From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Qft/=DF=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 300B9C4741F
	for <linux-mm@archiver.kernel.org>; Mon, 28 Sep 2020 09:57:31 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 7568C23119
	for <linux-mm@archiver.kernel.org>; Mon, 28 Sep 2020 09:57:30 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=zx2c4.com header.i=@zx2c4.com header.b="Mx27Z6Ti"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7568C23119
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=zx2c4.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 77EF36B005D; Mon, 28 Sep 2020 05:57:29 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 706586B0062; Mon, 28 Sep 2020 05:57:29 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 57FD86B0068; Mon, 28 Sep 2020 05:57:29 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0194.hostedemail.com [216.40.44.194])
	by kanga.kvack.org (Postfix) with ESMTP id 35B946B005D
	for <linux-mm@kvack.org>; Mon, 28 Sep 2020 05:57:29 -0400 (EDT)
Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id D6A6910EED
	for <linux-mm@kvack.org>; Mon, 28 Sep 2020 09:57:28 +0000 (UTC)
X-FDA: 77312017776.21.foot65_29108e627180
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin21.hostedemail.com (Postfix) with ESMTP id B53961807867E
	for <linux-mm@kvack.org>; Mon, 28 Sep 2020 09:57:28 +0000 (UTC)
X-HE-Tag: foot65_29108e627180
X-Filterd-Recvd-Size: 4983
Received: from mail.zx2c4.com (mail.zx2c4.com [192.95.5.64])
	by imf24.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Mon, 28 Sep 2020 09:57:28 +0000 (UTC)
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 71cd0170
	for <linux-mm@kvack.org>;
	Mon, 28 Sep 2020 09:26:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=zx2c4.com; h=mime-version
	:references:in-reply-to:from:date:message-id:subject:to:cc
	:content-type; s=mail; bh=3UT5Qurs6QFcvRuY8EVP0R+VoG0=; b=Mx27Z6
	TiPBYyjYl/C37E872vubFfeTJ14DDEVRLNbpEfkWYpS08Vr/R58Ho5PbaOuPi7/6
	OsnJ05rfQ60YVJuqakGi6bi/mWiV3cfNOll3dAIS9sHLgOEZQXYmCzmDpqJ4NcHW
	aL8Ywmg7tVpXmNH7kwbPOuZVN8KirN2y5992QEQi0kMoJVSw7YH+G8dHfrk9bOcE
	Nm5IeiU/8VBnIzA9FJw+gsnu3rgrHCynM9AZugD7YeuOTLzfJ1FesEMphiQJNdjJ
	tpWgVmKW8T1Nlj3GaVBplkQcKf0HMJ2bB81T7/EnbY1xtk2QiJ/BmZa7w8FVdgnp
	ng1oPsNhEUb/o5cw==
Received: 
	by mail.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 8deedb26 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO)
	for <linux-mm@kvack.org>;
	Mon, 28 Sep 2020 09:25:59 +0000 (UTC)
Received: by mail-io1-f48.google.com with SMTP id j2so476294ioj.7
        for <linux-mm@kvack.org>; Mon, 28 Sep 2020 02:57:26 -0700 (PDT)
X-Gm-Message-State: AOAM531huYjqlY8n12EI/hcsv7DhbOg3fK6LxoT6xVEFzyyuSAIPaBdZ
	FvTWIf788B07A6viEjeoMQD/Khpq9nSBRcYkfwQ=
X-Google-Smtp-Source: ABdhPJwY4ZTc5KCQXMLpQ/osGiTdHnD1LifiBaBrHxFZd7llNsCevSRxLzU462ezZN+RsIB5U1QP/UQOnsN4jbdvjKI=
X-Received: by 2002:a6b:7f4d:: with SMTP id m13mr6188872ioq.80.1601287045576;
 Mon, 28 Sep 2020 02:57:25 -0700 (PDT)
MIME-Version: 1.0
References: <CAHmME9odvKzyAG7HgzSE-1gLOfiU=HL1MB5w4z=AwOsjz9WJPA@mail.gmail.com>
In-Reply-To: <CAHmME9odvKzyAG7HgzSE-1gLOfiU=HL1MB5w4z=AwOsjz9WJPA@mail.gmail.com>
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 28 Sep 2020 11:57:14 +0200
X-Gmail-Original-Message-ID: <CAHmME9qPo_MNrVioY=qgOVNxYBVY1_i_eep5wzP-7Akq5fH1Xg@mail.gmail.com>
Message-ID: <CAHmME9qPo_MNrVioY=qgOVNxYBVY1_i_eep5wzP-7Akq5fH1Xg@mail.gmail.com>
Subject: Re: 5.9-rc7 null ptr deref in __i915_gem_userptr_get_pages_worker
To: Vasily Gorbik <gor@linux.ibm.com>, Linux-MM <linux-mm@kvack.org>, 
	Jason Gunthorpe <jgg@ziepe.ca>, Andrew Morton <akpm@linux-foundation.org>
Cc: intel-gfx@lists.freedesktop.org, 
	"open list:DRM DRIVERS" <dri-devel@lists.freedesktop.org>, open list <linux-kernel@vger.kernel.org>, 
	Chris Wilson <chris@chris-wilson.co.uk>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.009650, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

Increasing the CC list a bit, as i915 didn't really get much churn
rc6->rc7, but mm/gup.c did, and mm has had a lot of recent changes.

On Mon, Sep 28, 2020 at 11:39 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> Seeing a new crash in 5.9-rc7 I didn't have in 5.9-rc6:
>
> [ 1311.596896] BUG: kernel NULL pointer dereference, address: 0000000000000064
> [ 1311.596898] #PF: supervisor write access in kernel mode
> [ 1311.596899] #PF: error_code(0x0002) - not-present page
> [ 1311.596899] PGD 0 P4D 0
> [ 1311.596901] Oops: 0002 [#1] SMP
> [ 1311.596902] CPU: 10 PID: 1431 Comm: kworker/u33:1 Tainted: P S   U
>    O      5.9.0-rc7+ #140
> [ 1311.596903] Hardware name: LENOVO 20QTCTO1WW/20QTCTO1WW, BIOS
> N2OET47W (1.34 ) 08/06/2020
> [ 1311.596955] Workqueue: i915-userptr-acquire
> __i915_gem_userptr_get_pages_worker [i915]
> [ 1311.596959] RIP: 0010:__get_user_pages_remote+0xd7/0x310
> [ 1311.596960] Code: f5 01 00 00 83 7d 00 01 0f 85 ed 01 00 00 f7 c1
> 00 00 04 00 0f 84 58 01 00 00 65 48 8b 04 25 00 6d 01 00 48 8b 80 40
> 03 00 00 <c7> 40 64 01 00 00 00 65 48 8b 04 25 00 6d 01 00 48 c7 44 24
> 18 00
> [ 1311.596961] RSP: 0018:ffff888fdfe47de0 EFLAGS: 00010206
> [ 1311.596962] RAX: 0000000000000000 RBX: 00007fe188531000 RCX: 0000000000040001
> [ 1311.596962] RDX: 0000000000000001 RSI: 00007fe188531000 RDI: ffff888ff0748f00
> [ 1311.596963] RBP: ffff888fdfe47e54 R08: ffff888fedc7d7c8 R09: 0000000000000000
> [ 1311.596963] R10: 0000000000000018 R11: fefefefefefefeff R12: ffff888ff0748f00
> [ 1311.596963] R13: ffff888fedc7d7c8 R14: ffff888f81fe3a40 R15: 0000000000042003
> [ 1311.596964] FS:  0000000000000000(0000) GS:ffff888ffc480000(0000)
> knlGS:0000000000000000
> [ 1311.596965] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 1311.596965] CR2: 0000000000000064 CR3: 0000000002009003 CR4: 00000000003706e0
> [ 1311.596966] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 1311.596966] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 1311.596967] Call Trace:
> [ 1311.596993]  __i915_gem_userptr_get_pages_worker+0xc8/0x260 [i915]
> [ 1311.596996]  process_one_work+0x1ca/0x390
> [ 1311.596997]  worker_thread+0x48/0x3c0
> [ 1311.596998]  ? rescuer_thread+0x3d0/0x3d0
> [ 1311.597000]  kthread+0x114/0x130
> [ 1311.597001]  ? kthread_create_worker_on_cpu+0x40/0x40
> [ 1311.597003]  ret_from_fork+0x1f/0x30
> [ 1311.597031] CR2: 0000000000000064
> [ 1311.597033] ---[ end trace e2b8ddde994a6f6d ]---