drm/nouveau/mmu: ALIGN_DOWN correct variable

Closes: #895750
2018-04-15 20:30:15 +02:00 · 2018-04-15 20:30:15 +02:00 · 8e41f67460
parent 926704f2b9
commit 8e41f67460
3 changed files with 58 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -24,6 +24,9 @@ linux (4.15.11-2) UNRELEASED; urgency=medium
  [ Vagrant Cascadian ]
  * [armhf] Add patch to fix loading of imx6q-cpufreq module.

+  [ Salvatore Bonaccorso ]
+  * drm/nouveau/mmu: ALIGN_DOWN correct variable (Closes: #895750)
+
 -- Roger Shimizu <rogershimizu@gmail.com>  Fri, 23 Mar 2018 21:10:34 +0900

 linux (4.15.11-1) unstable; urgency=medium
--- a/debian/patches/bugfix/all/drm-nouveau-mmu-ALIGN_DOWN-correct-variable.patch
+++ b/debian/patches/bugfix/all/drm-nouveau-mmu-ALIGN_DOWN-correct-variable.patch
@ -0,0 +1,54 @@
+From: =?UTF-8?q?M=C4=81ris=20Narti=C5=A1s?= <maris.nartiss@gmail.com>
+Date: Fri, 16 Mar 2018 11:38:43 +1000
+Subject: drm/nouveau/mmu: ALIGN_DOWN correct variable
+Origin: https://git.kernel.org/linus/da5e45e619b3f101420c38b3006a9ae4f3ad19b0
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105174
+Bug-Debian: https://bugs.debian.org/895750
+
+Commit 7110c89bb8852ff8b0f88ce05b332b3fe22bd11e ("mmu: swap out round
+for ALIGN") replaced two calls to round/rounddown with ALIGN/ALIGN_DOWN,
+but erroneously applied ALIGN_DOWN to a different variable (addr) and left
+intended variable (tail) not rounded/ALIGNed.
+
+As a result screen corruption, X lockups are observable. An example of kernel
+log of affected system with NV98 card where it was bisected:
+
+nouveau 0000:01:00.0: gr: TRAP_M2MF 00000002 [IN]
+nouveau 0000:01:00.0: gr: TRAP_M2MF 00320951 400007c0 00000000 04000000
+nouveau 0000:01:00.0: gr: 00200000 [] ch 1 [000fbbe000 DRM] subc 4 class 5039
+mthd 0100 data 00000000
+nouveau 0000:01:00.0: fb: trapped read at 0040000000 on channel 1
+[0fbbe000 DRM]
+engine 00 [PGRAPH] client 03 [DISPATCH] subclient 04 [M2M_IN] reason 00000006
+[NULL_DMAOBJ]
+
+Fixes bug 105173 ("[MCP79][Regression] Unhandled NULL pointer dereference in
+nvkm_object_unmap since kernel 4.15")
+https://bugs.freedesktop.org/show_bug.cgi?id=105173
+
+Fixes: 7110c89bb885 ("mmu: swap out round for ALIGN ")
+Tested-by: Pierre Moreau <pierre.morrow@free.fr>
+Reviewed-by: Pierre Moreau <pierre.morrow@free.fr>
+Signed-off-by: Maris Nartiss <maris.nartiss@gmail.com>
+Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
+Cc: stable@vger.kernel.org # v4.15+
+---
+ drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
+index 93946dcee319..1c12e58f44c2 100644
+--- a/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
+@@ -1354,7 +1354,7 @@ nvkm_vmm_get_locked(struct nvkm_vmm *vmm, bool getref, bool mapref, bool sparse,
+ 
+ 		tail = this->addr + this->size;
+ 		if (vmm->func->page_block && next && next->page != p)
+-			tail = ALIGN_DOWN(addr, vmm->func->page_block);
+			tail = ALIGN_DOWN(tail, vmm->func->page_block);
+ 
+ 		if (addr <= tail && tail - addr >= size) {
+ 			rb_erase(&this->tree, &vmm->free);
+-- 
+2.17.0
+
--- a/debian/patches/series
+++ b/debian/patches/series
@ -79,6 +79,7 @@ bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
 bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
 bugfix/all/kbuild-include-addtree-remove-quotes-before-matching-path.patch
 debian/revert-objtool-fix-config_stack_validation-y-warning.patch
+bugfix/all/drm-nouveau-mmu-ALIGN_DOWN-correct-variable.patch

 # Miscellaneous features