From nobody Fri Apr 21 07:58:11 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q2n2X094lz4644s; Fri, 21 Apr 2023 07:58:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q2n2W6Wz7z426m; Fri, 21 Apr 2023 07:58:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682063891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ulQsKuTzZHJWsw0FFohdpeBeENu+2zVoPYAerC3E3Lk=; b=UI+/ox/hyp7JIW+NIDqQCDHF6L8m4qRhPKnEhStlc19ycOjpCG0W7PzSNOspAUMokRuU7Y nULvTxTNovbIse55VveFx9SJRQXzx4JTr0sVA9CZzFgBx9PNy5MgUIGx+6a+MYsxZctgb7 YA3Eq3dPhm/tjbeckGAO6Gu4nZebVNaQFc1vVCQCUtmhNBFq9cKUQLzLUsy+OE4+/yBAlv qEB/Noxu4EQJtHR1FfD28lcMTpAmfqFEOXirJ5DrO34REOAJwNHXt0sEn76BGTt9ITG96r 8Qx/yaP1dAg2GBCtr6keQWdzY5lp7iScvXl6rerxCIlvmpPzxuem3xQtxChslw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1682063891; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ulQsKuTzZHJWsw0FFohdpeBeENu+2zVoPYAerC3E3Lk=; b=Ectq/sWVq8GBsbqsnTTQUyW/zdHKTsqz0g6UEoq4IG0pbeuhZFGKHHhA7Ys8Og6aZnsSvt wzXxFa5QwoaLmA5Ua0tsdtebnZ447LimZFBAem9KorEPWFbVkUgRFtl55C0gHqvsxH71/J Gaz1j/DXBWS8ELcPyK6ifNAm3AUFetf1TYLqEwqz7yFVv5TYGjt6SP2bYRoc6fRqb2J7bn OoHTZn1zblPTn8wjgHUSH2TC4QZAZIV0hHmVgwmjwJedLNfEAKGgSf748byHzpNviFUto4 jGGNaMjd+AYtZrJGsz/JA12B6uMTPPfOUXLJcgh5WOr7Y35r6aoY/NsdsaknKg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1682063891; a=rsa-sha256; cv=none; b=g4BA/C43EytYoKlrqUj02emFOTF2zX5Vt9vusOOKaV1rRzmFrRUxuq4DQQUrH4V/xQXDSF ZCHJiP+X5Hq36JvLl3CWha6hc8iviYuNTSs6KvM8kKhhBEonoi8uSycbaiayyDRDf5EXRX uo1m6uAFtxKwp7tRE/Pc7aJh1iL4RV6amV7P7QWFyJw0L+sKmfeeBs+nqc0d/3T12SYwu9 0IWb7VreYy90Or5+SETL12cvhQKpcJ5mTqGWMjrFSTSI4y5NW7EM729VqOe5qbJ6kL0aXD 4uofTrivduBOT0RVnAA7AA6hEQF3ci6icGBdNaQ+7on1XJZIecIXcKnP5c7xEA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q2n2W5VHxz1Bnx; Fri, 21 Apr 2023 07:58:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 33L7wBuQ094160; Fri, 21 Apr 2023 07:58:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 33L7wBLf094159; Fri, 21 Apr 2023 07:58:11 GMT (envelope-from git) Date: Fri, 21 Apr 2023 07:58:11 GMT Message-Id: <202304210758.33L7wBLf094159@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Emmanuel Vadot Subject: git: 3f686532c9b4 - main - linuxkpi: Fix __sg_alloc_table_from_pages loop List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: manu X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3f686532c9b4fd603d4ad2d3392232cff24188f4 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by manu: URL: https://cgit.FreeBSD.org/src/commit/?id=3f686532c9b4fd603d4ad2d3392232cff24188f4 commit 3f686532c9b4fd603d4ad2d3392232cff24188f4 Author: Austin Shafer AuthorDate: 2023-04-21 07:56:50 +0000 Commit: Emmanuel Vadot CommitDate: 2023-04-21 07:56:50 +0000 linuxkpi: Fix __sg_alloc_table_from_pages loop Commit 3e0856b63fe0e375a0951e05c2ef98bb2ebd9421 updated __sg_alloc_table_from_pages to use the same API as linux, but modified the loop condition when going over the pages in a sg list. Part of the change included moving the sg_next call out of the for loop and into the body, which causes an off by one error when traversing the list. Since sg_next is called before the loop body it will skip the first element and read one past the last element. This caused panics when running PRIME with nvidia-drm as the off-by-one issue causes a NULL dereference. Reviewed by: bz, hselasky Differential Revision: https://reviews.freebsd.org/D39628 Fixes: 3e0856b63fe0 ("linuxkpi: Fix `sg_alloc_table_from_pages()` to have the same API as Linux") --- sys/compat/linuxkpi/common/include/linux/scatterlist.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/compat/linuxkpi/common/include/linux/scatterlist.h b/sys/compat/linuxkpi/common/include/linux/scatterlist.h index fe4bce06819d..b448262f3497 100644 --- a/sys/compat/linuxkpi/common/include/linux/scatterlist.h +++ b/sys/compat/linuxkpi/common/include/linux/scatterlist.h @@ -383,8 +383,6 @@ __sg_alloc_table_from_pages(struct sg_table *sgt, unsigned long seg_size; unsigned int j; - s = sg_next(s); - len = 0; for (j = cur + 1; j < count; ++j) { len += PAGE_SIZE; @@ -398,6 +396,8 @@ __sg_alloc_table_from_pages(struct sg_table *sgt, size -= seg_size; off = 0; cur = j; + + s = sg_next(s); } KASSERT(s != NULL, ("s is NULL after loop in __sg_alloc_table_from_pages()"));