Re: [PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.

2022-05-23 Thread Alex Deucher 
On Sun, May 22, 2022 at 8:32 PM Dave Airlie  wrote:
>
> From: Dave Airlie 
>
> Submitting a cs with 0 chunks, causes an oops later, found trying
> to execute the wrong userspace driver.
>
> MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo
>
> [172536.665184] BUG: kernel NULL pointer dereference, address: 
> 01d8
> [172536.665188] #PF: supervisor read access in kernel mode
> [172536.665189] #PF: error_code(0x) - not-present page
> [172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
> [172536.665195] Oops:  [#1] SMP NOPTI
> [172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P   O  
> 5.10.81 #1-NixOS
> [172536.665199] Hardware name: To be filled by O.E.M. To be filled by 
> O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
> [172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
> [172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 
> 68 49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 
> 83 ba d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
> [172536.665276] RSP: 0018:b47c0e81bbe0 EFLAGS: 00010246
> [172536.665277] RAX:  RBX:  RCX: 
> 
> [172536.665278] RDX:  RSI: b47c0e81be28 RDI: 
> b47c0e81bd68
> [172536.665279] RBP: 936524080010 R08:  R09: 
> b47c0e81be38
> [172536.665281] R10: 936524080010 R11: 93652408 R12: 
> b47c0e81bc40
> [172536.665282] R13: b47c0e81be28 R14: 9367bc41 R15: 
> b47c0e81be28
> [172536.665283] FS:  7fe35e05d740() GS:936c1edc() 
> knlGS:
> [172536.665284] CS:  0010 DS:  ES:  CR0: 80050033
> [172536.665286] CR2: 01d8 CR3: 000532e46000 CR4: 
> 000406e0
> [172536.665287] Call Trace:
> [172536.665322]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
> [172536.665332]  drm_ioctl_kernel+0xaa/0xf0 [drm]
> [172536.665338]  drm_ioctl+0x201/0x3b0 [drm]
> [172536.665369]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
> [172536.665372]  ? selinux_file_ioctl+0x135/0x230
> [172536.665399]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
> [172536.665403]  __x64_sys_ioctl+0x83/0xb0
> [172536.665406]  do_syscall_64+0x33/0x40
> [172536.665409]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
> Reported-by: Michael Bishop
> Signed-off-by: Dave Airlie 
> Cc: sta...@vger.kernel.org

Reviewed-by: Alex Deucher 

And applied.

Alex


> ---
>  drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c 
> b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> index d0d0ea565e3d..2019622191b5 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
> @@ -116,7 +116,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser 
> *p, union drm_amdgpu_cs
> int ret;
>
> if (cs->in.num_chunks == 0)
> -   return 0;
> +   return -EINVAL;
>
> chunk_array = kvmalloc_array(cs->in.num_chunks, sizeof(uint64_t), 
> GFP_KERNEL);
> if (!chunk_array)
> --
> 2.35.3
>

[PATCH] drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.

2022-05-22 Thread Dave Airlie 
From: Dave Airlie 

Submitting a cs with 0 chunks, causes an oops later, found trying
to execute the wrong userspace driver.

MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo

[172536.665184] BUG: kernel NULL pointer dereference, address: 01d8
[172536.665188] #PF: supervisor read access in kernel mode
[172536.665189] #PF: error_code(0x) - not-present page
[172536.665191] PGD 6712a0067 P4D 6712a0067 PUD 5af9ff067 PMD 0
[172536.665195] Oops:  [#1] SMP NOPTI
[172536.665197] CPU: 7 PID: 2769838 Comm: glxinfo Tainted: P   O  
5.10.81 #1-NixOS
[172536.665199] Hardware name: To be filled by O.E.M. To be filled by 
O.E.M./CROSSHAIR V FORMULA-Z, BIOS 2201 03/23/2015
[172536.665272] RIP: 0010:amdgpu_cs_ioctl+0x96/0x1ce0 [amdgpu]
[172536.665274] Code: 75 18 00 00 4c 8b b2 88 00 00 00 8b 46 08 48 89 54 24 68 
49 89 f7 4c 89 5c 24 60 31 d2 4c 89 74 24 30 85 c0 0f 85 c0 01 00 00 <48> 83 ba 
d8 01 00 00 00 48 8b b4 24 90 00 00 00 74 16 48 8b 46 10
[172536.665276] RSP: 0018:b47c0e81bbe0 EFLAGS: 00010246
[172536.665277] RAX:  RBX:  RCX: 

[172536.665278] RDX:  RSI: b47c0e81be28 RDI: 
b47c0e81bd68
[172536.665279] RBP: 936524080010 R08:  R09: 
b47c0e81be38
[172536.665281] R10: 936524080010 R11: 93652408 R12: 
b47c0e81bc40
[172536.665282] R13: b47c0e81be28 R14: 9367bc41 R15: 
b47c0e81be28
[172536.665283] FS:  7fe35e05d740() GS:936c1edc() 
knlGS:
[172536.665284] CS:  0010 DS:  ES:  CR0: 80050033
[172536.665286] CR2: 01d8 CR3: 000532e46000 CR4: 
000406e0
[172536.665287] Call Trace:
[172536.665322]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665332]  drm_ioctl_kernel+0xaa/0xf0 [drm]
[172536.665338]  drm_ioctl+0x201/0x3b0 [drm]
[172536.665369]  ? amdgpu_cs_find_mapping+0x110/0x110 [amdgpu]
[172536.665372]  ? selinux_file_ioctl+0x135/0x230
[172536.665399]  amdgpu_drm_ioctl+0x49/0x80 [amdgpu]
[172536.665403]  __x64_sys_ioctl+0x83/0xb0
[172536.665406]  do_syscall_64+0x33/0x40
[172536.665409]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2018
Reported-by: Michael Bishop
Signed-off-by: Dave Airlie 
Cc: sta...@vger.kernel.org
---
 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c 
b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
index d0d0ea565e3d..2019622191b5 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
@@ -116,7 +116,7 @@ static int amdgpu_cs_parser_init(struct amdgpu_cs_parser 
*p, union drm_amdgpu_cs
int ret;
 
if (cs->in.num_chunks == 0)
-   return 0;
+   return -EINVAL;
 
chunk_array = kvmalloc_array(cs->in.num_chunks, sizeof(uint64_t), 
GFP_KERNEL);
if (!chunk_array)
-- 
2.35.3