* [Bug 96306] New: BUG: KASAN: slab-out-of-bounds in OUT_RINGp (via nvc0_fbcon_imageblit)
@ 2016-06-01 11:44 bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ
[not found] ` <bug-96306-8800-V0hAGp6uBxMKqLRl/0Ahz6D7qz1kEfGD2LY78lusg7I@public.gmane.org/>
0 siblings, 1 reply; 2+ messages in thread
From: bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ @ 2016-06-01 11:44 UTC (permalink / raw)
To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
[-- Attachment #1.1: Type: text/plain, Size: 2213 bytes --]
https://bugs.freedesktop.org/show_bug.cgi?id=96306
Bug ID: 96306
Summary: BUG: KASAN: slab-out-of-bounds in OUT_RINGp (via
nvc0_fbcon_imageblit)
Product: xorg
Version: unspecified
Hardware: x86-64 (AMD64)
OS: Linux (All)
Status: NEW
Severity: normal
Priority: medium
Component: Driver/nouveau
Assignee: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org
Reporter: peter-VTkQYDcBqhK7DlmcbJSQ7g@public.gmane.org
QA Contact: xorg-team-go0+a7rfsptAfugRpC6u6w@public.gmane.org
Created attachment 124231
--> https://bugs.freedesktop.org/attachment.cgi?id=124231&action=edit
dmesg output for v4.7-rc1 containing the KASAN report
Previously reported by others to mailing lists (with no replies):
[4.4-rc1] nouveau: BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40
https://lists.freedesktop.org/archives/dri-devel/2015-November/095100.html
[3.10] BUG: drm, nouveau: slab-out-of-bounds read access in
nv50_fbcon_imageblit()
https://lists.freedesktop.org/archives/dri-devel/2016-May/108270.html
Hardware:
Optimus laptop with inteldrmfb being the primary framebuffer, an external
monitor is connected to DP-1 on the Nvidia card (GTX 965M, 10de:13d9).
Steps to reproduce the out-of-bounds issue in my environment:
0. Avoid continuously triggering the error: dmesg -D
1. modprobe nouveau runpm=0 (or be sure to wake the device before using
con2fbmap, there is a nasty (unrelated) deadlock in there due to recursive
console_lockup.)
2. con2fbmap 1 2 (bind console 2 to nouveaufb (1)). This invokes
ioctl(/dev/fb0, FBIOPUT_CON2FBMAP, (u32[2]){2, 1})).
3. If you are not there already, switch to tty2 on the nouveau display.
4. Press Enter until you are at the last line of the console (or past it, I
forgot).
5. Go to a different tty (e.g. the Intel one) and notice the KASAN report in
dmesg.
Attached is yet another log (looks similar to the other ones) for v4.7-rc1
(with two unrelated patchsets applied on top).
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #1.2: Type: text/html, Size: 3876 bytes --]
[-- Attachment #2: Type: text/plain, Size: 154 bytes --]
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug 96306] BUG: KASAN: slab-out-of-bounds in OUT_RINGp (via nvc0_fbcon_imageblit)
[not found] ` <bug-96306-8800-V0hAGp6uBxMKqLRl/0Ahz6D7qz1kEfGD2LY78lusg7I@public.gmane.org/>
@ 2016-07-07 21:59 ` bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ
0 siblings, 0 replies; 2+ messages in thread
From: bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ @ 2016-07-07 21:59 UTC (permalink / raw)
To: nouveau-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW
[-- Attachment #1.1: Type: text/plain, Size: 1110 bytes --]
https://bugs.freedesktop.org/show_bug.cgi?id=96306
Peter Wu <peter-VTkQYDcBqhK7DlmcbJSQ7g@public.gmane.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
CC| |peter-VTkQYDcBqhK7DlmcbJSQ7g@public.gmane.org
Status|NEW |RESOLVED
--- Comment #1 from Peter Wu <peter-VTkQYDcBqhK7DlmcbJSQ7g@public.gmane.org> ---
Fixed since v4.7-rc3 with:
commit f045f459d925138fe7d6193a8c86406bda7e49da
Author: Ben Skeggs <bskeggs-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Date: Thu Jun 2 12:23:31 2016 +1000
drm/nouveau/fbcon: fix out-of-bounds memory accesses
Reported by KASAN.
Signed-off-by: Ben Skeggs <bskeggs-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: stable-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Confirmed that is does no longer occur in v4.7-rc6-74-g076501f.
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #1.2: Type: text/html, Size: 2790 bytes --]
[-- Attachment #2: Type: text/plain, Size: 154 bytes --]
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-07-07 21:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-01 11:44 [Bug 96306] New: BUG: KASAN: slab-out-of-bounds in OUT_RINGp (via nvc0_fbcon_imageblit) bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ
[not found] ` <bug-96306-8800-V0hAGp6uBxMKqLRl/0Ahz6D7qz1kEfGD2LY78lusg7I@public.gmane.org/>
2016-07-07 21:59 ` [Bug 96306] " bugzilla-daemon-CC+yJ3UmIYqDUpFQwHEjaQ
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.