From patchwork Thu Feb 4 16:30:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tong Zhang X-Patchwork-Id: 12068519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.5 required=3.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B62FBC433DB for ; Thu, 4 Feb 2021 19:35:05 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 79BCB64F6C for ; Thu, 4 Feb 2021 19:35:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 79BCB64F6C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id E7AEF6EE49; Thu, 4 Feb 2021 19:34:49 +0000 (UTC) Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by gabe.freedesktop.org (Postfix) with ESMTPS id 010176E0F8; Thu, 4 Feb 2021 16:30:59 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id r77so3827829qka.12; Thu, 04 Feb 2021 08:30:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=T0NRt1RoecFJjcNoijwWrOJLmNFoPaYZ4YyMc8TegcU=; b=lG+DgfQ93qIQHJWos7mTV85Ys/7hSvcDXIFoGSDhZFxEz1Helq+xUggdjnusRYGw5e Vu78Jua2vyOvjsXnbwJkbkyO3Veyto7w5Qsbm9l0AeCf01J1L+aDMa83dFHZQFsuQY8B UDO6RUSdlUYBKtlUPvdBWR3dGtYlWN7ZZzYw2JflERwekh/XrBoiKispqVTTVeYscq2E hONOYxE4a1x6Jmwtim+H8X1ho7d1qZYxaTemuDadJ5YOoeNY3Xp89ZCKKgPcY1KIIni9 XDuZcOQVR2ty4hEhnl+L2+X9+RoRPDRHuuaPqX6aQwuF17xFRbLsY6VSZBothEA7ZiwX KZkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=T0NRt1RoecFJjcNoijwWrOJLmNFoPaYZ4YyMc8TegcU=; b=pPprKjHlEVMHKyfNbA/PE0cu2I7xCWQA+1Xh+IcWRYHaw+7vopUcn/BzheAP74860V +sRU7uDFEF0AmAyew0hYRf4hbZwZup31EYbP44vtdPkXNhiOJWseq5PDdrSseJyNQAsQ y1ILTOTQCd8hke94b2BDrZ82Q18UFiCIJdRz8v5uv0pJ5XKdJooYgka17jtVbF6gwVer +hVtisprUSYaC/QJD49l7GZRQkJ6cRRReQu84D6pJCgPttQi14qu3//MJFU320Mqao9i zkRkUESwargXR002Rwhv03tqYysYiA6ImXz/mRGWB+48lSMkBXDzHW8+jRu/owiHo/67 FqHw== X-Gm-Message-State: AOAM5300KgaNt5BxnkQ77NU/C58WOY3FM7E2Ai72mcWklsAbnf5gqHoP zL+OAErNhyOEw0nWcXCCDUI= X-Google-Smtp-Source: ABdhPJzytxlHFoJ/pN0SQLwz03xk6Mo9l2IBiHRjrJzegNaP67yEbBMK8mi2YkS/wAVFXvvZ9HnlEA== X-Received: by 2002:ae9:c111:: with SMTP id z17mr8561357qki.475.1612456258950; Thu, 04 Feb 2021 08:30:58 -0800 (PST) Received: from tong-desktop.local ([2601:5c0:c200:27c6:1d8e:4975:1aa2:eea2]) by smtp.googlemail.com with ESMTPSA id h6sm5510920qkf.96.2021.02.04.08.30.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Feb 2021 08:30:58 -0800 (PST) From: Tong Zhang To: Dave Airlie , Gerd Hoffmann , David Airlie , Daniel Vetter , virtualization@lists.linux-foundation.org, spice-devel@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] drm/qxl: do not run release if qxl failed to init Date: Thu, 4 Feb 2021 11:30:50 -0500 Message-Id: <20210204163050.1232756-1-ztong0001@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 04 Feb 2021 19:34:49 +0000 X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ztong0001@gmail.com Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" if qxl_device_init() fail, drm device will not be registered, in this case, do not run qxl_drm_release() [ 5.258534] ================================================================== [ 5.258931] BUG: KASAN: user-memory-access in qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.259388] Write of size 8 at addr 00000000000014dc by task modprobe/95 [ 5.259754] [ 5.259842] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc6-00007-g88bb507a74ea #62 [ 5.260309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda54 [ 5.260917] Call Trace: [ 5.261056] dump_stack+0x7d/0xa3 [ 5.261245] kasan_report.cold+0x10c/0x10e [ 5.261475] ? qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.261789] check_memory_region+0x17c/0x1e0 [ 5.262029] qxl_destroy_monitors_object+0x42/0xa0 [qxl] [ 5.262332] qxl_modeset_fini+0x9/0x20 [qxl] [ 5.262595] qxl_drm_release+0x22/0x30 [qxl] [ 5.262841] drm_dev_release+0x32/0x50 [ 5.263047] release_nodes+0x39e/0x410 [ 5.263253] ? devres_release+0x40/0x40 [ 5.263462] really_probe+0x2ea/0x420 [ 5.263664] driver_probe_device+0x6d/0xd0 [ 5.263888] device_driver_attach+0x82/0x90 [ 5.264116] ? device_driver_attach+0x90/0x90 [ 5.264353] __driver_attach+0x60/0x100 [ 5.264563] ? device_driver_attach+0x90/0x90 [ 5.264801] bus_for_each_dev+0xe1/0x140 [ 5.265014] ? subsys_dev_iter_exit+0x10/0x10 [ 5.265251] ? klist_node_init+0x61/0x80 [ 5.265464] bus_add_driver+0x254/0x2a0 [ 5.265673] driver_register+0xd3/0x150 [ 5.265882] ? 0xffffffffc0048000 [ 5.266064] do_one_initcall+0x84/0x250 [ 5.266274] ? trace_event_raw_event_initcall_finish+0x150/0x150 [ 5.266596] ? unpoison_range+0xf/0x30 [ 5.266801] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 [ 5.267082] ? unpoison_range+0xf/0x30 [ 5.267287] ? unpoison_range+0xf/0x30 [ 5.267491] do_init_module+0xf8/0x350 [ 5.267697] load_module+0x3fe6/0x4340 [ 5.267902] ? vm_unmap_ram+0x1d0/0x1d0 [ 5.268115] ? module_frob_arch_sections+0x20/0x20 [ 5.268375] ? __do_sys_finit_module+0x108/0x170 [ 5.268624] __do_sys_finit_module+0x108/0x170 [ 5.268865] ? __ia32_sys_init_module+0x40/0x40 [ 5.269111] ? file_open_root+0x200/0x200 [ 5.269330] ? do_sys_open+0x85/0xe0 [ 5.269527] ? filp_open+0x50/0x50 [ 5.269714] ? exit_to_user_mode_prepare+0xfc/0x130 [ 5.269978] do_syscall_64+0x33/0x40 [ 5.270176] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 5.270450] RIP: 0033:0x7fa3f685bcf7 [ 5.270646] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d1 [ 5.271634] RSP: 002b:00007ffca83048d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 5.272037] RAX: ffffffffffffffda RBX: 0000000001e94a70 RCX: 00007fa3f685bcf7 [ 5.272416] RDX: 0000000000000000 RSI: 0000000001e939e0 RDI: 0000000000000003 [ 5.272794] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 [ 5.273171] R10: 00007fa3f68bf300 R11: 0000000000000246 R12: 0000000001e939e0 [ 5.273550] R13: 0000000000000000 R14: 0000000001e93bd0 R15: 0000000000000001 [ 5.273928] ================================================================== Signed-off-by: Tong Zhang --- v2: use qdev->ddev.mode_config.funcs instead of dev->registered, since mode_config.funcs will only be set if qxl_modeset_init() returns 0 drivers/gpu/drm/qxl/qxl_drv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c index 6e7f16f4cec7..839d9e7a5765 100644 --- a/drivers/gpu/drm/qxl/qxl_drv.c +++ b/drivers/gpu/drm/qxl/qxl_drv.c @@ -144,6 +144,8 @@ static void qxl_drm_release(struct drm_device *dev) * reodering qxl_modeset_fini() + qxl_device_fini() calls is * non-trivial though. */ + if (!qdev->ddev.mode_config.funcs) + return; qxl_modeset_fini(qdev); qxl_device_fini(qdev); }