| Message ID | 20171031115535.15166-1-chris@chris-wilson.co.uk (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Quoting Chris Wilson (2017-10-31 11:55:35) > To acquire all modeset locks requires a ww_ctx to be allocated. As this > is the legacy path and the allocation small, to reduce the changes > required (and complex untested error handling) to the legacy drivers, we > simply assume that the allocation succeeds. At present, it relies on the > too-small-to-fail rule, but syzbot found that by injecting a failure > here we would hit the WARN. Document that this allocation must succeed > with __GFP_NOFAIL. > > Reported-by: syzbot (syzkaller) Proper credit is Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
On Tue, Oct 31, 2017 at 11:55:35AM +0000, Chris Wilson wrote: > To acquire all modeset locks requires a ww_ctx to be allocated. As this > is the legacy path and the allocation small, to reduce the changes > required (and complex untested error handling) to the legacy drivers, we > simply assume that the allocation succeeds. At present, it relies on the > too-small-to-fail rule, but syzbot found that by injecting a failure > here we would hit the WARN. Document that this allocation must succeed > with __GFP_NOFAIL. > > Reported-by: syzbot (syzkaller) > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> > --- > Resent to the right list! > --- > drivers/gpu/drm/drm_modeset_lock.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/drm_modeset_lock.c b/drivers/gpu/drm/drm_modeset_lock.c > index e123497da0ca..963e23db0fe7 100644 > --- a/drivers/gpu/drm/drm_modeset_lock.c > +++ b/drivers/gpu/drm/drm_modeset_lock.c > @@ -93,7 +93,7 @@ void drm_modeset_lock_all(struct drm_device *dev) > struct drm_modeset_acquire_ctx *ctx; > int ret; > > - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); > + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL | __GFP_NOFAIL); > if (WARN_ON(!ctx)) > return; > > -- > 2.15.0.rc2 > > _______________________________________________ > dri-devel mailing list > dri-devel@lists.freedesktop.org > https://lists.freedesktop.org/mailman/listinfo/dri-devel
On Tue, Oct 31, 2017 at 03:28:01PM +0200, Ville Syrjälä wrote: > On Tue, Oct 31, 2017 at 11:55:35AM +0000, Chris Wilson wrote: > > To acquire all modeset locks requires a ww_ctx to be allocated. As this > > is the legacy path and the allocation small, to reduce the changes > > required (and complex untested error handling) to the legacy drivers, we > > simply assume that the allocation succeeds. At present, it relies on the > > too-small-to-fail rule, but syzbot found that by injecting a failure > > here we would hit the WARN. Document that this allocation must succeed > > with __GFP_NOFAIL. Note that for atomic drivers at least all the core/helper paths are fixed up correctly. But e.g. i915 has still plenty of callsites in its own code, mostly debugfs. > > Reported-by: syzbot (syzkaller) > > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > > Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Applied, thanks. -Daniel > > > --- > > Resent to the right list! > > --- > > drivers/gpu/drm/drm_modeset_lock.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/drm_modeset_lock.c b/drivers/gpu/drm/drm_modeset_lock.c > > index e123497da0ca..963e23db0fe7 100644 > > --- a/drivers/gpu/drm/drm_modeset_lock.c > > +++ b/drivers/gpu/drm/drm_modeset_lock.c > > @@ -93,7 +93,7 @@ void drm_modeset_lock_all(struct drm_device *dev) > > struct drm_modeset_acquire_ctx *ctx; > > int ret; > > > > - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); > > + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL | __GFP_NOFAIL); > > if (WARN_ON(!ctx)) > > return; > > > > -- > > 2.15.0.rc2 > > > > _______________________________________________ > > dri-devel mailing list > > dri-devel@lists.freedesktop.org > > https://lists.freedesktop.org/mailman/listinfo/dri-devel > > -- > Ville Syrjälä > Intel OTC
Quoting Daniel Vetter (2017-10-31 16:38:26) > On Tue, Oct 31, 2017 at 03:28:01PM +0200, Ville Syrjälä wrote: > > On Tue, Oct 31, 2017 at 11:55:35AM +0000, Chris Wilson wrote: > > > To acquire all modeset locks requires a ww_ctx to be allocated. As this > > > is the legacy path and the allocation small, to reduce the changes > > > required (and complex untested error handling) to the legacy drivers, we > > > simply assume that the allocation succeeds. At present, it relies on the > > > too-small-to-fail rule, but syzbot found that by injecting a failure > > > here we would hit the WARN. Document that this allocation must succeed > > > with __GFP_NOFAIL. > > Note that for atomic drivers at least all the core/helper paths are fixed > up correctly. But e.g. i915 has still plenty of callsites in its own code, > mostly debugfs. > > > > Reported-by: syzbot (syzkaller) > > > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > > > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > > > > Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> > > Applied, thanks. Just curious as it hasn't shown up in drm-tip yet, so I'm worrying if it found a crack to hide in. -Chris
On Wed, Nov 01, 2017 at 02:08:37PM +0000, Chris Wilson wrote: > Quoting Daniel Vetter (2017-10-31 16:38:26) > > On Tue, Oct 31, 2017 at 03:28:01PM +0200, Ville Syrjälä wrote: > > > On Tue, Oct 31, 2017 at 11:55:35AM +0000, Chris Wilson wrote: > > > > To acquire all modeset locks requires a ww_ctx to be allocated. As this > > > > is the legacy path and the allocation small, to reduce the changes > > > > required (and complex untested error handling) to the legacy drivers, we > > > > simply assume that the allocation succeeds. At present, it relies on the > > > > too-small-to-fail rule, but syzbot found that by injecting a failure > > > > here we would hit the WARN. Document that this allocation must succeed > > > > with __GFP_NOFAIL. > > > > Note that for atomic drivers at least all the core/helper paths are fixed > > up correctly. But e.g. i915 has still plenty of callsites in its own code, > > mostly debugfs. > > > > > > Reported-by: syzbot (syzkaller) > > > > Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> > > > > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > > > > > > Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> > > > > Applied, thanks. > > Just curious as it hasn't shown up in drm-tip yet, so I'm worrying if it > found a crack to hide in. Indeed it found a crack :-/ Pushed now, thanks for reminding me. -Daniel
diff --git a/drivers/gpu/drm/drm_modeset_lock.c b/drivers/gpu/drm/drm_modeset_lock.c index e123497da0ca..963e23db0fe7 100644 --- a/drivers/gpu/drm/drm_modeset_lock.c +++ b/drivers/gpu/drm/drm_modeset_lock.c @@ -93,7 +93,7 @@ void drm_modeset_lock_all(struct drm_device *dev) struct drm_modeset_acquire_ctx *ctx; int ret; - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL); + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL | __GFP_NOFAIL); if (WARN_ON(!ctx)) return;
To acquire all modeset locks requires a ww_ctx to be allocated. As this is the legacy path and the allocation small, to reduce the changes required (and complex untested error handling) to the legacy drivers, we simply assume that the allocation succeeds. At present, it relies on the too-small-to-fail rule, but syzbot found that by injecting a failure here we would hit the WARN. Document that this allocation must succeed with __GFP_NOFAIL. Reported-by: syzbot (syzkaller) Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> --- Resent to the right list! --- drivers/gpu/drm/drm_modeset_lock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)