From patchwork Mon Dec 28 21:31:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Iskren Chernev X-Patchwork-Id: 11991733 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D740AC0018C for ; Mon, 28 Dec 2020 23:13:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C095B2222A for ; Mon, 28 Dec 2020 23:13:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730625AbgL1Wzv (ORCPT ); Mon, 28 Dec 2020 17:55:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43308 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729517AbgL1Vcz (ORCPT ); Mon, 28 Dec 2020 16:32:55 -0500 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E08F3C0613D6; Mon, 28 Dec 2020 13:32:14 -0800 (PST) Received: by mail-ed1-x530.google.com with SMTP id c7so10939282edv.6; Mon, 28 Dec 2020 13:32:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uElko8H1IEIjIJWyRSXhBqJLcGQEtf8eK+EqM9U481M=; b=IbbTT7ALMMqqUaF4QZrwr6tlTaNCEIbaUlJxEmJMM8uGOgHY9f0q8erCX/u8BNs/6Q 8b9BvBv3pXOBXQ8FSJ2+I1Uepfifbt+kd2mTXt8cOZxZY/Ib0s1cwb3XQH5F1zRCXF82 xoHZ3ZS/1sO+YlZcnRkKMXfaEIJoPS+r0F3S0PLUOEhzOZXsyqRLNEPghGsncCsdr85J CyJzIBEaNxvqCvgMA0P2GoPY77NirsU42mUa+3H8xrPVABV1qkH5hhuk2RtqvIISv6wL i+OoNWKvZ7oU3HD2XkKURdVV/IfSszFAdMMbjAKX7E5PMbbSkjg0iibAUdZFDSHR96SP Pv/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=uElko8H1IEIjIJWyRSXhBqJLcGQEtf8eK+EqM9U481M=; b=sNNKZao0iHyySFQIE+EZq9hNO2mxZEXK7oncV4Exb7GsJZcfPZB3mAEEylZzrSlZF1 RpiWOSRhebLJNCfZcJ2RbUaNd97VvGMWAJ7YZEQB6mRZ3uTZREU7hPBKFLCNTKQB9+HH rSygxujGykfrcgOq7hiLKeSD1EhTKTpFohz7By43hxtZ6jwM+O32JUAeZHj8Y1sAoUIS S6TI5R1iH5gXW6ALKMao7FBNWxi4ta305jQtns8HR5nnbe8a6f0rw/TMM+AXDX+5Buao d4EDlJGH3FMxUTQ/eHSzjoiMKfJ/GaCK3vok66D7WaJALfks1eAb8zBrLHpiZiArhvgz 85xw== X-Gm-Message-State: AOAM533kht8EQgup/l/96XnQuGIimriLaalUukDsgdmQxInLhxU8HANq dRczGx96JdTamdYOk9KdyvEhGfsQxB9AlrKv X-Google-Smtp-Source: ABdhPJw0FdwRw6JLk9hdMPSzqQWYb9J7SqdecK06ic0J77rx6ODCqNWV1rAkOnQJ/MIMoYy5eIKZIQ== X-Received: by 2002:aa7:ce94:: with SMTP id y20mr43187542edv.361.1609191133408; Mon, 28 Dec 2020 13:32:13 -0800 (PST) Received: from localhost (178-169-161-196.razgrad.ddns.bulsat.com. [178.169.161.196]) by smtp.gmail.com with ESMTPSA id op5sm17474286ejb.43.2020.12.28.13.32.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 28 Dec 2020 13:32:12 -0800 (PST) From: Iskren Chernev To: Rob Clark Cc: Sean Paul , David Airlie , Daniel Vetter , "Kristian H . Kristensen" , linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org, freedreno@lists.freedesktop.org, linux-kernel@vger.kernel.org, ~postmarketos/upstreaming@lists.sr.ht, Iskren Chernev Subject: [PATCH 1/2] drm/msm: Fix null dereference in _msm_gem_new Date: Mon, 28 Dec 2020 23:31:30 +0200 Message-Id: <20201228213131.2316293-1-iskren.chernev@gmail.com> X-Mailer: git-send-email 2.29.2 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org The crash was caused by locking an uninitialized lock during init of drm_gem_object. The lock changed in the breaking commit, but the init was not moved accordingly. 8<--- cut here --- Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = (ptrval) [00000000] *pgd=00000000 Internal error: Oops: 5 [#1] PREEMPT SMP ARM Modules linked in: msm(+) qcom_spmi_vadc qcom_vadc_common dm_mod usb_f_rndis rmi_i2c rmi_core qnoc_msm8974 icc_smd_rpm pm8941_pwrkey CPU: 2 PID: 1020 Comm: udevd Not tainted 5.10.0-postmarketos-qcom-msm8974 #8 Hardware name: Generic DT based system PC is at ww_mutex_lock+0x20/0xb0 LR is at _msm_gem_new+0x13c/0x298 [msm] pc : [] lr : [] psr: 20000013 sp : c36e7ad0 ip : c3b3d800 fp : 00000000 r10: 00000001 r9 : c3b22800 r8 : 00000000 r7 : c3b23000 r6 : c3b3d600 r5 : c3b3d600 r4 : 00000000 r3 : c34b4780 r2 : c3b3d6f4 r1 : 00000000 r0 : 00000000 Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none Control: 10c5787d Table: 03ae406a DAC: 00000051 Process udevd (pid: 1020, stack limit = 0x(ptrval)) Stack: (0xc36e7ad0 to 0xc36e8000) [...] [] (ww_mutex_lock) from [] (_msm_gem_new+0x13c/0x298 [msm]) [] (_msm_gem_new [msm]) from [] (_msm_gem_kernel_new+0x20/0x190 [msm]) [] (_msm_gem_kernel_new [msm]) from [] (msm_gem_kernel_new+0x24/0x2c [msm]) [] (msm_gem_kernel_new [msm]) from [] (msm_gpu_init+0x308/0x548 [msm]) [] (msm_gpu_init [msm]) from [] (adreno_gpu_init+0x13c/0x240 [msm]) [] (adreno_gpu_init [msm]) from [] (a3xx_gpu_init+0x78/0x1dc [msm]) [] (a3xx_gpu_init [msm]) from [] (adreno_bind+0x1cc/0x274 [msm]) [] (adreno_bind [msm]) from [] (component_bind_all+0x11c/0x278) [] (component_bind_all) from [] (msm_drm_bind+0x18c/0x5b4 [msm]) [] (msm_drm_bind [msm]) from [] (try_to_bring_up_master+0x200/0x2c8) [] (try_to_bring_up_master) from [] (component_master_add_with_match+0xc8/0xfc) [] (component_master_add_with_match) from [] (msm_pdev_probe+0x288/0x2c4 [msm]) [] (msm_pdev_probe [msm]) from [] (platform_drv_probe+0x48/0x98) [] (platform_drv_probe) from [] (really_probe+0x108/0x528) [] (really_probe) from [] (driver_probe_device+0x78/0x1d4) [] (driver_probe_device) from [] (device_driver_attach+0xa8/0xb0) [] (device_driver_attach) from [] (__driver_attach+0xb4/0x154) [] (__driver_attach) from [] (bus_for_each_dev+0x78/0xb8) [] (bus_for_each_dev) from [] (bus_add_driver+0x10c/0x208) [] (bus_add_driver) from [] (driver_register+0x88/0x118) [] (driver_register) from [] (do_one_initcall+0x50/0x2b0) [] (do_one_initcall) from [] (do_init_module+0x60/0x288) [] (do_init_module) from [] (sys_finit_module+0xd4/0x120) [] (sys_finit_module) from [] (ret_fast_syscall+0x0/0x54) Exception stack(0xc36e7fa8 to 0xc36e7ff0) 7fa0: 00020000 00000000 00000007 b6edd5b0 00000000 b6f2ff20 7fc0: 00020000 00000000 0000017b 0000017b b6eef980 bedc3a54 00473c99 00000000 7fe0: b6edd5b0 bedc3918 b6ed8a5f b6f6a8b0 Code: e3c3303f e593300c e1a04000 f590f000 (e1940f9f) ---[ end trace 277e2a3da40bbb76 ]--- Fixes: 6c0e3ea250476 ("drm/msm/gem: Switch over to obj->resv for locking") Signed-off-by: Iskren Chernev --- drivers/gpu/drm/msm/msm_gem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) base-commit: d7a03a44a5e93f39ece70ec75d25c6088caa0fdb diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index 32d5c514e28ad..c658deb31eb5d 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -1116,6 +1116,8 @@ static struct drm_gem_object *_msm_gem_new(struct drm_device *dev, struct msm_gem_vma *vma; struct page **pages; + drm_gem_private_object_init(dev, obj, size); + msm_gem_lock(obj); vma = add_vma(obj, NULL); @@ -1127,7 +1129,6 @@ static struct drm_gem_object *_msm_gem_new(struct drm_device *dev, to_msm_bo(obj)->vram_node = &vma->node; - drm_gem_private_object_init(dev, obj, size); pages = get_pages(obj); if (IS_ERR(pages)) { From patchwork Mon Dec 28 21:31:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Iskren Chernev X-Patchwork-Id: 11991731 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD6DBC433DB for ; Mon, 28 Dec 2020 23:13:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B36BE2222A for ; Mon, 28 Dec 2020 23:13:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729377AbgL1Wzv (ORCPT ); Mon, 28 Dec 2020 17:55:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729528AbgL1Vdf (ORCPT ); Mon, 28 Dec 2020 16:33:35 -0500 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C97CBC06179A; Mon, 28 Dec 2020 13:32:43 -0800 (PST) Received: by mail-ej1-x633.google.com with SMTP id b9so15904723ejy.0; Mon, 28 Dec 2020 13:32:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=I2WBbrkH2ONKXlEDHonkPj8AaAP1q8vzoVqaiWZLsUg=; b=veLKfrSGWbd3LTDOY5lt4PaP9PCYEgPTlIz7EUcvX42ydY/0lOFux5IcfuXUUiCf3d CQmpJn8IWQb5uhTloPCLp1XDkrdLUGCLWAVrS3UcoJy+B4HJ+DIoEyc8jz3eToiojC8u xE7Tavg902Qm9pudVd65nwEOfozvvnK1gDo0qxWZM/3lWZI9erklKix71m8qWH3yuDGW UNbJVaqORU1hMGPcKOq7Rzmcnn58RNzzTx9GxnCAV3vmylUTTVFSZFmVNs4gtS0R3QNb NKOK+806eu/RExhwim19mLzDir/YB7c/mGy+/CCImBwkFIbm1j9+azL0qusKQrbPlNIn FB+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=I2WBbrkH2ONKXlEDHonkPj8AaAP1q8vzoVqaiWZLsUg=; b=a4PR3Pw02QlV4fxTHX0bk+48ryI3KHxOFwExgduA4q/59kRgPM46ff2j28aI1GVxjx G5pvwJSKk9bESlG3WjjJyqyHm0kEInzXT6dRM2yHvZkpDyvE9RvpnSFtYJSxYA9eadhp u9c6T4wEdHhe0adsSuei4zqrJrF/sWntVJz8Q+2wER0fDZfyLj7h9irp+u3j/owVkmdG Gvt+oIsqJAI8k5BtTeSZEHJS/i3WE+/2P4pqRnGe509naAr7L0jUhGRklNqRCPEuqDs+ CaftUZHAdQz09YjWHlllQtwDDppGaky7t692Y5H7rEEF5QxASuArO/QvX+O+rw+9rr4f 4AhA== X-Gm-Message-State: AOAM531V0qBBY4D6xjMxhXH4YUQiXC3xzAn7F0XleeWnvIAm+ExnMstm ABR6LTmLHPCaJsXFqCP0YPE= X-Google-Smtp-Source: ABdhPJxt3v098h+osXmQY1LyoTMKKWPimAzb7g00fZLrEQdCMwrw5lSl3gm4oc39Np0J8+Q2c8SyGw== X-Received: by 2002:a17:906:e94c:: with SMTP id jw12mr44293726ejb.56.1609191162587; Mon, 28 Dec 2020 13:32:42 -0800 (PST) Received: from localhost (178-169-161-196.razgrad.ddns.bulsat.com. [178.169.161.196]) by smtp.gmail.com with ESMTPSA id dg10sm14625072edb.63.2020.12.28.13.32.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 28 Dec 2020 13:32:42 -0800 (PST) From: Iskren Chernev To: Rob Clark Cc: Sean Paul , David Airlie , Daniel Vetter , "Kristian H . Kristensen" , linux-arm-msm@vger.kernel.org, dri-devel@lists.freedesktop.org, freedreno@lists.freedesktop.org, linux-kernel@vger.kernel.org, ~postmarketos/upstreaming@lists.sr.ht, Iskren Chernev Subject: [PATCH 2/2] drm/msm: Ensure get_pages is called when locked Date: Mon, 28 Dec 2020 23:31:31 +0200 Message-Id: <20201228213131.2316293-2-iskren.chernev@gmail.com> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228213131.2316293-1-iskren.chernev@gmail.com> References: <20201228213131.2316293-1-iskren.chernev@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-arm-msm@vger.kernel.org get_pages is only called in a locked context. Add a WARN_ON to make sure it stays that way. Signed-off-by: Iskren Chernev --- drivers/gpu/drm/msm/msm_gem.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/msm_gem.c b/drivers/gpu/drm/msm/msm_gem.c index c658deb31eb5d..9d10739c4eb2d 100644 --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -96,6 +96,8 @@ static struct page **get_pages(struct drm_gem_object *obj) { struct msm_gem_object *msm_obj = to_msm_bo(obj); + WARN_ON(!msm_gem_is_locked(obj)); + if (!msm_obj->pages) { struct drm_device *dev = obj->dev; struct page **p; @@ -1129,8 +1131,9 @@ static struct drm_gem_object *_msm_gem_new(struct drm_device *dev, to_msm_bo(obj)->vram_node = &vma->node; - + msm_gem_lock(obj); pages = get_pages(obj); + msm_gem_unlock(obj); if (IS_ERR(pages)) { ret = PTR_ERR(pages); goto fail;