summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Clark <robdclark@chromium.org>2023-10-24 10:08:05 -0700
committerRob Clark <robdclark@chromium.org>2023-11-20 18:35:26 -0800
commit6c15808d9b7640c3209d53cd2d8d56cfbf9f7175 (patch)
tree30fbd4cabfd1e147e4878dad704496c5fc5fb464
parentb2acb89af1a400be721bcb14f137aa22b509caba (diff)
downloadlinux-6c15808d9b7640c3209d53cd2d8d56cfbf9f7175.tar.gz
linux-6c15808d9b7640c3209d53cd2d8d56cfbf9f7175.tar.bz2
linux-6c15808d9b7640c3209d53cd2d8d56cfbf9f7175.zip
drm/msm/gem: Demote allocations to __GFP_NOWARN
For allocations with userspace controlled size, we should not warn on allocation failure. Fixes KASAN splat: WARNING: CPU: 6 PID: 29557 at mm/page_alloc.c:5398 __alloc_pages+0x160c/0x2204 Modules linked in: bridge stp llc hci_vhci tun veth xt_cgroup uinput xt_MASQUERADE rfcomm ip6table_nat fuse 8021q r8153_ecm cdc_ether usbnet r8152 mii venus_enc venus_dec uvcvideo algif_hash algif_skcipher af_alg qcom_spmi_adc_tm5 qcom_spmi_adc5 qcom_vadc_common qcom_spmi_temp_alarm cros_ec_typec typec hci_uart btqca qcom_stats snd_soc_sc7180 venus_core ath10k_snoc ath10k_core ath coresight_tmc coresight_replicator coresight_etm4x coresight_funnel snd_soc_lpass_sc7180 mac80211 coresight bluetooth ecdh_generic ecc cfg80211 cros_ec_sensorhub lzo_rle lzo_compress zram joydev CPU: 6 PID: 29557 Comm: syz-executor Not tainted 5.15.110-lockdep-19320-g89d010b0a9df #1 45bdd400697a78353f2927c116615abba810e5dd Hardware name: Google Kingoftown (DT) pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __alloc_pages+0x160c/0x2204 lr : __alloc_pages+0x58/0x2204 sp : ffffffc0214176c0 x29: ffffffc0214178a0 x28: ffffff801f7b4000 x27: 0000000000000000 x26: ffffff808a4fa000 x25: 1ffffff011290781 x24: ffffff808a59c000 x23: 0000000000000010 x22: ffffffc0080e6980 x21: 0000000000000010 x20: 0000000000000000 x19: 00000000080001f8 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000020000500 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000001 x11: 0000000000000000 x10: 1ffffff804282f06 x9 : 0000000000000000 x8 : ffffffc021417848 x7 : 0000000000000000 x6 : ffffffc0082ac788 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000010 x2 : 0000000000000008 x1 : 0000000000000000 x0 : ffffffc021417830 Call trace: __alloc_pages+0x160c/0x2204 kmalloc_order+0x50/0xf4 kmalloc_order_trace+0x38/0x18c __kmalloc+0x300/0x45c msm_ioctl_gem_submit+0x284/0x5988 drm_ioctl_kernel+0x270/0x418 drm_ioctl+0x5e0/0xbf8 __arm64_sys_ioctl+0x154/0x1d0 invoke_syscall+0x98/0x278 el0_svc_common+0x214/0x274 do_el0_svc+0x9c/0x19c el0_svc+0x5c/0xc0 el0t_64_sync_handler+0x78/0x108 el0t_64_sync+0x1a4/0x1a8 Signed-off-by: Rob Clark <robdclark@chromium.org> Patchwork: https://patchwork.freedesktop.org/patch/564191/
Diffstat
-rw-r--r--drivers/gpu/drm/msm/msm_gem_submit.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index 207b6ba1565d..30d72191cee6 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -43,7 +43,7 @@ static struct msm_gem_submit *submit_create(struct drm_device *dev,
if (sz > SIZE_MAX)
return ERR_PTR(-ENOMEM);
- submit = kzalloc(sz, GFP_KERNEL);
+ submit = kzalloc(sz, GFP_KERNEL | __GFP_NOWARN);
if (!submit)
return ERR_PTR(-ENOMEM);
@@ -234,7 +234,7 @@ static int submit_lookup_cmds(struct msm_gem_submit *submit,
ret = -ENOMEM;
goto out;
}
- submit->cmd[i].relocs = kmalloc(sz, GFP_KERNEL);
+ submit->cmd[i].relocs = kmalloc(sz, GFP_KERNEL | __GFP_NOWARN);
if (!submit->cmd[i].relocs) {
ret = -ENOMEM;
goto out;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-29 18:14:34 +0000