From b5e0a9418e09a7b6df1728a26832c7c34aa1adf8 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Fri, 1 Dec 2017 00:15:36 +0000 Subject: [PATCH] drm/i915: Set fake_vma.size as well as fake_vma.node.size for capture When capturing the bo, we allocate an error object with an array of min(vma->size, vma->node.size) pages, plus a bit for compression overhead. However, when creating the fake vma to describe the bo, only one of the sizes was filled in, resulting in a too small array. Through my and CI testing, this was sufficient for the mostly empty NULL context as it compressed well (or the out-of-bounds access simply didn't cause an issue). However, in real workloads on Cannonlake, we were overflowing that array and causing havoc with the random memory corruption. Reported-by: Rafael Antognolli Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=103964 Fixes: 4e90a6e22272 ("drm/i915: Record default HW state in the GPU error state") Signed-off-by: Chris Wilson Cc: Chris Wilson Cc: Mika Kuoppala Cc: Joonas Lahtinen Tested-by: Rodrigo Vivi Link: https://patchwork.freedesktop.org/patch/msgid/20171201001536.13941-1-chris@chris-wilson.co.uk Reviewed-by: Mika Kuoppala --- drivers/gpu/drm/i915/i915_gpu_error.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 876be8f1d930..48418fb81066 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1424,6 +1424,7 @@ capture_object(struct drm_i915_private *dev_priv, if (obj && i915_gem_object_has_pages(obj)) { struct i915_vma fake = { .node = { .start = U64_MAX, .size = obj->base.size }, + .size = obj->base.size, .pages = obj->mm.pages, .obj = obj, }; -- 2.11.0