[3.13.y.z extended stable] Patch "drm/i915: Do not dereference pointers from ring buffer in evict event" has been added to staging queue
kamal at canonical.com
Thu May 1 19:17:19 UTC 2014
This is a note to let you know that I have just added a patch titled
drm/i915: Do not dereference pointers from ring buffer in evict event
to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree
which can be found at:
This patch is scheduled to be released in version 18.104.22.168.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 3.13.y.z tree, see
>From bbb0dde0bfaccfef69d190e7f661450f10827714 Mon Sep 17 00:00:00 2001
From: Steven Rostedt <rostedt at goodmis.org>
Date: Tue, 18 Mar 2014 11:27:37 -0400
Subject: drm/i915: Do not dereference pointers from ring buffer in evict event
commit 9297ebf29ad9118edd6c0fedc84f03e35028827d upstream.
The TP_printk() should never dereference any pointers, because the ring
buffer can be read at some unknown time in the future. If a device no
longer exists, it can cause a kernel oops. This also makes this
event useless when saving the ring buffer in userspaces tools such as
perf and trace-cmd.
The i915_gem_evict_vm dereferences the vm pointer which may also not
exist when the ring buffer is read sometime in the future.
Reported-by: Ramkumar Ramachandra <artagnon at gmail.com>
Fixes: bcccff847d1f "drm/i915: trace vm eviction instead of everything"
Signed-off-by: Steven Rostedt <rostedt at goodmis.org>
[danvet: Try to make it actually compile]
Signed-off-by: Daniel Vetter <daniel.vetter at ffwll.ch>
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
drivers/gpu/drm/i915/i915_trace.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/i915_trace.h b/drivers/gpu/drm/i915/i915_trace.h
index 6e580c9..783ae08 100644
@@ -238,14 +238,16 @@ TRACE_EVENT(i915_gem_evict_vm,
+ __field(u32, dev)
__field(struct i915_address_space *, vm)
+ __entry->dev = vm->dev->primary->index;
__entry->vm = vm;
- TP_printk("dev=%d, vm=%p", __entry->vm->dev->primary->index, __entry->vm)
+ TP_printk("dev=%d, vm=%p", __entry->dev, __entry->vm)
More information about the kernel-team