From patchwork Wed Jun 7 19:05:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 9772479 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0A93A60234 for ; Wed, 7 Jun 2017 19:06:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E7A29228C9 for ; Wed, 7 Jun 2017 19:06:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DC5A628456; Wed, 7 Jun 2017 19:06:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3299A228C9 for ; Wed, 7 Jun 2017 19:06:03 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 9BDDB6E2B1; Wed, 7 Jun 2017 19:06:02 +0000 (UTC) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from lb2-smtp-cloud2.xs4all.net (lb2-smtp-cloud2.xs4all.net [194.109.24.25]) by gabe.freedesktop.org (Postfix) with ESMTPS id AB5426E2B1 for ; Wed, 7 Jun 2017 19:06:00 +0000 (UTC) Received: from [IPv6:2001:983:e9a7:1:ef31:4dcf:822e:7392] ([IPv6:2001:983:e9a7:1:ef31:4dcf:822e:7392]) by smtp-cloud2.xs4all.net with ESMTP id Vv5x1v00D3YS7uB01v5y0F; Wed, 07 Jun 2017 21:05:59 +0200 To: "dri-devel@lists.freedesktop.org" From: Hans Verkuil Subject: [PATCHv2] drm/vc4/vc4_bo.c: always set bo->resv Message-ID: <14e68768-6c92-2d74-92fd-196dbc50d8f7@xs4all.nl> Date: Wed, 7 Jun 2017 21:05:57 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Virus-Scanned: ClamAV using ClamSMTP The bo->resv pointer could be NULL, leading to kernel oopses like the one below. This patch ensures that bo->resv is always set in vc4_create_object ensuring that it is never NULL. Thanks to Eric Anholt for pointing to the correct solution. [ 19.738487] Unable to handle kernel NULL pointer dereference at virtual address 00000000 [ 19.746805] pgd = ffff8000275fc000 [ 19.750319] [00000000] *pgd=0000000000000000 [ 19.754715] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 19.760369] Modules linked in: smsc95xx usbnet vc4 drm_kms_helper drm pwm_bcm2835 i2c_bcm2835 bcm2835_rng rng_core bcm2835_dma virt_dma [ 19.772767] CPU: 0 PID: 1297 Comm: Xorg Not tainted 4.12.0-rc1-rpi3 #58 [ 19.779476] Hardware name: Raspberry Pi 3 Model B (DT) [ 19.784688] task: ffff800028268000 task.stack: ffff800026c08000 [ 19.790705] PC is at ww_mutex_lock_interruptible+0x14/0xc0 [ 19.796329] LR is at vc4_submit_cl_ioctl+0x4fc/0x998 [vc4] [ 19.801892] pc : [] lr : [] pstate: a0000145 [ 19.809391] sp : ffff800026c0bc30 [ 19.812750] x29: ffff800026c0bc30 x28: 0000000000000000 [ 19.818142] x27: ffff80003a385a00 x26: 0000000000000000 [ 19.823534] x25: 00000000ffffffff x24: 0000000000000000 [ 19.828925] x23: ffff800027510200 x22: ffff800026393800 [ 19.834316] x21: ffff800027510270 x20: ffff800027510b00 [ 19.839707] x19: ffff80003a00a418 x18: 0000000000000011 [ 19.845099] x17: 0000000000000008 x16: 000000000000001d [ 19.850490] x15: 000000000000001b x14: 000000000000001c [ 19.855881] x13: 0000000000000000 x12: 0000000000000001 [ 19.861272] x11: 000000000000001a x10: 0000000000000000 [ 19.866662] x9 : 0000000000000000 x8 : ffff80003a385a00 [ 19.872053] x7 : 0000000000000073 x6 : 0000000000000000 [ 19.877445] x5 : 0000000000000001 x4 : 0000000000000019 [ 19.882835] x3 : ffff800028268000 x2 : 0000000000000000 [ 19.888226] x1 : ffff800026c0bce8 x0 : 0000000000000000 [ 19.893621] Process Xorg (pid: 1297, stack limit = 0xffff800026c08000) [ 19.900244] Stack: (0xffff800026c0bc30 to 0xffff800026c0c000) [ 19.906073] bc20: ffff800026c0bc60 ffff0000009b3ea4 [ 19.914019] bc40: 0000000000000000 0000000000000000 ffff80002809fc00 00000000000015f5 [ 19.921964] bc60: ffff800026c0bd00 ffff0000008f75f8 ffff0000009bdd80 00000000c0a06440 [ 19.929910] bc80: 00000000000000a0 ffff800027a58600 0000ffffeb48d398 00000000000000a0 [ 19.937856] bca0: ffff00000091ad58 0000000000000040 ffff800026393800 ffff800027510b00 [ 19.945802] bcc0: ffff0000009bdd80 00000000c0a06440 ffff800027a58650 ffff800027c42684 [ 19.953747] bce0: 0000ffffeb48d398 ffff800028268000 0000000000000001 0000aaaa00000000 [ 19.961693] bd00: ffff800026c0be00 ffff00000821383c ffff800028abb8d8 ffff80003a31eb00 [ 19.969638] bd20: 0000ffffeb48d398 ffff80003a31eb00 00000000c0a06440 0000ffffeb48d398 [ 19.977585] bd40: 0000000000000124 000000000000001d ffff0000088b2000 ffff800028268000 [ 19.985530] bd60: ffff800026c0bd80 00000000000000a0 ffff0000009b39a8 ffff800026c0bd80 [ 19.993476] bd80: 00000000007f8000 000000000000000a ffff800026c0bda0 ffff000008097b58 [ 20.001422] bda0: ffff800026c0be00 ffff0000080812cc ffff0000088bb308 0000000082000007 [ 20.009366] bdc0: ffff0000088bb438 0000ffffa9b56178 ffff800026c0bec0 0000000000000020 [ 20.017313] bde0: 0000000082000007 0000ffffa9b56178 0000000000000001 ffff800028268000 [ 20.025258] be00: ffff800026c0be80 ffff000008213fe4 0000000000000000 0000800032374000 [ 20.033204] be20: ffff80003a31eb00 0000000000000018 0000000080000000 ffff800026c0be30 [ 20.041150] be40: ffff800026c0be80 ffff000008213fa8 0000000000000000 ffff80003a31eb00 [ 20.049096] be60: ffff800026c0be70 ffff000008220300 ffff800026c0be80 ffff000008213f88 [ 20.057042] be80: 0000000000000000 ffff000008082f30 0000000000000000 0000800032374000 [ 20.064988] bea0: ffffffffffffffff 0000ffffaad04cdc 0000000040000000 0000000000000015 [ 20.072933] bec0: 0000000000000018 00000000c0a06440 0000ffffeb48d398 0000000000000000 [ 20.080879] bee0: 0000aaaae7550b00 0000000000000000 0000000000000040 0000aaaae7550910 [ 20.088824] bf00: 000000000000001d 0000aaaae7550b50 0000000000000000 0000000000000000 [ 20.096769] bf20: 0000000000000000 0000000000000000 0000000000000008 0000ffffeb48d1a8 [ 20.104714] bf40: 0000ffffab0472a0 0000ffffaad04cd0 0000aaaae754a3a0 0000ffffaa21d000 [ 20.112659] bf60: 0000ffffeb48d398 00000000c0a06440 0000000000000018 0000ffffaa21f000 [ 20.120605] bf80: 0000aaaae754bd80 0000ffffeb48d498 0000aaaae751e8c0 0000aaaae6d346b0 [ 20.128551] bfa0: 0000aaaae6d4f3f0 0000ffffeb48d310 0000ffffab02d884 0000ffffeb48d310 [ 20.136496] bfc0: 0000ffffaad04cdc 0000000040000000 0000000000000018 000000000000001d [ 20.144441] bfe0: 0000000000000000 0000000000000000 1000006238744821 d61f00208b218841 [ 20.152382] Call trace: [ 20.154863] Exception stack(0xffff800026c0ba50 to 0xffff800026c0bb80) [ 20.161397] ba40: ffff80003a00a418 0001000000000000 [ 20.169342] ba60: ffff800026c0bc30 ffff0000088975f4 00000000a0000145 0000000000000000 [ 20.177287] ba80: 0000000000000000 0000000000000000 0000000000000009 0000000000000ba5 [ 20.185232] baa0: ffff800027510b00 0000000000000000 ffff00000cd0e000 0000000000000073 [ 20.193177] bac0: 0000000000000000 0000000000000000 0000000000000001 000000000000001a [ 20.201121] bae0: 0000000000000000 0000000000000000 000000000000001c 000000000000001b [ 20.209067] bb00: 0000000000000000 ffff800026c0bce8 0000000000000000 ffff800028268000 [ 20.217012] bb20: 0000000000000019 0000000000000001 0000000000000000 0000000000000073 [ 20.224957] bb40: ffff80003a385a00 0000000000000000 0000000000000000 000000000000001a [ 20.232901] bb60: 0000000000000001 0000000000000000 000000000000001c 000000000000001b [ 20.240855] [] ww_mutex_lock_interruptible+0x14/0xc0 [ 20.247528] [] vc4_submit_cl_ioctl+0x4fc/0x998 [vc4] [ 20.254372] [] drm_ioctl+0x180/0x438 [drm] [ 20.260120] [] do_vfs_ioctl+0xa4/0x7d0 [ 20.265510] [] SyS_ioctl+0x7c/0x98 [ 20.270550] [] el0_svc_naked+0x24/0x28 [ 20.275941] Code: d2800002 d5384103 910003fd f9800011 (c85ffc04) [ 20.282527] ---[ end trace 1f6bd640ff32ae12 ]--- Signed-off-by: Hans Verkuil --- drivers/gpu/drm/vc4/vc4_bo.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c index 80b2f9e55c5c..590c0912afc1 100644 --- a/drivers/gpu/drm/vc4/vc4_bo.c +++ b/drivers/gpu/drm/vc4/vc4_bo.c @@ -91,8 +91,7 @@ static void vc4_bo_destroy(struct vc4_bo *bo) vc4->bo_stats.num_allocated--; vc4->bo_stats.size_allocated -= obj->size; - if (bo->resv == &bo->_resv) - reservation_object_fini(bo->resv); + reservation_object_fini(&bo->_resv); drm_gem_cma_free_object(obj); } @@ -212,6 +211,8 @@ struct drm_gem_object *vc4_create_object(struct drm_device *dev, size_t size) vc4->bo_stats.num_allocated++; vc4->bo_stats.size_allocated += size; mutex_unlock(&vc4->bo_lock); + bo->resv = &bo->_resv; + reservation_object_init(bo->resv); return &bo->base.base; } @@ -250,12 +251,7 @@ struct vc4_bo *vc4_bo_create(struct drm_device *dev, size_t unaligned_size, return ERR_PTR(-ENOMEM); } } - bo = to_vc4_bo(&cma_obj->base); - - bo->resv = &bo->_resv; - reservation_object_init(bo->resv); - - return bo; + return to_vc4_bo(&cma_obj->base); } int vc4_dumb_create(struct drm_file *file_priv,