leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bfa603aa5e
linux/drivers
History
Xiaojie Yuan bfa603aa5e drm/amdgpu: fix null pointer deref in firmware header printing 
v2: declare as (struct common_firmware_header *) type because
    struct xxx_firmware_header inherits from it

When CE's ucode_id(8) is used to get sdma_hdr, we will be accessing an
unallocated amdgpu_firmware_info instance.

This issue appears on rhel7.7 with gcc 4.8.5. Newer compilers might have
optimized out such 'defined but not referenced' variable.

[ 1120.798564] BUG: unable to handle kernel NULL pointer dereference at 000000000000000a
[ 1120.806703] IP: [<ffffffffc0e3c9b3>] psp_np_fw_load+0x1e3/0x390 [amdgpu]
[ 1120.813693] PGD 80000002603ff067 PUD 271b8d067 PMD 0
[ 1120.818931] Oops: 0000 [#1] SMP
[ 1120.822245] Modules linked in: amdgpu(OE+) amdkcl(OE) amd_iommu_v2 amdttm(OE) amd_sched(OE) xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun bridge stp llc devlink ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat iptable_mangle iptable_security iptable_raw nf_conntrack libcrc32c ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc dm_mirror dm_region_hash dm_log dm_mod intel_pmc_core intel_powerclamp coretemp intel_rapl joydev kvm_intel eeepc_wmi asus_wmi kvm sparse_keymap iTCO_wdt irqbypass rfkill crc32_pclmul snd_hda_codec_realtek mxm_wmi ghash_clmulni_intel intel_wmi_thunderbolt iTCO_vendor_support snd_hda_codec_generic snd_hda_codec_hdmi aesni_intel lrw gf128mul glue_helper ablk_helper sg cryptd pcspkr snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd pinctrl_sunrisepoint pinctrl_intel soundcore acpi_pad mei_me wmi mei i2c_i801 pcc_cpufreq ip_tables ext4 mbcache jbd2 sd_mod crc_t10dif crct10dif_generic i915 i2c_algo_bit iosf_mbi drm_kms_helper e1000e syscopyarea sysfillrect sysimgblt fb_sys_fops ahci libahci drm ptp libata crct10dif_pclmul crct10dif_common crc32c_intel serio_raw pps_core drm_panel_orientation_quirks video i2c_hid
[ 1120.954136] CPU: 4 PID: 2426 Comm: modprobe Tainted: G           OE  ------------   3.10.0-1062.el7.x86_64 #1
[ 1120.964390] Hardware name: System manufacturer System Product Name/Z170-A, BIOS 1302 11/09/2015
[ 1120.973321] task: ffff991ef1e3c1c0 ti: ffff991ee625c000 task.ti: ffff991ee625c000
[ 1120.981020] RIP: 0010:[<ffffffffc0e3c9b3>]  [<ffffffffc0e3c9b3>] psp_np_fw_load+0x1e3/0x390 [amdgpu]
[ 1120.990483] RSP: 0018:ffff991ee625f950  EFLAGS: 00010202
[ 1120.995935] RAX: 0000000000000002 RBX: ffff991edf6b2d38 RCX: ffff991edf6a0000
[ 1121.003391] RDX: 0000000000000000 RSI: ffff991f01d13898 RDI: ffffffffc110afb3
[ 1121.010706] RBP: ffff991ee625f9b0 R08: 0000000000000000 R09: 0000000000000000
[ 1121.018029] R10: 00000000000004c4 R11: ffff991ee625f64e R12: ffff991edf6b3220
[ 1121.025353] R13: ffff991edf6a0000 R14: 0000000000000008 R15: ffff991edf6b2d30
[ 1121.032666] FS:  00007f97b0c0b740(0000) GS:ffff991f01d00000(0000) knlGS:0000000000000000
[ 1121.041000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1121.046880] CR2: 000000000000000a CR3: 000000025e604000 CR4: 00000000003607e0
[ 1121.054239] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1121.061631] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1121.068938] Call Trace:
[ 1121.071494]  [<ffffffffc0e3dba8>] psp_hw_init+0x218/0x270 [amdgpu]
[ 1121.077886]  [<ffffffffc0da3188>] amdgpu_device_fw_loading+0xe8/0x160 [amdgpu]
[ 1121.085296]  [<ffffffffc0e3b34c>] ? vega10_ih_irq_init+0x4bc/0x730 [amdgpu]
[ 1121.092534]  [<ffffffffc0da5c75>] amdgpu_device_init+0x1495/0x1c90 [amdgpu]
[ 1121.099675]  [<ffffffffc0da9cab>] amdgpu_driver_load_kms+0x8b/0x2f0 [amdgpu]
[ 1121.106888]  [<ffffffffc01b25cf>] drm_dev_register+0x12f/0x1d0 [drm]
[ 1121.113419]  [<ffffffffa4dcdfd8>] ? pci_enable_device_flags+0xe8/0x140
[ 1121.120183]  [<ffffffffc0da260a>] amdgpu_pci_probe+0xca/0x170 [amdgpu]
[ 1121.126919]  [<ffffffffa4dcf97a>] local_pci_probe+0x4a/0xb0
[ 1121.132622]  [<ffffffffa4dd10c9>] pci_device_probe+0x109/0x160
[ 1121.138607]  [<ffffffffa4eb4205>] driver_probe_device+0xc5/0x3e0
[ 1121.144766]  [<ffffffffa4eb4603>] __driver_attach+0x93/0xa0
[ 1121.150507]  [<ffffffffa4eb4570>] ? __device_attach+0x50/0x50
[ 1121.156422]  [<ffffffffa4eb1da5>] bus_for_each_dev+0x75/0xc0
[ 1121.162213]  [<ffffffffa4eb3b7e>] driver_attach+0x1e/0x20
[ 1121.167771]  [<ffffffffa4eb3620>] bus_add_driver+0x200/0x2d0
[ 1121.173590]  [<ffffffffa4eb4c94>] driver_register+0x64/0xf0
[ 1121.179345]  [<ffffffffa4dd0905>] __pci_register_driver+0xa5/0xc0
[ 1121.185593]  [<ffffffffc099f000>] ? 0xffffffffc099efff
[ 1121.190914]  [<ffffffffc099f0a4>] amdgpu_init+0xa4/0xb0 [amdgpu]
[ 1121.197101]  [<ffffffffa4a0210a>] do_one_initcall+0xba/0x240
[ 1121.202901]  [<ffffffffa4b1c90a>] load_module+0x271a/0x2bb0
[ 1121.208598]  [<ffffffffa4dad740>] ? ddebug_proc_write+0x100/0x100
[ 1121.214894]  [<ffffffffa4b1ce8f>] SyS_init_module+0xef/0x140
[ 1121.220698]  [<ffffffffa518bede>] system_call_fastpath+0x25/0x2a
[ 1121.226870] Code: b4 01 60 a2 00 00 31 c0 e8 83 60 33 e4 41 8b 47 08 48 8b 4d d0 48 c7 c7 b3 af 10 c1 48 69 c0 68 07 00 00 48 8b 84 01 60 a2 00 00 <48> 8b 70 08 31 c0 48 89 75 c8 e8 56 60 33 e4 48 8b 4d d0 48 c7
[ 1121.247422] RIP  [<ffffffffc0e3c9b3>] psp_np_fw_load+0x1e3/0x390 [amdgpu]
[ 1121.254432]  RSP <ffff991ee625f950>
[ 1121.258017] CR2: 000000000000000a
[ 1121.261427] ---[ end trace e98b35387ede75bd ]---

Signed-off-by: Xiaojie Yuan <xiaojie.yuan@amd.com>
Fixes: c5fb912653 ("drm/amdgpu: add firmware header printing for psp fw loading (v2)")
Reviewed-by: Kevin Wang <kevin1.wang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2019-09-16 09:56:01 -05:00
..
accessibility
acpi drivers/acpi/scan.c: document why we don't need the device_hotplug_lock 2019-08-03 07:02:01 -07:00
amba Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
android binder: prevent transactions to context manager from its own process. 2019-07-24 11:02:28 +02:00
ata ata: libahci: do not complain in case of deferred probe 2019-07-31 08:51:17 -06:00
atm atm: idt77252: Remove call to memset after dma_alloc_coherent 2019-07-15 11:06:27 -07:00
auxdisplay It's been a relatively busy cycle for docs: 2019-07-09 12:34:26 -07:00
base Char/Misc driver fixes for 5.3-rc2 2019-07-28 10:26:10 -07:00
bcma
block nbd: replace kill_bdev() with __invalidate_device() again 2019-07-31 08:51:56 -06:00
bluetooth Bluetooth: hci_uart: check for missing tty operations 2019-07-31 13:17:33 -07:00
bus ARM: SoC-related driver updates 2019-07-19 17:13:56 -07:00
cdrom
char tpm: tpm_ibm_vtpm: Fix unallocated banks 2019-08-05 00:55:00 +03:00
clk clk: renesas: cpg-mssr: Fix reset control race condition 2019-07-22 15:04:54 -07:00
clocksource clocksource/drivers/npcm: Fix misuse of GENMASK macro 2019-07-10 11:05:26 +02:00
connector connector: remove redundant input callback from cn_dev 2019-07-21 13:31:14 -07:00
counter Staging / IIO driver update for 5.3-rc1 2019-07-11 15:36:02 -07:00
cpufreq cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init() 2019-07-23 09:49:10 +02:00
cpuidle Merge branch 'pm-cpufreq' 2019-07-18 09:49:30 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-07-19 12:23:37 -07:00
dax Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
dca
devfreq
dio
dma dmaengine updates for v5.3-rc1 2019-07-17 09:55:43 -07:00
dma-buf dmabuf: Mark up onstack timer for selftests 2019-08-20 13:49:15 +01:00
edac EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec 2019-06-27 10:24:47 -07:00
eisa
extcon
firewire firewire: mark expected switch fall-throughs 2019-07-25 20:09:37 -05:00
firmware Merge branch 'for-linus-5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/ibft 2019-07-26 09:43:43 -07:00
fpga fpga-manager: altera-ps-spi: Fix build error 2019-07-24 11:29:41 +02:00
fsi
gnss
gpio gpiolib: Preserve desc->flags when setting state 2019-07-29 00:57:39 +02:00
gpu drm/amdgpu: fix null pointer deref in firmware header printing 2019-09-16 09:56:01 -05:00
hid Linux 5.2 2019-07-15 09:42:32 -07:00
hsi
hv proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
hwmon hwmon: (nct6775) Fix register address and added missed tolerance for nct6106 2019-07-21 19:18:45 -07:00
hwspinlock hwspinlock: add the 'in_atomic' API 2019-06-29 21:08:14 -07:00
hwtracing coresight: Make the coresight_device_fwnode_match declaration's fwnode parameter const 2019-07-12 14:42:05 -07:00
i2c i2c: s3c2410: Mark expected switch fall-through 2019-08-01 22:24:16 +02:00
i3c * Drop support for 10-bit I2C addresses 2019-07-09 09:04:31 -07:00
ide It's been a relatively busy cycle for docs: 2019-07-09 12:34:26 -07:00
idle
iio Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
infiniband RDMA/hns: Fix error return code in hns_roce_v1_rsv_lp_qp() 2019-08-01 12:53:53 -04:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-07-20 12:22:30 -07:00
interconnect
iommu virtio, vhost: bugfixes 2019-07-29 11:34:12 -07:00
ipack TTY / Serial driver updates for 5.3-rc1 2019-07-11 15:38:21 -07:00
irqchip irqchip fixes for 5.3 2019-08-01 20:21:00 +02:00
isdn ISDN: hfcsusb: checking idx of ep configuration 2019-07-15 11:10:31 -07:00
leds LED updates for 5.3-rc1 2019-07-09 08:59:39 -07:00
lightnvm
macintosh drivers/macintosh/smu.c: Mark expected switch fall-through 2019-07-31 21:44:45 +10:00
mailbox - stm32: race fix by adding a spinlock 2019-07-14 16:36:51 -07:00
mcb
md dm table: fix various whitespace issues with recent DAX code 2019-07-30 18:59:24 -04:00
media media updates for v5.3-rc1 2019-07-22 09:01:47 -07:00
memory Kbuild updates for v5.3 (2nd) 2019-07-20 09:34:55 -07:00
memstick MMC core: 2019-07-11 18:11:21 -07:00
message SCSI misc on 20190709 2019-07-11 15:14:01 -07:00
mfd - Core Frameworks 2019-07-15 20:18:40 -07:00
misc at24 fixes for v5.3-rc3 2019-08-01 14:05:17 +02:00
mmc mmc: mmc_spi: Enable stable writes 2019-07-22 15:31:00 +02:00
mtd NAND: 2019-08-04 16:37:08 -07:00
mux
net Wimplicit-fallthrough patches for 5.3-rc2 2019-07-27 11:04:18 -07:00
nfc nfc: st-nci: remove redundant assignment to variable r 2019-07-02 12:00:50 -07:00
ntb New feature to add support for NTB virtual MSI interrupts, the ability 2019-07-21 09:46:59 -07:00
nubus
nvdimm libnvdimm fixes v5.3-rc2 2019-07-27 08:25:51 -07:00
nvme Revert "nvme-pci: don't create a read hctx mapping without read queues" 2019-07-23 17:47:02 +02:00
nvmem Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
of virtio, vhost: fixes, features, performance 2019-07-17 11:26:09 -07:00
opp pci-v5.3-changes 2019-07-15 20:44:49 -07:00
oprofile vfs: Convert oprofilefs to use the new mount API 2019-07-04 22:01:59 -04:00
parisc
parport It's been a relatively busy cycle for docs: 2019-07-09 12:34:26 -07:00
pci New feature to add support for NTB virtual MSI interrupts, the ability 2019-07-21 09:46:59 -07:00
pcmcia It's been a relatively busy cycle for docs: 2019-07-09 12:34:26 -07:00
perf drivers/perf: arm_pmu: Fix failure path in PM notifier 2019-07-29 11:43:48 +01:00
phy phy: for 5.3 2019-07-01 15:04:59 +02:00
pinctrl This is the bulk of pin control changes for the v5.3 kernel 2019-07-13 15:02:27 -07:00
platform platform/x86: pcengines-apuv2: use KEY_RESTART for front button 2019-07-29 18:24:59 +03:00
pnp docs: driver-api: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
power power supply and reset changes for the v5.3 series 2019-07-15 21:06:15 -07:00
powercap powercap: Invoke powercap_init() and rapl_init() earlier 2019-07-22 11:23:00 +02:00
pps drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl 2019-07-16 19:23:24 -07:00
ps3
ptp
pwm pwm: Changes for v5.3-rc1 2019-07-09 08:57:45 -07:00
rapidio Merge branch 'akpm' (patches from Andrew) 2019-07-17 08:58:04 -07:00
ras
regulator - Core Frameworks 2019-07-15 20:18:40 -07:00
remoteproc remoteproc updates for v5.3 2019-07-17 11:44:41 -07:00
reset ARM: SoC-related driver updates 2019-07-19 17:13:56 -07:00
rpmsg
rtc RTC for 5.3 2019-07-17 10:03:50 -07:00
s390 s390 updates for 5.3-rc3 2019-08-02 15:13:27 -07:00
sbus
scsi SCSI fixes on 20190802 2019-08-02 14:46:33 -07:00
sfi
sh
siox
slimbus
sn
soc Merge branch 'pdf_fixes_v1' of https://git.linuxtv.org/mchehab/experimental into mauro 2019-07-22 13:51:20 -06:00
soundwire soundwire updates for v5.3-rc1 2019-07-05 08:15:08 +02:00
spi Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
spmi
ssb
staging docs conversion for v5.3-rc1 2019-07-16 12:21:41 -07:00
target scsi: target: cxgbit: add support for IEEE_8021QAZ_APP_SEL_STREAM selector 2019-07-22 17:04:20 -04:00
tc
tee
thermal int340X/processor_thermal_device: Fix proc_thermal_rapl_remove() 2019-07-23 09:36:07 +02:00
thunderbolt Driver Core and debugfs changes for 5.3-rc1 2019-07-12 12:24:03 -07:00
tty TTY fixes for 5.3-rc2 2019-07-28 10:18:33 -07:00
uio
usb xhci: Fix crash if scatter gather is used with Immediate Data Transfer (IDT). 2019-07-25 11:26:42 +02:00
uwb
vfio VFIO updates for v5.3-rc1 2019-07-17 11:23:13 -07:00
vhost vhost: disable metadata prefetch optimization 2019-07-26 07:49:29 -04:00
video udlfb: Make dlfb_ops constant 2019-08-19 15:52:29 +02:00
virt
virtio Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
visorbus
vlynq
vme
w1 docs: driver-api: add a series of orphaned documents 2019-07-15 11:03:02 -03:00
watchdog watchdog: digicolor_wdt: Remove unused variable in dc_wdt_probe 2019-07-15 08:49:11 +02:00
xen xen: fixes for 5.3-rc3 2019-08-02 15:26:48 -07:00
zorro
Kconfig
Makefile