Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-09-23 00:13:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
65e7439204
linux/drivers
History
Changbin Du 65e7439204 drm/i915/gvt: Fix stack-out-of-bounds bug in cmd parser 
for_each_set_bit() only accepts variable of type unsigned long, and we can
not cast it from smaller types.

[   16.499365] ==================================================================
[   16.506655] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x1d/0x70
[   16.513313] Read of size 8 at addr ffff8803616cf510 by task systemd-udevd/180
[   16.521998] CPU: 0 PID: 180 Comm: systemd-udevd Tainted: G     U     O     4.15.0-rc3+ #14
[   16.530317] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.2.8 01/26/2016
[   16.537760] Call Trace:
[   16.540230]  dump_stack+0x7c/0xbb
[   16.543569]  print_address_description+0x6b/0x290
[   16.548306]  kasan_report+0x28a/0x370
[   16.551993]  ? find_first_bit+0x1d/0x70
[   16.555858]  find_first_bit+0x1d/0x70
[   16.559625]  intel_gvt_init_cmd_parser+0x127/0x3c0 [i915]
[   16.565060]  ? __lock_is_held+0x8f/0xf0
[   16.568990]  ? intel_gvt_clean_cmd_parser+0x10/0x10 [i915]
[   16.574514]  ? __hrtimer_init+0x5d/0xb0
[   16.578445]  intel_gvt_init_device+0x2c3/0x690 [i915]
[   16.583537]  ? unregister_module_notifier+0x20/0x20
[   16.588515]  intel_gvt_init+0x89/0x100 [i915]
[   16.592962]  i915_driver_load+0x1992/0x1c70 [i915]
[   16.597846]  ? __i915_printk+0x210/0x210 [i915]
[   16.602410]  ? wait_for_completion+0x280/0x280
[   16.606883]  ? lock_downgrade+0x2c0/0x2c0
[   16.610923]  ? __pm_runtime_resume+0x46/0x90
[   16.615238]  ? acpi_dev_found+0x76/0x80
[   16.619162]  ? i915_pci_remove+0x30/0x30 [i915]
[   16.623733]  local_pci_probe+0x74/0xe0
[   16.627518]  pci_device_probe+0x208/0x310
[   16.631561]  ? pci_device_remove+0x100/0x100
[   16.635871]  ? __list_add_valid+0x29/0xa0
[   16.639919]  driver_probe_device+0x40b/0x6b0
[   16.644223]  ? driver_probe_device+0x6b0/0x6b0
[   16.648696]  __driver_attach+0x11d/0x130
[   16.652649]  bus_for_each_dev+0xe7/0x160
[   16.656600]  ? subsys_dev_iter_exit+0x10/0x10
[   16.660987]  ? __list_add_valid+0x29/0xa0
[   16.665028]  bus_add_driver+0x31d/0x3a0
[   16.668893]  driver_register+0xc6/0x170
[   16.672758]  ? 0xffffffffc0ad8000
[   16.676108]  do_one_initcall+0x9c/0x206
[   16.679984]  ? initcall_blacklisted+0x150/0x150
[   16.684545]  ? do_init_module+0x35/0x33b
[   16.688494]  ? kasan_unpoison_shadow+0x31/0x40
[   16.692968]  ? kasan_kmalloc+0xa6/0xd0
[   16.696743]  ? do_init_module+0x35/0x33b
[   16.700694]  ? kasan_unpoison_shadow+0x31/0x40
[   16.705168]  ? __asan_register_globals+0x82/0xa0
[   16.709819]  do_init_module+0xe7/0x33b
[   16.713597]  load_module+0x4481/0x4ce0
[   16.717397]  ? module_frob_arch_sections+0x20/0x20
[   16.722228]  ? vfs_read+0x13b/0x190
[   16.725742]  ? kernel_read+0x74/0xa0
[   16.729351]  ? get_user_arg_ptr.isra.17+0x70/0x70
[   16.734099]  ? SYSC_finit_module+0x175/0x1b0
[   16.738399]  SYSC_finit_module+0x175/0x1b0
[   16.742524]  ? SYSC_init_module+0x1e0/0x1e0
[   16.746741]  ? __fget+0x157/0x240
[   16.750090]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[   16.754747]  entry_SYSCALL_64_fastpath+0x23/0x9a
[   16.759397] RIP: 0033:0x7f8fbc837499
[   16.762996] RSP: 002b:00007ffead76c138 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   16.770618] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 00007f8fbc837499
[   16.777800] RDX: 0000000000000000 RSI: 000056484e67b080 RDI: 0000000000000012
[   16.784979] RBP: 00007ffead76b140 R08: 0000000000000000 R09: 0000000000000021
[   16.792164] R10: 0000000000000012 R11: 0000000000000246 R12: 000056484e67b460
[   16.799345] R13: 00007ffead76b120 R14: 0000000000000005 R15: 0000000000000000
[   16.808052] The buggy address belongs to the page:
[   16.812876] page:00000000dc4b8c1e count:0 mapcount:0 mapping:          (null) index:0x0
[   16.820934] flags: 0x17ffffc0000000()
[   16.824621] raw: 0017ffffc0000000 0000000000000000 0000000000000000 00000000ffffffff
[   16.832416] raw: ffffea000d85b3e0 ffffea000d85b3e0 0000000000000000 0000000000000000
[   16.840208] page dumped because: kasan: bad access detected
[   16.847318] Memory state around the buggy address:
[   16.852143]  ffff8803616cf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.859427]  ffff8803616cf480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
[   16.866708] >ffff8803616cf500: f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00 00 00 00 00 00
[   16.873988]                          ^
[   16.877770]  ffff8803616cf580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.885042]  ffff8803616cf600: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[   16.892312] ==================================================================

Signed-off-by: Changbin Du <changbin.du@intel.com>
Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
2018-01-08 12:01:11 +08:00
..
accessibility
acpi ACPI fix for v4.15-rc1 2017-11-17 14:51:24 -08:00
amba A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
android Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
ata Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata 2017-11-15 14:11:41 -08:00
atm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
auxdisplay Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
base treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-11-15 11:56:19 -08:00
block treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bluetooth
bus ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
cdrom Merge branch 'for-4.15/block' of git://git.kernel.dk/linux-block 2017-11-14 15:32:19 -08:00
char Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
clk We have two changes to the core framework this time around. The first being a 2017-11-17 20:04:24 -08:00
clocksource - final batch of "non trivial" timer conversions (multi-tree dependencies, 2017-11-23 16:29:05 +01:00
connector
cpufreq Power management updates for v4.15-rc1 2017-11-13 19:43:50 -08:00
cpuidle powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
crypto powerpc updates for 4.15 2017-11-16 12:47:46 -08:00
dax libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
dca
devfreq Merge branches 'pm-devfreq' and 'pm-tools' 2017-11-13 01:41:39 +01:00
dio
dma dmaengine updates for 4.15-rc1 2017-11-14 16:49:31 -08:00
dma-buf Tracing updates for 4.15: 2017-11-17 14:58:01 -08:00
edac Modules updates for v4.15 2017-11-15 13:46:33 -08:00
eisa
extcon USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
firewire Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
firmware drivers/firmware: psci: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
fmc
fpga Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
fsi
gpio This is the bulk of pin control changes for the v4.15 2017-11-16 10:57:11 -08:00
gpu drm/i915/gvt: Fix stack-out-of-bounds bug in cmd parser 2018-01-08 12:01:11 +08:00
hid treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
hsi HSI changes for the v4.15 series 2017-11-15 13:35:43 -08:00
hv Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
hwmon hwmon: (w83793) Remove duplicate NULL check 2017-11-16 01:03:19 -08:00
hwspinlock hwspinlock update for v4.15 2017-11-17 20:16:20 -08:00
hwtracing Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
i2c Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 11:54:55 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2017-11-19 08:04:41 -10:00
idle Merge branch 'pm-cpuidle' 2017-11-13 01:34:14 +01:00
iio treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
infiniband treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
input treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
iommu treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ipack
irqchip Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:39:20 -08:00
isdn treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
leds LED updates for 4.15rc1 2017-11-14 18:09:31 -08:00
lightnvm lightnvm: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
macintosh Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
mailbox Change to POLL api and fixes for FlexRM and OMAP driver 2017-11-15 13:39:18 -08:00
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-11-17 10:56:56 -08:00
media treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
memory ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
memstick treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
message Modules updates for v4.15 2017-11-15 13:46:33 -08:00
mfd treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
misc lkdtm: include WARN format string 2017-11-17 16:10:01 -08:00
mmc treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mtd Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
mux
net Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
nfc treewide: setup_timer() -> timer_setup() (2 field) 2017-11-21 15:57:09 -08:00
ntb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
nubus m68k updates for 4.15 2017-11-13 12:10:24 -08:00
nvdimm libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
nvme nvmet_fc: fix better length checking 2017-11-16 11:27:04 -07:00
nvmem Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
of DeviceTree fixes for 4.15: 2017-11-20 21:38:41 -10:00
opp
oprofile
parisc
parport Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
pci Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-26 14:11:54 -08:00
pcmcia drivers/pcmcia/sa1111_badge4.c: avoid unused function warning 2017-11-17 16:10:04 -08:00
perf arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
phy USB/PHY patches for 4.15-rc1 2017-11-13 21:14:07 -08:00
pinctrl This is the bulk of pin control changes for the v4.15 2017-11-16 10:57:11 -08:00
platform Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
pnp
power power supply and reset changes for the v4.15 series 2017-11-15 13:37:15 -08:00
powercap
pps treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ps3
ptp xen: features and fixes for v4.15-rc1 2017-11-16 13:06:27 -08:00
pwm pwm: Changes for v4.15-rc1 2017-11-22 21:09:18 -10:00
rapidio Merge branch 'akpm' (patches from Andrew) 2017-11-17 16:56:17 -08:00
ras Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-13 17:56:58 -08:00
regulator - New Drivers 2017-11-16 09:15:57 -08:00
remoteproc remoteproc updates for v4.15 2017-11-17 20:14:10 -08:00
reset ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
rpmsg rpmsg updates for v4.15 2017-11-17 20:12:08 -08:00
rtc Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
s390 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
sbus Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc 2017-11-17 20:21:44 -08:00
scsi Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
sfi
sh A couple of dma-mapping updates: 2017-11-14 16:54:12 -08:00
sn
soc ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
spi Merge remote-tracking branches 'spi/topic/sh-msiof', 'spi/topic/slave', 'spi/topic/spreadtrum' and 'spi/topic/tegra114' into spi-next 2017-11-10 21:33:51 +00:00
spmi
ssb
staging treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
target Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2017-11-17 14:31:27 -08:00
thunderbolt Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
tty treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
uio
usb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
uwb treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
vfio VFIO Updates for Linux v4.15 2017-11-14 16:47:47 -08:00
vhost Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-11-17 12:08:18 -08:00
video fbdev changes for v4.15: 2017-11-20 21:50:24 -10:00
virt
virtio virtio_balloon: fix deadlock on OOM 2017-11-14 23:57:38 +02:00
vlynq
vme Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
w1 Char/Misc patches for 4.15-rc1 2017-11-16 09:10:59 -08:00
watchdog treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
xen treewide: Switch DEFINE_TIMER callbacks to struct timer_list * 2017-11-21 15:57:05 -08:00
zorro
Kconfig Merge branches 'pm-cpufreq-sched' and 'pm-opp' 2017-11-13 01:40:52 +01:00
Makefile Merge branches 'pm-cpufreq-sched' and 'pm-opp' 2017-11-13 01:40:52 +01:00