1. 14 Aug, 2018 4 commits
    • Gustavo A. R. Silva's avatar
      drm/i915/kvmgt: Fix potential Spectre v1 · de5372da
      Gustavo A. R. Silva authored
      info.index can be indirectly controlled by user-space, hence leading
      to a potential exploitation of the Spectre variant 1 vulnerability.
      
      This issue was detected with the help of Smatch:
      
      drivers/gpu/drm/i915/gvt/kvmgt.c:1232 intel_vgpu_ioctl() warn:
      potential spectre issue 'vgpu->vdev.region' [r]
      
      Fix this by sanitizing info.index before indirectly using it to index
      vgpu->vdev.region
      
      Notice that given that speculation windows are large, the policy is
      to kill the speculation on the first load and not worry if it can be
      completed with a dependent load/store [1].
      
      [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      de5372da
    • Zhao Yan's avatar
      drm/i915/gvt: return error on cmd access · 8d458ea0
      Zhao Yan authored
      If a register is not cmd accessible, should not just print error
      message. Return error here so as not to deliver this cmd.
      
      v2: return -EBADRQC to align with return value elsewhere. (kevin tian)
      Signed-off-by: default avatarZhao Yan <yan.y.zhao@intel.com>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      8d458ea0
    • Hang Yuan's avatar
      drm/i915/gvt: initialize dmabuf mutex in vgpu_create · d6c6113b
      Hang Yuan authored
      Currently, the mutex used in GVT dmabuf support is not initialized until
      vgpu device is opened. If one vgpu device is opened and then removed, the
      mutex will be used in vgpu remove operation without initialization. This
      patch initializes the mutex in vgpu create operation to avoid the problem.
      
      Fixes: e546e281("drm/i915/gvt: Dmabuf support for GVT-g")
      Signed-off-by: default avatarHang Yuan <hang.yuan@linux.intel.com>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      d6c6113b
    • Hang Yuan's avatar
      drm/i915/gvt: fix cleanup sequence in intel_gvt_clean_device · 3fd34ac0
      Hang Yuan authored
      Create one vGPU and then unbind IGD device from i915 driver. The following
      oops will happen. This patch will free vgpu resource first and then gvt
      resource to remove these oops.
      
      BUG: unable to handle kernel NULL pointer dereference at       00000000000000a8
        PGD 80000003c9d2c067 P4D 80000003c9d2c067 PUD 3c817c067 P      MD 0
        Oops: 0002 [#1] SMP PTI
        RIP: 0010:down_write+0x1b/0x40
      Call Trace:
        debugfs_remove_recursive+0x46/0x1a0
        intel_gvt_debugfs_remove_vgpu+0x15/0x30 [i915]
        intel_gvt_destroy_vgpu+0x2d/0xf0 [i915]
        intel_vgpu_remove+0x2c/0x30 [kvmgt]
        mdev_device_remove_ops+0x23/0x50 [mdev]
        mdev_device_remove+0xdb/0x190 [mdev]
        mdev_device_remove+0x190/0x190 [mdev]
        device_for_each_child+0x47/0x90
        mdev_unregister_device+0xd5/0x120 [mdev]
        intel_gvt_clean_device+0x91/0x120 [i915]
        i915_driver_unload+0x9d/0x120 [i915]
        i915_pci_remove+0x15/0x20 [i915]
        pci_device_remove+0x3b/0xc0
        device_release_driver_internal+0x157/0x230
        unbind_store+0xfc/0x150
        kernfs_fop_write+0x10f/0x180
        __vfs_write+0x36/0x180
        ? common_file_perm+0x41/0x130
        ? _cond_resched+0x16/0x40
        vfs_write+0xb3/0x1a0
        ksys_write+0x52/0xc0
        do_syscall_64+0x55/0x100
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      BUG: unable to handle kernel NULL pointer dereference at 0      000000000000038
        PGD 8000000405bce067 P4D 8000000405bce067 PUD 405bcd067 PM      D 0
        Oops: 0000 [#1] SMP PTI
        RIP: 0010:hrtimer_active+0x5/0x40
      Call Trace:
        hrtimer_try_to_cancel+0x25/0x120
        ? tbs_sched_clean_vgpu+0x1f/0x50 [i915]
        hrtimer_cancel+0x15/0x20
        intel_gvt_destroy_vgpu+0x4c/0xf0 [i915]
        intel_vgpu_remove+0x2c/0x30 [kvmgt]
        mdev_device_remove_ops+0x23/0x50 [mdev]
        mdev_device_remove+0xdb/0x190 [mdev]
        ? mdev_device_remove+0x190/0x190 [mdev]
        device_for_each_child+0x47/0x90
        mdev_unregister_device+0xd5/0x120 [mdev]
        intel_gvt_clean_device+0x89/0x120 [i915]
        i915_driver_unload+0x9d/0x120 [i915]
        i915_pci_remove+0x15/0x20 [i915]
        pci_device_remove+0x3b/0xc0
        device_release_driver_internal+0x157/0x230
        unbind_store+0xfc/0x150
        kernfs_fop_write+0x10f/0x180
        __vfs_write+0x36/0x180
        ? common_file_perm+0x41/0x130
        ? _cond_resched+0x16/0x40
        vfs_write+0xb3/0x1a0
        ksys_write+0x52/0xc0
        do_syscall_64+0x55/0x100
        entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      Fixes: bc7b0be3("drm/i915/gvt: Add basic debugfs infrastructure")
      Fixes: afe04fbe("drm/i915/gvt: create an idle vGPU")
      Signed-off-by: default avatarHang Yuan <hang.yuan@linux.intel.com>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      3fd34ac0
  2. 13 Aug, 2018 1 commit
  3. 07 Aug, 2018 1 commit
  4. 06 Aug, 2018 5 commits
  5. 31 Jul, 2018 2 commits
  6. 30 Jul, 2018 27 commits