diff mbox

[PATCHv2] drm/vc4/vc4_bo.c: always set bo->resv

Message ID 14e68768-6c92-2d74-92fd-196dbc50d8f7@xs4all.nl (mailing list archive)
State New, archived
Headers show

Commit Message

Hans Verkuil June 7, 2017, 7:05 p.m. UTC
The bo->resv pointer could be NULL, leading to kernel oopses
like the one below.

This patch ensures that bo->resv is always set in vc4_create_object
ensuring that it is never NULL.

Thanks to Eric Anholt for pointing to the correct solution.

[   19.738487] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[   19.746805] pgd = ffff8000275fc000
[   19.750319] [00000000] *pgd=0000000000000000
[   19.754715] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[   19.760369] Modules linked in: smsc95xx usbnet vc4 drm_kms_helper drm pwm_bcm2835 i2c_bcm2835 bcm2835_rng rng_core bcm2835_dma virt_dma
[   19.772767] CPU: 0 PID: 1297 Comm: Xorg Not tainted 4.12.0-rc1-rpi3 #58
[   19.779476] Hardware name: Raspberry Pi 3 Model B (DT)
[   19.784688] task: ffff800028268000 task.stack: ffff800026c08000
[   19.790705] PC is at ww_mutex_lock_interruptible+0x14/0xc0
[   19.796329] LR is at vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
[   19.801892] pc : [<ffff0000088975f4>] lr : [<ffff0000009b3ea4>] pstate: a0000145
[   19.809391] sp : ffff800026c0bc30
[   19.812750] x29: ffff800026c0bc30 x28: 0000000000000000
[   19.818142] x27: ffff80003a385a00 x26: 0000000000000000
[   19.823534] x25: 00000000ffffffff x24: 0000000000000000
[   19.828925] x23: ffff800027510200 x22: ffff800026393800
[   19.834316] x21: ffff800027510270 x20: ffff800027510b00
[   19.839707] x19: ffff80003a00a418 x18: 0000000000000011
[   19.845099] x17: 0000000000000008 x16: 000000000000001d
[   19.850490] x15: 000000000000001b x14: 000000000000001c
[   19.855881] x13: 0000000000000000 x12: 0000000000000001
[   19.861272] x11: 000000000000001a x10: 0000000000000000
[   19.866662] x9 : 0000000000000000 x8 : ffff80003a385a00
[   19.872053] x7 : 0000000000000073 x6 : 0000000000000000
[   19.877445] x5 : 0000000000000001 x4 : 0000000000000019
[   19.882835] x3 : ffff800028268000 x2 : 0000000000000000
[   19.888226] x1 : ffff800026c0bce8 x0 : 0000000000000000
[   19.893621] Process Xorg (pid: 1297, stack limit = 0xffff800026c08000)
[   19.900244] Stack: (0xffff800026c0bc30 to 0xffff800026c0c000)
[   19.906073] bc20:                                   ffff800026c0bc60 ffff0000009b3ea4
[   19.914019] bc40: 0000000000000000 0000000000000000 ffff80002809fc00 00000000000015f5
[   19.921964] bc60: ffff800026c0bd00 ffff0000008f75f8 ffff0000009bdd80 00000000c0a06440
[   19.929910] bc80: 00000000000000a0 ffff800027a58600 0000ffffeb48d398 00000000000000a0
[   19.937856] bca0: ffff00000091ad58 0000000000000040 ffff800026393800 ffff800027510b00
[   19.945802] bcc0: ffff0000009bdd80 00000000c0a06440 ffff800027a58650 ffff800027c42684
[   19.953747] bce0: 0000ffffeb48d398 ffff800028268000 0000000000000001 0000aaaa00000000
[   19.961693] bd00: ffff800026c0be00 ffff00000821383c ffff800028abb8d8 ffff80003a31eb00
[   19.969638] bd20: 0000ffffeb48d398 ffff80003a31eb00 00000000c0a06440 0000ffffeb48d398
[   19.977585] bd40: 0000000000000124 000000000000001d ffff0000088b2000 ffff800028268000
[   19.985530] bd60: ffff800026c0bd80 00000000000000a0 ffff0000009b39a8 ffff800026c0bd80
[   19.993476] bd80: 00000000007f8000 000000000000000a ffff800026c0bda0 ffff000008097b58
[   20.001422] bda0: ffff800026c0be00 ffff0000080812cc ffff0000088bb308 0000000082000007
[   20.009366] bdc0: ffff0000088bb438 0000ffffa9b56178 ffff800026c0bec0 0000000000000020
[   20.017313] bde0: 0000000082000007 0000ffffa9b56178 0000000000000001 ffff800028268000
[   20.025258] be00: ffff800026c0be80 ffff000008213fe4 0000000000000000 0000800032374000
[   20.033204] be20: ffff80003a31eb00 0000000000000018 0000000080000000 ffff800026c0be30
[   20.041150] be40: ffff800026c0be80 ffff000008213fa8 0000000000000000 ffff80003a31eb00
[   20.049096] be60: ffff800026c0be70 ffff000008220300 ffff800026c0be80 ffff000008213f88
[   20.057042] be80: 0000000000000000 ffff000008082f30 0000000000000000 0000800032374000
[   20.064988] bea0: ffffffffffffffff 0000ffffaad04cdc 0000000040000000 0000000000000015
[   20.072933] bec0: 0000000000000018 00000000c0a06440 0000ffffeb48d398 0000000000000000
[   20.080879] bee0: 0000aaaae7550b00 0000000000000000 0000000000000040 0000aaaae7550910
[   20.088824] bf00: 000000000000001d 0000aaaae7550b50 0000000000000000 0000000000000000
[   20.096769] bf20: 0000000000000000 0000000000000000 0000000000000008 0000ffffeb48d1a8
[   20.104714] bf40: 0000ffffab0472a0 0000ffffaad04cd0 0000aaaae754a3a0 0000ffffaa21d000
[   20.112659] bf60: 0000ffffeb48d398 00000000c0a06440 0000000000000018 0000ffffaa21f000
[   20.120605] bf80: 0000aaaae754bd80 0000ffffeb48d498 0000aaaae751e8c0 0000aaaae6d346b0
[   20.128551] bfa0: 0000aaaae6d4f3f0 0000ffffeb48d310 0000ffffab02d884 0000ffffeb48d310
[   20.136496] bfc0: 0000ffffaad04cdc 0000000040000000 0000000000000018 000000000000001d
[   20.144441] bfe0: 0000000000000000 0000000000000000 1000006238744821 d61f00208b218841
[   20.152382] Call trace:
[   20.154863] Exception stack(0xffff800026c0ba50 to 0xffff800026c0bb80)
[   20.161397] ba40:                                   ffff80003a00a418 0001000000000000
[   20.169342] ba60: ffff800026c0bc30 ffff0000088975f4 00000000a0000145 0000000000000000
[   20.177287] ba80: 0000000000000000 0000000000000000 0000000000000009 0000000000000ba5
[   20.185232] baa0: ffff800027510b00 0000000000000000 ffff00000cd0e000 0000000000000073
[   20.193177] bac0: 0000000000000000 0000000000000000 0000000000000001 000000000000001a
[   20.201121] bae0: 0000000000000000 0000000000000000 000000000000001c 000000000000001b
[   20.209067] bb00: 0000000000000000 ffff800026c0bce8 0000000000000000 ffff800028268000
[   20.217012] bb20: 0000000000000019 0000000000000001 0000000000000000 0000000000000073
[   20.224957] bb40: ffff80003a385a00 0000000000000000 0000000000000000 000000000000001a
[   20.232901] bb60: 0000000000000001 0000000000000000 000000000000001c 000000000000001b
[   20.240855] [<ffff0000088975f4>] ww_mutex_lock_interruptible+0x14/0xc0
[   20.247528] [<ffff0000009b3ea4>] vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
[   20.254372] [<ffff0000008f75f8>] drm_ioctl+0x180/0x438 [drm]
[   20.260120] [<ffff00000821383c>] do_vfs_ioctl+0xa4/0x7d0
[   20.265510] [<ffff000008213fe4>] SyS_ioctl+0x7c/0x98
[   20.270550] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
[   20.275941] Code: d2800002 d5384103 910003fd f9800011 (c85ffc04)
[   20.282527] ---[ end trace 1f6bd640ff32ae12 ]---

Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
---
 drivers/gpu/drm/vc4/vc4_bo.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

Comments

Eric Anholt June 7, 2017, 9:22 p.m. UTC | #1
Hans Verkuil <hverkuil@xs4all.nl> writes:

> The bo->resv pointer could be NULL, leading to kernel oopses
> like the one below.
>
> This patch ensures that bo->resv is always set in vc4_create_object
> ensuring that it is never NULL.
>
> Thanks to Eric Anholt for pointing to the correct solution.
>
> [   19.738487] Unable to handle kernel NULL pointer dereference at virtual address 00000000
> [   19.746805] pgd = ffff8000275fc000
> [   19.750319] [00000000] *pgd=0000000000000000
> [   19.754715] Internal error: Oops: 96000004 [#1] PREEMPT SMP
> [   19.760369] Modules linked in: smsc95xx usbnet vc4 drm_kms_helper drm pwm_bcm2835 i2c_bcm2835 bcm2835_rng rng_core bcm2835_dma virt_dma
> [   19.772767] CPU: 0 PID: 1297 Comm: Xorg Not tainted 4.12.0-rc1-rpi3 #58
> [   19.779476] Hardware name: Raspberry Pi 3 Model B (DT)
> [   19.784688] task: ffff800028268000 task.stack: ffff800026c08000
> [   19.790705] PC is at ww_mutex_lock_interruptible+0x14/0xc0
> [   19.796329] LR is at vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
> [   19.801892] pc : [<ffff0000088975f4>] lr : [<ffff0000009b3ea4>] pstate: a0000145
> [   19.809391] sp : ffff800026c0bc30
> [   19.812750] x29: ffff800026c0bc30 x28: 0000000000000000
> [   19.818142] x27: ffff80003a385a00 x26: 0000000000000000
> [   19.823534] x25: 00000000ffffffff x24: 0000000000000000
> [   19.828925] x23: ffff800027510200 x22: ffff800026393800
> [   19.834316] x21: ffff800027510270 x20: ffff800027510b00
> [   19.839707] x19: ffff80003a00a418 x18: 0000000000000011
> [   19.845099] x17: 0000000000000008 x16: 000000000000001d
> [   19.850490] x15: 000000000000001b x14: 000000000000001c
> [   19.855881] x13: 0000000000000000 x12: 0000000000000001
> [   19.861272] x11: 000000000000001a x10: 0000000000000000
> [   19.866662] x9 : 0000000000000000 x8 : ffff80003a385a00
> [   19.872053] x7 : 0000000000000073 x6 : 0000000000000000
> [   19.877445] x5 : 0000000000000001 x4 : 0000000000000019
> [   19.882835] x3 : ffff800028268000 x2 : 0000000000000000
> [   19.888226] x1 : ffff800026c0bce8 x0 : 0000000000000000
> [   19.893621] Process Xorg (pid: 1297, stack limit = 0xffff800026c08000)
> [   19.900244] Stack: (0xffff800026c0bc30 to 0xffff800026c0c000)
> [   19.906073] bc20:                                   ffff800026c0bc60 ffff0000009b3ea4
> [   19.914019] bc40: 0000000000000000 0000000000000000 ffff80002809fc00 00000000000015f5
> [   19.921964] bc60: ffff800026c0bd00 ffff0000008f75f8 ffff0000009bdd80 00000000c0a06440
> [   19.929910] bc80: 00000000000000a0 ffff800027a58600 0000ffffeb48d398 00000000000000a0
> [   19.937856] bca0: ffff00000091ad58 0000000000000040 ffff800026393800 ffff800027510b00
> [   19.945802] bcc0: ffff0000009bdd80 00000000c0a06440 ffff800027a58650 ffff800027c42684
> [   19.953747] bce0: 0000ffffeb48d398 ffff800028268000 0000000000000001 0000aaaa00000000
> [   19.961693] bd00: ffff800026c0be00 ffff00000821383c ffff800028abb8d8 ffff80003a31eb00
> [   19.969638] bd20: 0000ffffeb48d398 ffff80003a31eb00 00000000c0a06440 0000ffffeb48d398
> [   19.977585] bd40: 0000000000000124 000000000000001d ffff0000088b2000 ffff800028268000
> [   19.985530] bd60: ffff800026c0bd80 00000000000000a0 ffff0000009b39a8 ffff800026c0bd80
> [   19.993476] bd80: 00000000007f8000 000000000000000a ffff800026c0bda0 ffff000008097b58
> [   20.001422] bda0: ffff800026c0be00 ffff0000080812cc ffff0000088bb308 0000000082000007
> [   20.009366] bdc0: ffff0000088bb438 0000ffffa9b56178 ffff800026c0bec0 0000000000000020
> [   20.017313] bde0: 0000000082000007 0000ffffa9b56178 0000000000000001 ffff800028268000
> [   20.025258] be00: ffff800026c0be80 ffff000008213fe4 0000000000000000 0000800032374000
> [   20.033204] be20: ffff80003a31eb00 0000000000000018 0000000080000000 ffff800026c0be30
> [   20.041150] be40: ffff800026c0be80 ffff000008213fa8 0000000000000000 ffff80003a31eb00
> [   20.049096] be60: ffff800026c0be70 ffff000008220300 ffff800026c0be80 ffff000008213f88
> [   20.057042] be80: 0000000000000000 ffff000008082f30 0000000000000000 0000800032374000
> [   20.064988] bea0: ffffffffffffffff 0000ffffaad04cdc 0000000040000000 0000000000000015
> [   20.072933] bec0: 0000000000000018 00000000c0a06440 0000ffffeb48d398 0000000000000000
> [   20.080879] bee0: 0000aaaae7550b00 0000000000000000 0000000000000040 0000aaaae7550910
> [   20.088824] bf00: 000000000000001d 0000aaaae7550b50 0000000000000000 0000000000000000
> [   20.096769] bf20: 0000000000000000 0000000000000000 0000000000000008 0000ffffeb48d1a8
> [   20.104714] bf40: 0000ffffab0472a0 0000ffffaad04cd0 0000aaaae754a3a0 0000ffffaa21d000
> [   20.112659] bf60: 0000ffffeb48d398 00000000c0a06440 0000000000000018 0000ffffaa21f000
> [   20.120605] bf80: 0000aaaae754bd80 0000ffffeb48d498 0000aaaae751e8c0 0000aaaae6d346b0
> [   20.128551] bfa0: 0000aaaae6d4f3f0 0000ffffeb48d310 0000ffffab02d884 0000ffffeb48d310
> [   20.136496] bfc0: 0000ffffaad04cdc 0000000040000000 0000000000000018 000000000000001d
> [   20.144441] bfe0: 0000000000000000 0000000000000000 1000006238744821 d61f00208b218841
> [   20.152382] Call trace:
> [   20.154863] Exception stack(0xffff800026c0ba50 to 0xffff800026c0bb80)
> [   20.161397] ba40:                                   ffff80003a00a418 0001000000000000
> [   20.169342] ba60: ffff800026c0bc30 ffff0000088975f4 00000000a0000145 0000000000000000
> [   20.177287] ba80: 0000000000000000 0000000000000000 0000000000000009 0000000000000ba5
> [   20.185232] baa0: ffff800027510b00 0000000000000000 ffff00000cd0e000 0000000000000073
> [   20.193177] bac0: 0000000000000000 0000000000000000 0000000000000001 000000000000001a
> [   20.201121] bae0: 0000000000000000 0000000000000000 000000000000001c 000000000000001b
> [   20.209067] bb00: 0000000000000000 ffff800026c0bce8 0000000000000000 ffff800028268000
> [   20.217012] bb20: 0000000000000019 0000000000000001 0000000000000000 0000000000000073
> [   20.224957] bb40: ffff80003a385a00 0000000000000000 0000000000000000 000000000000001a
> [   20.232901] bb60: 0000000000000001 0000000000000000 000000000000001c 000000000000001b
> [   20.240855] [<ffff0000088975f4>] ww_mutex_lock_interruptible+0x14/0xc0
> [   20.247528] [<ffff0000009b3ea4>] vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
> [   20.254372] [<ffff0000008f75f8>] drm_ioctl+0x180/0x438 [drm]
> [   20.260120] [<ffff00000821383c>] do_vfs_ioctl+0xa4/0x7d0
> [   20.265510] [<ffff000008213fe4>] SyS_ioctl+0x7c/0x98
> [   20.270550] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
> [   20.275941] Code: d2800002 d5384103 910003fd f9800011 (c85ffc04)
> [   20.282527] ---[ end trace 1f6bd640ff32ae12 ]---
>
> Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>

That's a lot of commit message.  Mind if I trim between LR and the
ww_mutex_lock_interruptible?  It gets my r-b either way, though.
Hans Verkuil June 7, 2017, 9:44 p.m. UTC | #2
On 07/06/17 23:22, Eric Anholt wrote:
> Hans Verkuil <hverkuil@xs4all.nl> writes:
> 
>> The bo->resv pointer could be NULL, leading to kernel oopses
>> like the one below.
>>
>> This patch ensures that bo->resv is always set in vc4_create_object
>> ensuring that it is never NULL.
>>
>> Thanks to Eric Anholt for pointing to the correct solution.
>>
>> [   19.738487] Unable to handle kernel NULL pointer dereference at virtual address 00000000
>> [   19.746805] pgd = ffff8000275fc000
>> [   19.750319] [00000000] *pgd=0000000000000000
>> [   19.754715] Internal error: Oops: 96000004 [#1] PREEMPT SMP
>> [   19.760369] Modules linked in: smsc95xx usbnet vc4 drm_kms_helper drm pwm_bcm2835 i2c_bcm2835 bcm2835_rng rng_core bcm2835_dma virt_dma
>> [   19.772767] CPU: 0 PID: 1297 Comm: Xorg Not tainted 4.12.0-rc1-rpi3 #58
>> [   19.779476] Hardware name: Raspberry Pi 3 Model B (DT)
>> [   19.784688] task: ffff800028268000 task.stack: ffff800026c08000
>> [   19.790705] PC is at ww_mutex_lock_interruptible+0x14/0xc0
>> [   19.796329] LR is at vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
>> [   19.801892] pc : [<ffff0000088975f4>] lr : [<ffff0000009b3ea4>] pstate: a0000145
>> [   19.809391] sp : ffff800026c0bc30
>> [   19.812750] x29: ffff800026c0bc30 x28: 0000000000000000
>> [   19.818142] x27: ffff80003a385a00 x26: 0000000000000000
>> [   19.823534] x25: 00000000ffffffff x24: 0000000000000000
>> [   19.828925] x23: ffff800027510200 x22: ffff800026393800
>> [   19.834316] x21: ffff800027510270 x20: ffff800027510b00
>> [   19.839707] x19: ffff80003a00a418 x18: 0000000000000011
>> [   19.845099] x17: 0000000000000008 x16: 000000000000001d
>> [   19.850490] x15: 000000000000001b x14: 000000000000001c
>> [   19.855881] x13: 0000000000000000 x12: 0000000000000001
>> [   19.861272] x11: 000000000000001a x10: 0000000000000000
>> [   19.866662] x9 : 0000000000000000 x8 : ffff80003a385a00
>> [   19.872053] x7 : 0000000000000073 x6 : 0000000000000000
>> [   19.877445] x5 : 0000000000000001 x4 : 0000000000000019
>> [   19.882835] x3 : ffff800028268000 x2 : 0000000000000000
>> [   19.888226] x1 : ffff800026c0bce8 x0 : 0000000000000000
>> [   19.893621] Process Xorg (pid: 1297, stack limit = 0xffff800026c08000)
>> [   19.900244] Stack: (0xffff800026c0bc30 to 0xffff800026c0c000)
>> [   19.906073] bc20:                                   ffff800026c0bc60 ffff0000009b3ea4
>> [   19.914019] bc40: 0000000000000000 0000000000000000 ffff80002809fc00 00000000000015f5
>> [   19.921964] bc60: ffff800026c0bd00 ffff0000008f75f8 ffff0000009bdd80 00000000c0a06440
>> [   19.929910] bc80: 00000000000000a0 ffff800027a58600 0000ffffeb48d398 00000000000000a0
>> [   19.937856] bca0: ffff00000091ad58 0000000000000040 ffff800026393800 ffff800027510b00
>> [   19.945802] bcc0: ffff0000009bdd80 00000000c0a06440 ffff800027a58650 ffff800027c42684
>> [   19.953747] bce0: 0000ffffeb48d398 ffff800028268000 0000000000000001 0000aaaa00000000
>> [   19.961693] bd00: ffff800026c0be00 ffff00000821383c ffff800028abb8d8 ffff80003a31eb00
>> [   19.969638] bd20: 0000ffffeb48d398 ffff80003a31eb00 00000000c0a06440 0000ffffeb48d398
>> [   19.977585] bd40: 0000000000000124 000000000000001d ffff0000088b2000 ffff800028268000
>> [   19.985530] bd60: ffff800026c0bd80 00000000000000a0 ffff0000009b39a8 ffff800026c0bd80
>> [   19.993476] bd80: 00000000007f8000 000000000000000a ffff800026c0bda0 ffff000008097b58
>> [   20.001422] bda0: ffff800026c0be00 ffff0000080812cc ffff0000088bb308 0000000082000007
>> [   20.009366] bdc0: ffff0000088bb438 0000ffffa9b56178 ffff800026c0bec0 0000000000000020
>> [   20.017313] bde0: 0000000082000007 0000ffffa9b56178 0000000000000001 ffff800028268000
>> [   20.025258] be00: ffff800026c0be80 ffff000008213fe4 0000000000000000 0000800032374000
>> [   20.033204] be20: ffff80003a31eb00 0000000000000018 0000000080000000 ffff800026c0be30
>> [   20.041150] be40: ffff800026c0be80 ffff000008213fa8 0000000000000000 ffff80003a31eb00
>> [   20.049096] be60: ffff800026c0be70 ffff000008220300 ffff800026c0be80 ffff000008213f88
>> [   20.057042] be80: 0000000000000000 ffff000008082f30 0000000000000000 0000800032374000
>> [   20.064988] bea0: ffffffffffffffff 0000ffffaad04cdc 0000000040000000 0000000000000015
>> [   20.072933] bec0: 0000000000000018 00000000c0a06440 0000ffffeb48d398 0000000000000000
>> [   20.080879] bee0: 0000aaaae7550b00 0000000000000000 0000000000000040 0000aaaae7550910
>> [   20.088824] bf00: 000000000000001d 0000aaaae7550b50 0000000000000000 0000000000000000
>> [   20.096769] bf20: 0000000000000000 0000000000000000 0000000000000008 0000ffffeb48d1a8
>> [   20.104714] bf40: 0000ffffab0472a0 0000ffffaad04cd0 0000aaaae754a3a0 0000ffffaa21d000
>> [   20.112659] bf60: 0000ffffeb48d398 00000000c0a06440 0000000000000018 0000ffffaa21f000
>> [   20.120605] bf80: 0000aaaae754bd80 0000ffffeb48d498 0000aaaae751e8c0 0000aaaae6d346b0
>> [   20.128551] bfa0: 0000aaaae6d4f3f0 0000ffffeb48d310 0000ffffab02d884 0000ffffeb48d310
>> [   20.136496] bfc0: 0000ffffaad04cdc 0000000040000000 0000000000000018 000000000000001d
>> [   20.144441] bfe0: 0000000000000000 0000000000000000 1000006238744821 d61f00208b218841
>> [   20.152382] Call trace:
>> [   20.154863] Exception stack(0xffff800026c0ba50 to 0xffff800026c0bb80)
>> [   20.161397] ba40:                                   ffff80003a00a418 0001000000000000
>> [   20.169342] ba60: ffff800026c0bc30 ffff0000088975f4 00000000a0000145 0000000000000000
>> [   20.177287] ba80: 0000000000000000 0000000000000000 0000000000000009 0000000000000ba5
>> [   20.185232] baa0: ffff800027510b00 0000000000000000 ffff00000cd0e000 0000000000000073
>> [   20.193177] bac0: 0000000000000000 0000000000000000 0000000000000001 000000000000001a
>> [   20.201121] bae0: 0000000000000000 0000000000000000 000000000000001c 000000000000001b
>> [   20.209067] bb00: 0000000000000000 ffff800026c0bce8 0000000000000000 ffff800028268000
>> [   20.217012] bb20: 0000000000000019 0000000000000001 0000000000000000 0000000000000073
>> [   20.224957] bb40: ffff80003a385a00 0000000000000000 0000000000000000 000000000000001a
>> [   20.232901] bb60: 0000000000000001 0000000000000000 000000000000001c 000000000000001b
>> [   20.240855] [<ffff0000088975f4>] ww_mutex_lock_interruptible+0x14/0xc0
>> [   20.247528] [<ffff0000009b3ea4>] vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
>> [   20.254372] [<ffff0000008f75f8>] drm_ioctl+0x180/0x438 [drm]
>> [   20.260120] [<ffff00000821383c>] do_vfs_ioctl+0xa4/0x7d0
>> [   20.265510] [<ffff000008213fe4>] SyS_ioctl+0x7c/0x98
>> [   20.270550] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
>> [   20.275941] Code: d2800002 d5384103 910003fd f9800011 (c85ffc04)
>> [   20.282527] ---[ end trace 1f6bd640ff32ae12 ]---
>>
>> Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
> 
> That's a lot of commit message.  Mind if I trim between LR and the
> ww_mutex_lock_interruptible?  It gets my r-b either way, though.
> 

Sure, no problem. It's a bit overkill, I agree.

Regards,

	Hans
Eric Anholt June 12, 2017, 11:52 p.m. UTC | #3
Hans Verkuil <hverkuil@xs4all.nl> writes:

> On 07/06/17 23:22, Eric Anholt wrote:
>> Hans Verkuil <hverkuil@xs4all.nl> writes:
>> 
>>> The bo->resv pointer could be NULL, leading to kernel oopses
>>> like the one below.
>>>
>>> This patch ensures that bo->resv is always set in vc4_create_object
>>> ensuring that it is never NULL.
>>>
>>> Thanks to Eric Anholt for pointing to the correct solution.
>>>
>>> [   19.738487] Unable to handle kernel NULL pointer dereference at virtual address 00000000
>>> [   19.746805] pgd = ffff8000275fc000
>>> [   19.750319] [00000000] *pgd=0000000000000000
>>> [   19.754715] Internal error: Oops: 96000004 [#1] PREEMPT SMP
>>> [   19.760369] Modules linked in: smsc95xx usbnet vc4 drm_kms_helper drm pwm_bcm2835 i2c_bcm2835 bcm2835_rng rng_core bcm2835_dma virt_dma
>>> [   19.772767] CPU: 0 PID: 1297 Comm: Xorg Not tainted 4.12.0-rc1-rpi3 #58
>>> [   19.779476] Hardware name: Raspberry Pi 3 Model B (DT)
>>> [   19.784688] task: ffff800028268000 task.stack: ffff800026c08000
>>> [   19.790705] PC is at ww_mutex_lock_interruptible+0x14/0xc0
>>> [   19.796329] LR is at vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
>>> [   19.801892] pc : [<ffff0000088975f4>] lr : [<ffff0000009b3ea4>] pstate: a0000145
>>> [   19.809391] sp : ffff800026c0bc30
>>> [   19.812750] x29: ffff800026c0bc30 x28: 0000000000000000
>>> [   19.818142] x27: ffff80003a385a00 x26: 0000000000000000
>>> [   19.823534] x25: 00000000ffffffff x24: 0000000000000000
>>> [   19.828925] x23: ffff800027510200 x22: ffff800026393800
>>> [   19.834316] x21: ffff800027510270 x20: ffff800027510b00
>>> [   19.839707] x19: ffff80003a00a418 x18: 0000000000000011
>>> [   19.845099] x17: 0000000000000008 x16: 000000000000001d
>>> [   19.850490] x15: 000000000000001b x14: 000000000000001c
>>> [   19.855881] x13: 0000000000000000 x12: 0000000000000001
>>> [   19.861272] x11: 000000000000001a x10: 0000000000000000
>>> [   19.866662] x9 : 0000000000000000 x8 : ffff80003a385a00
>>> [   19.872053] x7 : 0000000000000073 x6 : 0000000000000000
>>> [   19.877445] x5 : 0000000000000001 x4 : 0000000000000019
>>> [   19.882835] x3 : ffff800028268000 x2 : 0000000000000000
>>> [   19.888226] x1 : ffff800026c0bce8 x0 : 0000000000000000
>>> [   19.893621] Process Xorg (pid: 1297, stack limit = 0xffff800026c08000)
>>> [   19.900244] Stack: (0xffff800026c0bc30 to 0xffff800026c0c000)
>>> [   19.906073] bc20:                                   ffff800026c0bc60 ffff0000009b3ea4
>>> [   19.914019] bc40: 0000000000000000 0000000000000000 ffff80002809fc00 00000000000015f5
>>> [   19.921964] bc60: ffff800026c0bd00 ffff0000008f75f8 ffff0000009bdd80 00000000c0a06440
>>> [   19.929910] bc80: 00000000000000a0 ffff800027a58600 0000ffffeb48d398 00000000000000a0
>>> [   19.937856] bca0: ffff00000091ad58 0000000000000040 ffff800026393800 ffff800027510b00
>>> [   19.945802] bcc0: ffff0000009bdd80 00000000c0a06440 ffff800027a58650 ffff800027c42684
>>> [   19.953747] bce0: 0000ffffeb48d398 ffff800028268000 0000000000000001 0000aaaa00000000
>>> [   19.961693] bd00: ffff800026c0be00 ffff00000821383c ffff800028abb8d8 ffff80003a31eb00
>>> [   19.969638] bd20: 0000ffffeb48d398 ffff80003a31eb00 00000000c0a06440 0000ffffeb48d398
>>> [   19.977585] bd40: 0000000000000124 000000000000001d ffff0000088b2000 ffff800028268000
>>> [   19.985530] bd60: ffff800026c0bd80 00000000000000a0 ffff0000009b39a8 ffff800026c0bd80
>>> [   19.993476] bd80: 00000000007f8000 000000000000000a ffff800026c0bda0 ffff000008097b58
>>> [   20.001422] bda0: ffff800026c0be00 ffff0000080812cc ffff0000088bb308 0000000082000007
>>> [   20.009366] bdc0: ffff0000088bb438 0000ffffa9b56178 ffff800026c0bec0 0000000000000020
>>> [   20.017313] bde0: 0000000082000007 0000ffffa9b56178 0000000000000001 ffff800028268000
>>> [   20.025258] be00: ffff800026c0be80 ffff000008213fe4 0000000000000000 0000800032374000
>>> [   20.033204] be20: ffff80003a31eb00 0000000000000018 0000000080000000 ffff800026c0be30
>>> [   20.041150] be40: ffff800026c0be80 ffff000008213fa8 0000000000000000 ffff80003a31eb00
>>> [   20.049096] be60: ffff800026c0be70 ffff000008220300 ffff800026c0be80 ffff000008213f88
>>> [   20.057042] be80: 0000000000000000 ffff000008082f30 0000000000000000 0000800032374000
>>> [   20.064988] bea0: ffffffffffffffff 0000ffffaad04cdc 0000000040000000 0000000000000015
>>> [   20.072933] bec0: 0000000000000018 00000000c0a06440 0000ffffeb48d398 0000000000000000
>>> [   20.080879] bee0: 0000aaaae7550b00 0000000000000000 0000000000000040 0000aaaae7550910
>>> [   20.088824] bf00: 000000000000001d 0000aaaae7550b50 0000000000000000 0000000000000000
>>> [   20.096769] bf20: 0000000000000000 0000000000000000 0000000000000008 0000ffffeb48d1a8
>>> [   20.104714] bf40: 0000ffffab0472a0 0000ffffaad04cd0 0000aaaae754a3a0 0000ffffaa21d000
>>> [   20.112659] bf60: 0000ffffeb48d398 00000000c0a06440 0000000000000018 0000ffffaa21f000
>>> [   20.120605] bf80: 0000aaaae754bd80 0000ffffeb48d498 0000aaaae751e8c0 0000aaaae6d346b0
>>> [   20.128551] bfa0: 0000aaaae6d4f3f0 0000ffffeb48d310 0000ffffab02d884 0000ffffeb48d310
>>> [   20.136496] bfc0: 0000ffffaad04cdc 0000000040000000 0000000000000018 000000000000001d
>>> [   20.144441] bfe0: 0000000000000000 0000000000000000 1000006238744821 d61f00208b218841
>>> [   20.152382] Call trace:
>>> [   20.154863] Exception stack(0xffff800026c0ba50 to 0xffff800026c0bb80)
>>> [   20.161397] ba40:                                   ffff80003a00a418 0001000000000000
>>> [   20.169342] ba60: ffff800026c0bc30 ffff0000088975f4 00000000a0000145 0000000000000000
>>> [   20.177287] ba80: 0000000000000000 0000000000000000 0000000000000009 0000000000000ba5
>>> [   20.185232] baa0: ffff800027510b00 0000000000000000 ffff00000cd0e000 0000000000000073
>>> [   20.193177] bac0: 0000000000000000 0000000000000000 0000000000000001 000000000000001a
>>> [   20.201121] bae0: 0000000000000000 0000000000000000 000000000000001c 000000000000001b
>>> [   20.209067] bb00: 0000000000000000 ffff800026c0bce8 0000000000000000 ffff800028268000
>>> [   20.217012] bb20: 0000000000000019 0000000000000001 0000000000000000 0000000000000073
>>> [   20.224957] bb40: ffff80003a385a00 0000000000000000 0000000000000000 000000000000001a
>>> [   20.232901] bb60: 0000000000000001 0000000000000000 000000000000001c 000000000000001b
>>> [   20.240855] [<ffff0000088975f4>] ww_mutex_lock_interruptible+0x14/0xc0
>>> [   20.247528] [<ffff0000009b3ea4>] vc4_submit_cl_ioctl+0x4fc/0x998 [vc4]
>>> [   20.254372] [<ffff0000008f75f8>] drm_ioctl+0x180/0x438 [drm]
>>> [   20.260120] [<ffff00000821383c>] do_vfs_ioctl+0xa4/0x7d0
>>> [   20.265510] [<ffff000008213fe4>] SyS_ioctl+0x7c/0x98
>>> [   20.270550] [<ffff000008082f30>] el0_svc_naked+0x24/0x28
>>> [   20.275941] Code: d2800002 d5384103 910003fd f9800011 (c85ffc04)
>>> [   20.282527] ---[ end trace 1f6bd640ff32ae12 ]---
>>>
>>> Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
>> 
>> That's a lot of commit message.  Mind if I trim between LR and the
>> ww_mutex_lock_interruptible?  It gets my r-b either way, though.
>> 
>
> Sure, no problem. It's a bit overkill, I agree.

Pushed.  Thanks!
diff mbox

Patch

diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
index 80b2f9e55c5c..590c0912afc1 100644
--- a/drivers/gpu/drm/vc4/vc4_bo.c
+++ b/drivers/gpu/drm/vc4/vc4_bo.c
@@ -91,8 +91,7 @@  static void vc4_bo_destroy(struct vc4_bo *bo)
 	vc4->bo_stats.num_allocated--;
 	vc4->bo_stats.size_allocated -= obj->size;

-	if (bo->resv == &bo->_resv)
-		reservation_object_fini(bo->resv);
+	reservation_object_fini(&bo->_resv);

 	drm_gem_cma_free_object(obj);
 }
@@ -212,6 +211,8 @@  struct drm_gem_object *vc4_create_object(struct drm_device *dev, size_t size)
 	vc4->bo_stats.num_allocated++;
 	vc4->bo_stats.size_allocated += size;
 	mutex_unlock(&vc4->bo_lock);
+	bo->resv = &bo->_resv;
+	reservation_object_init(bo->resv);

 	return &bo->base.base;
 }
@@ -250,12 +251,7 @@  struct vc4_bo *vc4_bo_create(struct drm_device *dev, size_t unaligned_size,
 			return ERR_PTR(-ENOMEM);
 		}
 	}
-	bo = to_vc4_bo(&cma_obj->base);
-
-	bo->resv = &bo->_resv;
-	reservation_object_init(bo->resv);
-
-	return bo;
+	return to_vc4_bo(&cma_obj->base);
 }

 int vc4_dumb_create(struct drm_file *file_priv,