This is a note to let you know that I've just added the patch titled
drm/i915: Do not dereference pointers from ring buffer in evict event
to the 3.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-i915-do-not-dereference-pointers-from-ring-buffer-in-evict-event.patch
and it can be found in the queue-3.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 9297ebf29ad9118edd6c0fedc84f03e35028827d Mon Sep 17 00:00:00 2001
From: Steven Rostedt <rostedt@xxxxxxxxxxx>
Date: Tue, 18 Mar 2014 11:27:37 -0400
Subject: drm/i915: Do not dereference pointers from ring buffer in evict event
From: Steven Rostedt <rostedt@xxxxxxxxxxx>
commit 9297ebf29ad9118edd6c0fedc84f03e35028827d upstream.
The TP_printk() should never dereference any pointers, because the ring
buffer can be read at some unknown time in the future. If a device no
longer exists, it can cause a kernel oops. This also makes this
event useless when saving the ring buffer in userspaces tools such as
perf and trace-cmd.
The i915_gem_evict_vm dereferences the vm pointer which may also not
exist when the ring buffer is read sometime in the future.
Link: http://lkml.kernel.org/r/1395095198-20034-3-git-send-email-artagnon@xxxxxxxxx
Reported-by: Ramkumar Ramachandra <artagnon@xxxxxxxxx>
Fixes: bcccff847d1f "drm/i915: trace vm eviction instead of everything"
Signed-off-by: Steven Rostedt <rostedt@xxxxxxxxxxx>
[danvet: Try to make it actually compile]
Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/i915/i915_trace.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/i915_trace.h
+++ b/drivers/gpu/drm/i915/i915_trace.h
@@ -238,14 +238,16 @@ TRACE_EVENT(i915_gem_evict_vm,
TP_ARGS(vm),
TP_STRUCT__entry(
+ __field(u32, dev)
__field(struct i915_address_space *, vm)
),
TP_fast_assign(
+ __entry->dev = vm->dev->primary->index;
__entry->vm = vm;
),
- TP_printk("dev=%d, vm=%p", __entry->vm->dev->primary->index, __entry->vm)
+ TP_printk("dev=%d, vm=%p", __entry->dev, __entry->vm)
);
TRACE_EVENT(i915_gem_ring_sync_to,
Patches currently in stable-queue which might be from rostedt@xxxxxxxxxxx are
queue-3.14/blktrace-fix-accounting-of-partially-completed-requests.patch
queue-3.14/x86-preempt-fix-preemption-for-i386.patch
queue-3.14/tracing-use-rcu_dereference_sched-for-trace-event-triggers.patch
queue-3.14/drm-i915-do-not-dereference-pointers-from-ring-buffer-in-evict-event.patch
queue-3.14/tools-lib-traceevent-fix-memory-leak-in-pretty_print.patch
queue-3.14/tracing-uprobes-fix-uprobe_cpu_buffer-memory-leak.patch
queue-3.14/tracepoint-do-not-waste-memory-on-mods-with-no-tracepoints.patch
queue-3.14/xen-spinlock-don-t-enable-them-unconditionally.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html