From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06E32E9370D for ; Thu, 5 Oct 2023 13:05:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6D3146B0141; Thu, 5 Oct 2023 09:05:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 65B776B0144; Thu, 5 Oct 2023 09:05:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D55F6B0147; Thu, 5 Oct 2023 09:05:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 368796B0141 for ; Thu, 5 Oct 2023 09:05:48 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id ECCFA12015D for ; Thu, 5 Oct 2023 13:05:47 +0000 (UTC) X-FDA: 81311429934.18.549EB4F Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf20.hostedemail.com (Postfix) with ESMTP id 476CB1C003D for ; Thu, 5 Oct 2023 13:05:42 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=e8lzia3e; spf=none (imf20.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1696511145; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Mkk02uRjKGFB4e8aG+3kpHFTSQxewntkAdfkHaxdesI=; b=MYl3uC/Ayq/DJ8XYv1CHfZ7ujywCQ+KyLFetVOeHgIA0ReVjLcaun4M3Dkxrvh9mChoqo6 IlrC+V6gLpCn9EYhwqwGk7E5GaNh4Ne/vjlFX/SYJ9bbFrieQSevGGEltn9dEfo00WsvUD P7E+rlD2Akbw29AnuJuIzeLfHO2+eTY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1696511145; a=rsa-sha256; cv=none; b=df0bmq4cvYMplN5bCBVj/KVzTPEwjaxSJ76n8afmhMX00bB6DjCzF86tVXJS8b9UjVx9Gv 7I9x4qhPV58Dyor0WHt8cvx1do2GhWhTZ1nuRS+qqU2X4Yd4RLFXXuFqOPLyBNiRl8UGYN tcgP8YrFo2sa6rhk6wZGLwrG9yX1iik= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=e8lzia3e; spf=none (imf20.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=Mkk02uRjKGFB4e8aG+3kpHFTSQxewntkAdfkHaxdesI=; b=e8lzia3eWGjc2IATz+le3lrKVu gOGiebot8NBca6IuY1/7+0Md+gtJwtDVfAHSbA0UWbreBJzbz2kT+hFv+RpLa6r5qqRoffNUXfRGU VA7jnn8XW5RZTzKlM7OWo4x9vALqRV3miM8Zj4Wp1GxFCK1GDxu9CMi+opvVuCBcDMsxrXr1VD/GA ISl5cGU9QCIbPRtkw/08b6pYXUxKIhk56rJaYx/OV4skaPAarzqcWN2klpsiXE8vITVUS0/02QcWn rDUIB+fTSXu4BQliJpqS6UwH588iRi1GdKAdsFAPCdE/peTEyKFsQeCaJqVQf6gemqeoarlPqa0Hy z8Nh6/3A==; Received: from willy by casper.infradead.org with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1qoO2h-009V8J-IJ; Thu, 05 Oct 2023 13:05:27 +0000 Date: Thu, 5 Oct 2023 14:05:27 +0100 From: Matthew Wilcox To: Oleksandr Natalenko Cc: Thomas Zimmermann , Linux Regressions , linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, Christian =?iso-8859-1?Q?K=F6nig?= , linaro-mm-sig@lists.linaro.org, linux-mm@kvack.org, Maxime Ripard , Bagas Sanjaya , Andrew Morton , Sumit Semwal , linux-media@vger.kernel.org Subject: Re: [REGRESSION] BUG: KFENCE: memory corruption in drm_gem_put_pages+0x186/0x250 Message-ID: References: <13360591.uLZWGnKmhe@natalenko.name> <3254850.aeNJFYEL58@natalenko.name> <22037450.EfDdHjke4D@natalenko.name> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <22037450.EfDdHjke4D@natalenko.name> X-Rspamd-Queue-Id: 476CB1C003D X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: z9a9q7shmd3xy8nugwwbpiqti66kehzq X-HE-Tag: 1696511142-293843 X-HE-Meta: U2FsdGVkX185Jh5CLwGHPzxAYuPNEr3L12KCBJxZdm76BkKhZSQErBEDY5avEUevc8RrNoHWxwAwp4SFoW/PdPlE+Tv6Y3dglQxh+mMnr10K7tKx0btrQsj7RS2EZwx/80XB0VZxfIDXuqH27pBSfUOZdW6YjAZ4Q1jk0bSQTdb8FchwUQHLEiq76Wld++p2f+cVScfwdGYx9H4Ykjw9Zi8xaOMeqVvNKHHL39iaVLjg2vyk8v91m5hYko/nX6ESgCjsQjXwdJIiqzLUeFxJSadK4yxZjHn2trfQKl2/uRQdnlfjmfVlw9ugzr3h2ucmIY6xtIToLxATWvMro0nYgO/SDKBMud8lsVJSSKQSBJc+YakWrK0mCuZJ2uJoGx4sjFB1PF7cBRgQj9UkR7rO+1+zhwSuMLJ7Bv8bKMzoh+Uhn4bsPVIYqdbZ6Ad1VSdUv5oHpD2xlxWzWan57Mq4/KvRtD6F1w1pvBR2B1GgzacR+EQ1F/lDSnzzw41B9bXmBBUslBXaoFVX7keyh7iWQVxwtZKjXvFPb94j7NQWQtUl2B5xvWHPUj2P4I1jKxm9YfxFWKItKVF/wdrc9i3iB+kQ3ul6e1+1jONGBKCDHDQxSXJPsb2Zm4i3DXgW3Qv95GnfiVpo2LVuFiw7eyGFlfOgPrHdL5f9KnfG3TF6NLoJOctpKFR/p3zgTOvW1UGUZPKgXWR9FzVNCnfWDaGef019piZJ1NH/6aAOPEt7WUrHh88QKQLoe58iA2h9tO1J1JmiJjvPrgF34mFJogXC9upof2Au2k1wAk1BRhkpkQQYOCEG0AJFMKyQEEl+pYPbqAGkdb0TjRrmm4GOUG5G4mPzbv9fT0vTC2a5fPXRgEH5P9N0yGUlq2TJ/x5b6w3rkXD4J0HZrEDq4fopxaq6L7wxnzZUgFZnHVztWwju4H5dm3UY8iD39oLnA+R7lYPqsD/rPcxrnK6SA2LKw3c /yGiynRy sAl2zEzDSr71WK99gHxeHEsXYowa5muMVOw70uI3A4UCIlSuMSsGHn3M/5d9MquAgekkvoopPOX0k6pI0nDZWMk1fogrDnllaMOWugmJuJHkaNAcOEyzPD1dE/t2ZCh4ukcrS7Pu82RP0idvHCMCa6QFo+ZiJn3Eri1uWevCIegKEPzZRNg7Sq4mXjQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Oct 05, 2023 at 02:30:55PM +0200, Oleksandr Natalenko wrote: > No-no, sorry for possible confusion. Let me explain again: > > 1. we had an issue with i915, which was introduced by 0b62af28f249, and later was fixed by 863a8eb3f270 > 2. now I've discovered another issue, which looks very similar to 1., but in a VM with Cirrus VGA, and it happens even while having 863a8eb3f270 applied > 3. I've tried reverting 3291e09a4638, after which I cannot reproduce the issue with Cirrus VGA, but clearly there was no fix for it discussed > > IOW, 863a8eb3f270 is the fix for 0b62af28f249, but not for 3291e09a4638. It looks like 3291e09a4638 requires a separate fix. Thank you! Sorry about the misunderstanding. Try this: diff --git a/drivers/gpu/drm/drm_gem.c b/drivers/gpu/drm/drm_gem.c index 6129b89bb366..44a948b80ee1 100644 --- a/drivers/gpu/drm/drm_gem.c +++ b/drivers/gpu/drm/drm_gem.c @@ -540,7 +540,7 @@ struct page **drm_gem_get_pages(struct drm_gem_object *obj) struct page **pages; struct folio *folio; struct folio_batch fbatch; - int i, j, npages; + long i, j, npages; if (WARN_ON(!obj->filp)) return ERR_PTR(-EINVAL); @@ -564,11 +564,13 @@ struct page **drm_gem_get_pages(struct drm_gem_object *obj) i = 0; while (i < npages) { + long nr; folio = shmem_read_folio_gfp(mapping, i, mapping_gfp_mask(mapping)); if (IS_ERR(folio)) goto fail; - for (j = 0; j < folio_nr_pages(folio); j++, i++) + nr = min(npages - i, folio_nr_pages(folio)); + for (j = 0; j < nr; j++, i++) pages[i] = folio_file_page(folio, i); /* Make sure shmem keeps __GFP_DMA32 allocated pages in the