Re: [vbox-dev] [PATCH] additons/linux/drm: Fix NULL pointer dereference kernel oops on kernel 4.10+
On Mittwoch, 31. Mai 2017 21:50:04 CEST Michael Thayer wrote:
> 17.05.2017 13:42, Hans de Goede wrote:
> > The vboxvideo causes a NULL pointer dereference inside the kernel on
> > kernel 4.10+ when ttm needs to make room in the video memory and tries
> > to evict things.
> >
> > This is caused by upstream kernel commit a2ab19fed9d1 ("drm/ttm: make
> > eviction decision a driver callback v2") introducing a new
> > eviction_valuable callback which the vboxvideo driver does not define:
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=a2ab19fed9d1dc5a7a2ced44f4b289885c522a8f
> >
> > This commit adds a definition for this callback, fixing the crash.
> >
> > Signed-off-by: Hans de Goede
> [...]
>
> Thanks Hans, committed! Updated slightly for a similar problem with
> 4.11 and later:
>
> Index: src/VBox/Additions/linux/drm/vbox_ttm.c
> ===
> --- src/VBox/Additions/linux/drm/vbox_ttm.c (revision 115843)
> +++ src/VBox/Additions/linux/drm/vbox_ttm.c (working copy)
> @@ -262,11 +262,17 @@
> .ttm_tt_populate = vbox_ttm_tt_populate,
> .ttm_tt_unpopulate = vbox_ttm_tt_unpopulate,
> .init_mem_type = vbox_bo_init_mem_type,
> +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
> +.eviction_valuable = ttm_bo_eviction_valuable,
> +#endif
> .evict_flags = vbox_bo_evict_flags,
> .move = vbox_bo_move,
> .verify_access = vbox_bo_verify_access,
> .io_mem_reserve = &vbox_ttm_io_mem_reserve,
> .io_mem_free = &vbox_ttm_io_mem_free,
> +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
> +.io_mem_pfn = ttm_bo_default_io_mem_pfn,
> +#endif
> #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 7, 0) &&
> LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0)
> .lru_tail = &ttm_bo_default_lru_tail,
> .swap_lru_tail = &ttm_bo_default_swap_lru_tail,
>
> Regards
> Michael
actually ttm_bo_default_io_mem_pfn() is available as of Linux 4.12, not 4.11!
Fixed that.
Frank
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
___
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
Re: [vbox-dev] [PATCH] additons/linux/drm: Fix NULL pointer dereference kernel oops on kernel 4.10+
17.05.2017 13:42, Hans de Goede wrote:
The vboxvideo causes a NULL pointer dereference inside the kernel on
kernel 4.10+ when ttm needs to make room in the video memory and tries
to evict things.
This is caused by upstream kernel commit a2ab19fed9d1 ("drm/ttm: make
eviction decision a driver callback v2") introducing a new
eviction_valuable callback which the vboxvideo driver does not define:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=a2ab19fed9d1dc5a7a2ced44f4b289885c522a8f
This commit adds a definition for this callback, fixing the crash.
Signed-off-by: Hans de Goede
[...]
Thanks Hans, committed! Updated slightly for a similar problem with
4.11 and later:
Index: src/VBox/Additions/linux/drm/vbox_ttm.c
===
--- src/VBox/Additions/linux/drm/vbox_ttm.c (revision 115843)
+++ src/VBox/Additions/linux/drm/vbox_ttm.c (working copy)
@@ -262,11 +262,17 @@
.ttm_tt_populate = vbox_ttm_tt_populate,
.ttm_tt_unpopulate = vbox_ttm_tt_unpopulate,
.init_mem_type = vbox_bo_init_mem_type,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
+.eviction_valuable = ttm_bo_eviction_valuable,
+#endif
.evict_flags = vbox_bo_evict_flags,
.move = vbox_bo_move,
.verify_access = vbox_bo_verify_access,
.io_mem_reserve = &vbox_ttm_io_mem_reserve,
.io_mem_free = &vbox_ttm_io_mem_free,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
+.io_mem_pfn = ttm_bo_default_io_mem_pfn,
+#endif
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 7, 0) &&
LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0)
.lru_tail = &ttm_bo_default_lru_tail,
.swap_lru_tail = &ttm_bo_default_swap_lru_tail,
Regards
Michael
--
Michael Thayer | VirtualBox engineer
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | D-71384 Weinstadt
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister
der Handelskammer Midden-Nederland, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
___
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
[vbox-dev] [PATCH] additons/linux/drm: Fix NULL pointer dereference kernel oops on kernel 4.10+
The vboxvideo causes a NULL pointer dereference inside the kernel on
kernel 4.10+ when ttm needs to make room in the video memory and tries
to evict things.
This is caused by upstream kernel commit a2ab19fed9d1 ("drm/ttm: make
eviction decision a driver callback v2") introducing a new
eviction_valuable callback which the vboxvideo driver does not define:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=a2ab19fed9d1dc5a7a2ced44f4b289885c522a8f
This commit adds a definition for this callback, fixing the crash.
Signed-off-by: Hans de Goede
---
src/VBox/Additions/linux/drm/vbox_ttm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/VBox/Additions/linux/drm/vbox_ttm.c
b/src/VBox/Additions/linux/drm/vbox_ttm.c
index 8925191d..95e2c872 100644
--- a/src/VBox/Additions/linux/drm/vbox_ttm.c
+++ b/src/VBox/Additions/linux/drm/vbox_ttm.c
@@ -262,6 +262,9 @@ struct ttm_bo_driver vbox_bo_driver = {
.ttm_tt_populate = vbox_ttm_tt_populate,
.ttm_tt_unpopulate = vbox_ttm_tt_unpopulate,
.init_mem_type = vbox_bo_init_mem_type,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
+.eviction_valuable = ttm_bo_eviction_valuable,
+#endif
.evict_flags = vbox_bo_evict_flags,
.move = vbox_bo_move,
.verify_access = vbox_bo_verify_access,
--
2.12.2
___
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
