrick jonathan.derrick@intel.com Signed-off-by: Ben Skeggs bskeggs@redhat.com Signed-off-by: Sushma Kalakota sushmax.kalakota@intel.com --- drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c index 38c9c086754b..f23a0ccc2bec 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c @@ -174,6 +174,8 @@ nv50_bar_oneinit(struct nvkm_bar *base)
ret = nvkm_vmm_new(device, start, limit-- - start, NULL, 0, &bar1_lock, "bar1", &bar->bar1_vmm); + if (ret) + return ret;
atomic_inc(&bar->bar1_vmm->engref[NVKM_SUBDEV_BAR]); bar->bar1_vmm->debug = bar->base.subdev.debug;
From: Jon Derrick jonathan.derrick@intel.com
commit 12e08beb32d64b6070b718630490db83dd321c8c upstream
This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain that results in a null-pointer dereference
If the BAR is zero size, it indicates it was never successfully mapped. Ensure that the BAR is valid during initialization before attempting to use it.
Signed-off-by: Jon Derrick jonathan.derrick@intel.com Signed-off-by: Ben Skeggs bskeggs@redhat.com Signed-off-by: Sushma Kalakota sushmax.kalakota@intel.com --- drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c index a3ba7f50198b..a3dcb09a40ee 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c @@ -94,6 +94,8 @@ gf100_bar_oneinit_bar(struct gf100_bar *bar, struct gf100_barN *bar_vm, return ret;
bar_len = device->func->resource_size(device, bar_nr); + if (!bar_len) + return -ENOMEM; if (bar_nr == 3 && bar->bar2_halve) bar_len >>= 1;
From: Jon Derrick jonathan.derrick@intel.com
commit 15516bf9abaa41421a6ded79a5a2fee86f9594e5 upstream
This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain that results in a null-pointer dereference.
If the BAR initialization failed it may leave the vmm structure in an unitialized state, leading to a null-pointer-dereference when the vmm is dereferenced during teardown.
Signed-off-by: Jon Derrick jonathan.derrick@intel.com Signed-off-by: Ben Skeggs bskeggs@redhat.com Signed-off-by: Sushma Kalakota sushmax.kalakota@intel.com --- drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c index 7459def78d50..5f8b8b399b97 100644 --- a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c +++ b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c @@ -1423,7 +1423,7 @@ nvkm_vmm_get(struct nvkm_vmm *vmm, u8 page, u64 size, struct nvkm_vma **pvma) void nvkm_vmm_part(struct nvkm_vmm *vmm, struct nvkm_memory *inst) { - if (inst && vmm->func->part) { + if (inst && vmm && vmm->func->part) { mutex_lock(&vmm->mutex); vmm->func->part(vmm, inst); mutex_unlock(&vmm->mutex);
On Tue, Jan 21, 2020 at 01:28:25PM -0700, Sushma Kalakota wrote:
This fix is a case where a nv50 or gf100 graphics card is used on a VMD Domain (or other memory restricted domain) that results in a null-pointer dereference.
One of the original fixes was already backported: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=l...
Sushma Kalakota (3): drm/nouveau/bar/nv50: check bar1 vmm return value drm/nouveau/bar/gf100: ensure BAR is mapped drm/nouveau/mmu: qualify vmm during dtor
drivers/gpu/drm/nouveau/nvkm/subdev/bar/gf100.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/bar/nv50.c | 2 ++ drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +- 3 files changed, 5 insertions(+), 1 deletion(-)
All now queued up, thanks!
greg k-h
linux-stable-mirror@lists.linaro.org
-
Greg KH -
Sushma Kalakota