qiurui
/
linux-kernelorg-stable
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-kernelorg-stable/drivers
History
Shuicheng Lin 8e46130400 drm/xe: Limit num_syncs to prevent oversized allocations 
The exec and vm_bind ioctl allow userspace to specify an arbitrary
num_syncs value. Without bounds checking, a very large num_syncs
can force an excessively large allocation, leading to kernel warnings
from the page allocator as below.

Introduce DRM_XE_MAX_SYNCS (set to 1024) and reject any request
exceeding this limit.

"
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1217 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2f8/0x2180 mm/page_alloc.c:5124
...
Call Trace:
 <TASK>
 alloc_pages_mpol+0xe4/0x330 mm/mempolicy.c:2416
 ___kmalloc_large_node+0xd8/0x110 mm/slub.c:4317
 __kmalloc_large_node_noprof+0x18/0xe0 mm/slub.c:4348
 __do_kmalloc_node mm/slub.c:4364 [inline]
 __kmalloc_noprof+0x3d4/0x4b0 mm/slub.c:4388
 kmalloc_noprof include/linux/slab.h:909 [inline]
 kmalloc_array_noprof include/linux/slab.h:948 [inline]
 xe_exec_ioctl+0xa47/0x1e70 drivers/gpu/drm/xe/xe_exec.c:158
 drm_ioctl_kernel+0x1f1/0x3e0 drivers/gpu/drm/drm_ioctl.c:797
 drm_ioctl+0x5e7/0xc50 drivers/gpu/drm/drm_ioctl.c:894
 xe_drm_ioctl+0x10b/0x170 drivers/gpu/drm/xe/xe_device.c:224
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:598 [inline]
 __se_sys_ioctl fs/ioctl.c:584 [inline]
 __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:584
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xbb/0x380 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
...
"

v2: Add "Reported-by" and Cc stable kernels.
v3: Change XE_MAX_SYNCS from 64 to 1024. (Matt & Ashutosh)
v4: s/XE_MAX_SYNCS/DRM_XE_MAX_SYNCS/ (Matt)
v5: Do the check at the top of the exec func. (Matt)

Fixes: dd08ebf6c3 ("drm/xe: Introduce a new DRM driver for Intel GPUs")
Reported-by: Koen Koning <koen.koning@intel.com>
Reported-by: Peter Senna Tschudin <peter.senna@linux.intel.com>
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6450
Cc: <stable@vger.kernel.org> # v6.12+
Cc: Matthew Brost <matthew.brost@intel.com>
Cc: Michal Mrozek <michal.mrozek@intel.com>
Cc: Carl Zhang <carl.zhang@intel.com>
Cc: José Roberto de Souza <jose.souza@intel.com>
Cc: Lionel Landwerlin <lionel.g.landwerlin@intel.com>
Cc: Ivan Briano <ivan.briano@intel.com>
Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Cc: Ashutosh Dixit <ashutosh.dixit@intel.com>
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Reviewed-by: Matthew Brost <matthew.brost@intel.com>
Signed-off-by: Matthew Brost <matthew.brost@intel.com>
Link: https://patch.msgid.link/20251205234715.2476561-5-shuicheng.lin@intel.com
(cherry picked from commit b07bac9bd708ec468cd1b8a5fe70ae2ac9b0a11c)
Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
 		2025-12-18 18:10:34 +01:00
..
accel
accessibility
acpi platform-drivers-x86 for v6.19-1 2025-12-10 06:38:17 +09:00
amba soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
android Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
ata ata fix for 6.19-rc1 2025-12-05 20:41:20 -08:00
atm
auxdisplay
base More power management updates for 6.19-rc1 2025-12-10 06:29:40 +09:00
bcma
block We have a patch that adds an initial set of tracepoints to the MDS 2025-12-14 15:24:10 +12:00
bluetooth
bus Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
cache
cdrom
cdx
char Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
clk This pull request is entirely SoC clk drivers, not for lack of trying to modify 2025-12-08 09:38:52 +09:00
clocksource soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
comedi Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
connector
counter
cpufreq Driver core changes for 6.19-rc1 2025-12-05 21:29:02 -08:00
cpuidle soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
crypto tsm for 6.19 2025-12-06 10:15:41 -08:00
cxl soc: driver updates for 6.19, part 2 2025-12-05 17:47:59 -08:00
dax Significant patch series in this merge are as follows: 2025-12-05 13:52:43 -08:00
dca
devfreq
dibs
dio
dma dmaengine updates for v6.19 2025-12-09 06:35:53 +09:00
dma-buf VFIO updates for v6.19-rc1 2025-12-04 18:42:48 -08:00
dpll
edac bitmap updates for v6.19 2025-12-06 09:01:27 -08:00
eisa
extcon
firewire firewire updates for v6.19 2025-12-04 12:26:36 -08:00
firmware LoongArch changes for v6.19 2025-12-13 05:44:03 +12:00
fpga
fsi
fwctl
gnss
gpib
gpio gpio updates for v6.19-rc1 2025-12-13 16:36:57 +12:00
gpu drm/xe: Limit num_syncs to prevent oversized allocations 2025-12-18 18:10:34 +01:00
greybus
hid platform-drivers-x86 for v6.19-1 2025-12-10 06:38:17 +09:00
hsi
hte
hv hyperv-next for v6.19 2025-12-09 06:10:17 +09:00
hwmon hwmon fixes for v6.19-rc1 2025-12-09 08:46:10 +09:00
hwspinlock
hwtracing Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
i2c i2c-for-6.19-rc1 2025-12-10 07:48:05 +09:00
i3c i3c: adi: Fix confusing cleanup.h syntax 2025-12-12 23:59:39 +01:00
idle
iio Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
infiniband RDMA v6.19 merge window pull request 2025-12-04 18:54:37 -08:00
input Input updates for v6.19-rc0 2025-12-10 16:44:18 +09:00
interconnect
iommu tsm for 6.19 2025-12-06 10:15:41 -08:00
ipack
irqchip Misc fixes: 2025-12-14 06:07:09 +12:00
isdn
leds soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
macintosh soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
mailbox
mcb
md SCSI misc on 20251214 2025-12-14 15:35:35 +12:00
media Modules changes for v6.19-rc1 2025-12-06 08:27:07 -08:00
memory soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
memstick
message
mfd MFD for v6.19 2025-12-04 15:18:33 -08:00
misc SCSI misc on 20251214 2025-12-14 15:35:35 +12:00
mmc MMC core: 2025-12-04 14:10:16 -08:00
most
mtd This pull request contains the following changes for UBI and UBIFS: 2025-12-09 08:50:27 +09:00
mux
net I3C for 6.19 2025-12-08 11:25:14 +09:00
nfc
ntb
nubus
nvdimm NVDIMM changes for 6.19 2025-12-06 09:32:25 -08:00
nvme block-6.19-20251208 2025-12-09 08:53:24 +09:00
nvmem Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
of soundwire updates for 6.19 2025-12-13 16:26:55 +12:00
opp
parisc parisc architecture fixes and updates for kernel v6.19-rc1: 2025-12-06 16:24:52 -08:00
parport
pci pci-v6.19-fixes-1 2025-12-13 16:29:22 +12:00
pcmcia
peci Char/Misc/IIO driver updates for 6.19-rc1 2025-12-06 18:34:24 -08:00
perf arm64 updates for 6.19: 2025-12-02 17:03:55 -08:00
phy
pinctrl Pin control changes for the v6.19 kernel cycle: 2025-12-09 06:45:00 +09:00
platform platform-drivers-x86 for v6.19-1 2025-12-10 06:38:17 +09:00
pmdomain pmdomain core: 2025-12-04 13:50:39 -08:00
pnp
power soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
powercap Devicetree updates for v6.19: 2025-12-04 15:50:37 -08:00
pps printk changes for 6.19 2025-12-03 12:42:36 -08:00
ps3
ptp Networking changes for 6.19. 2025-12-03 17:24:33 -08:00
pwm pwm: th1520: Fix missing Kconfig dependencies 2025-12-13 16:41:50 +12:00
rapidio
ras EFI updates for v6.19: 2025-12-04 17:10:08 -08:00
regulator regulator: Fixes for v6.19 2025-12-11 09:54:59 +09:00
remoteproc
resctrl
reset This pull request is entirely SoC clk drivers, not for lack of trying to modify 2025-12-08 09:38:52 +09:00
rpmsg
rtc RTC for 6.19 2025-12-13 17:09:06 +12:00
s390 s390: Unmap early KASAN shadow on memory offlining 2025-12-07 16:15:19 +01:00
sbus
scsi SCSI misc on 20251214 2025-12-14 15:35:35 +12:00
sh
siox
slimbus Networking changes for 6.19. 2025-12-03 17:24:33 -08:00
soc bitmap updates for v6.19 2025-12-06 09:01:27 -08:00
soundwire soundwire: intel_ace2x: handle multi BPT sections 2025-12-08 12:37:27 +05:30
spi spi: Fixes for v6.19 2025-12-11 09:57:08 +09:00
spmi
ssb
staging Staging driver updates for 6.19-rc1 2025-12-06 18:52:00 -08:00
target SCSI misc on 20251214 2025-12-14 15:35:35 +12:00
tc
tee
thermal soc: driver updates for 6.19 2025-12-05 17:29:04 -08:00
thunderbolt USB/Thunderbolt changes for 6.19-rc1 2025-12-06 18:42:12 -08:00
tty TTY/Serial changes for 6.19-rc1 2025-12-06 18:38:19 -08:00
ufs scsi: ufs: qcom: Fix confusing cleanup.h syntax 2025-12-08 22:11:00 -05:00
uio
usb USB/Thunderbolt changes for 6.19-rc1 2025-12-06 18:42:12 -08:00
vdpa Significant patch series in this merge are as follows: 2025-12-05 13:52:43 -08:00
vfio drm next part 2 for 6.19-rc1 2025-12-04 19:42:53 -08:00
vhost virtio,vhost: fixes, cleanups 2025-12-04 18:59:21 -08:00
video fbdev fixes & enhancements for 6.19-rc1: 2025-12-06 15:41:26 -08:00
virt virt: Fix Kconfig warning when selecting TSM without VIRT_DRIVERS 2025-12-04 17:34:16 -08:00
virtio
w1
watchdog linux-watchdog 6.19-rc1 tag 2025-12-06 10:00:49 -08:00
xen xen: branch for v6.19-rc1 2025-12-06 10:49:19 -08:00
zorro
Kconfig Staging driver updates for 6.19-rc1 2025-12-06 18:52:00 -08:00
Makefile Staging driver updates for 6.19-rc1 2025-12-06 18:52:00 -08:00