--- /dev/null
+From e9aa6ddb773af66b68c1d1a24b8221d5932c1c01 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 15 Sep 2020 17:07:35 -0400
+Subject: drm/amdgpu: prevent double kfree ttm->sg
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Philip Yang <Philip.Yang@amd.com>
+
+[ Upstream commit 1d0e16ac1a9e800598dcfa5b6bc53b704a103390 ]
+
+Set ttm->sg to NULL after kfree, to avoid memory corruption backtrace:
+
+[ 420.932812] kernel BUG at
+/build/linux-do9eLF/linux-4.15.0/mm/slub.c:295!
+[ 420.934182] invalid opcode: 0000 [#1] SMP NOPTI
+[ 420.935445] Modules linked in: xt_conntrack ipt_MASQUERADE
+[ 420.951332] Hardware name: Dell Inc. PowerEdge R7525/0PYVT1, BIOS
+1.5.4 07/09/2020
+[ 420.952887] RIP: 0010:__slab_free+0x180/0x2d0
+[ 420.954419] RSP: 0018:ffffbe426291fa60 EFLAGS: 00010246
+[ 420.955963] RAX: ffff9e29263e9c30 RBX: ffff9e29263e9c30 RCX:
+000000018100004b
+[ 420.957512] RDX: ffff9e29263e9c30 RSI: fffff3d33e98fa40 RDI:
+ffff9e297e407a80
+[ 420.959055] RBP: ffffbe426291fb00 R08: 0000000000000001 R09:
+ffffffffc0d39ade
+[ 420.960587] R10: ffffbe426291fb20 R11: ffff9e49ffdd4000 R12:
+ffff9e297e407a80
+[ 420.962105] R13: fffff3d33e98fa40 R14: ffff9e29263e9c30 R15:
+ffff9e2954464fd8
+[ 420.963611] FS: 00007fa2ea097780(0000) GS:ffff9e297e840000(0000)
+knlGS:0000000000000000
+[ 420.965144] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 420.966663] CR2: 00007f16bfffefb8 CR3: 0000001ff0c62000 CR4:
+0000000000340ee0
+[ 420.968193] Call Trace:
+[ 420.969703] ? __page_cache_release+0x3c/0x220
+[ 420.971294] ? amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu]
+[ 420.972789] kfree+0x168/0x180
+[ 420.974353] ? amdgpu_ttm_tt_set_user_pages+0x64/0xc0 [amdgpu]
+[ 420.975850] ? kfree+0x168/0x180
+[ 420.977403] amdgpu_ttm_tt_unpopulate+0x5e/0x80 [amdgpu]
+[ 420.978888] ttm_tt_unpopulate.part.10+0x53/0x60 [amdttm]
+[ 420.980357] ttm_tt_destroy.part.11+0x4f/0x60 [amdttm]
+[ 420.981814] ttm_tt_destroy+0x13/0x20 [amdttm]
+[ 420.983273] ttm_bo_cleanup_memtype_use+0x36/0x80 [amdttm]
+[ 420.984725] ttm_bo_release+0x1c9/0x360 [amdttm]
+[ 420.986167] amdttm_bo_put+0x24/0x30 [amdttm]
+[ 420.987663] amdgpu_bo_unref+0x1e/0x30 [amdgpu]
+[ 420.989165] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x9ca/0xb10
+[amdgpu]
+[ 420.990666] kfd_ioctl_alloc_memory_of_gpu+0xef/0x2c0 [amdgpu]
+
+Signed-off-by: Philip Yang <Philip.Yang@amd.com>
+Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+index f15ded1ce9057..c6a1dfe79e809 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+@@ -967,6 +967,7 @@ static int amdgpu_ttm_tt_pin_userptr(struct ttm_tt *ttm)
+
+ release_sg:
+ kfree(ttm->sg);
++ ttm->sg = NULL;
+ return r;
+ }
+
+--
+2.25.1
+
--- /dev/null
+From 22ddaad0b01283d3b00425314777afcd6292dd78 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 27 Sep 2020 14:24:28 +0800
+Subject: iommu/vt-d: Fix lockdep splat in iommu_flush_dev_iotlb()
+
+From: Lu Baolu <baolu.lu@linux.intel.com>
+
+[ Upstream commit 1a3f2fd7fc4e8f24510830e265de2ffb8e3300d2 ]
+
+Lock(&iommu->lock) without disabling irq causes lockdep warnings.
+
+[ 12.703950] ========================================================
+[ 12.703962] WARNING: possible irq lock inversion dependency detected
+[ 12.703975] 5.9.0-rc6+ #659 Not tainted
+[ 12.703983] --------------------------------------------------------
+[ 12.703995] systemd-udevd/284 just changed the state of lock:
+[ 12.704007] ffffffffbd6ff4d8 (device_domain_lock){..-.}-{2:2}, at:
+ iommu_flush_dev_iotlb.part.57+0x2e/0x90
+[ 12.704031] but this lock took another, SOFTIRQ-unsafe lock in the past:
+[ 12.704043] (&iommu->lock){+.+.}-{2:2}
+[ 12.704045]
+
+ and interrupts could create inverse lock ordering between
+ them.
+
+[ 12.704073]
+ other info that might help us debug this:
+[ 12.704085] Possible interrupt unsafe locking scenario:
+
+[ 12.704097] CPU0 CPU1
+[ 12.704106] ---- ----
+[ 12.704115] lock(&iommu->lock);
+[ 12.704123] local_irq_disable();
+[ 12.704134] lock(device_domain_lock);
+[ 12.704146] lock(&iommu->lock);
+[ 12.704158] <Interrupt>
+[ 12.704164] lock(device_domain_lock);
+[ 12.704174]
+ *** DEADLOCK ***
+
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Link: https://lore.kernel.org/r/20200927062428.13713-1-baolu.lu@linux.intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iommu/intel-iommu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
+index 2ffec65df3889..1147626f0d253 100644
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -2560,14 +2560,14 @@ static struct dmar_domain *dmar_insert_one_dev_info(struct intel_iommu *iommu,
+ }
+
+ /* Setup the PASID entry for requests without PASID: */
+- spin_lock(&iommu->lock);
++ spin_lock_irqsave(&iommu->lock, flags);
+ if (hw_pass_through && domain_type_is_si(domain))
+ ret = intel_pasid_setup_pass_through(iommu, domain,
+ dev, PASID_RID2PASID);
+ else
+ ret = intel_pasid_setup_second_level(iommu, domain,
+ dev, PASID_RID2PASID);
+- spin_unlock(&iommu->lock);
++ spin_unlock_irqrestore(&iommu->lock, flags);
+ if (ret) {
+ dev_err(dev, "Setup RID2PASID failed\n");
+ dmar_remove_one_dev_info(dev);
+--
+2.25.1
+
team-set-dev-needed_headroom-in-team_setup_by_port.patch
net-team-fix-memory-leak-in-__team_options_register.patch
openvswitch-handle-dnat-tuple-collision.patch
+drm-amdgpu-prevent-double-kfree-ttm-sg.patch
+iommu-vt-d-fix-lockdep-splat-in-iommu_flush_dev_iotl.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
