From: "Christian König" <christian.koenig@amd.com>
To: Ondrej Zary <linux@zary.sk>
Cc: Ben Skeggs <bskeggs@redhat.com>,
dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org,
linux-kernel@vger.kernel.org
Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device
Date: Wed, 9 Jun 2021 11:21:05 +0200 [thread overview]
Message-ID: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> (raw)
In-Reply-To: <202106090910.51188.linux@zary.sk>
Am 09.06.21 um 09:10 schrieb Ondrej Zary:
> On Wednesday 09 June 2021, Christian König wrote:
>> Am 09.06.21 um 08:57 schrieb Ondrej Zary:
>>> [SNIP]
>>>> Thanks for the heads up. So the problem with my patch is already fixed,
>>>> isn't it?
>>> The NULL pointer dereference in nouveau_bo_wr16 introduced in
>>> 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by
>>> aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d.
>>>
>>> That's the bug I hit when bisecting the original problem:
>>> NULL pointer dereference in nouveau_bo_sync_for_device
>>> It's caused by:
>>> # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: merge ttm_dma_tt back into ttm_tt
>> Good that I've asked :)
>>
>> Ok that's a bit strange. e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 was
>> created mostly automated.
>>
>> Do you have the original backtrace of that NULL pointer deref once more?
> The original backtrace is here: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flkml.org%2Flkml%2F2021%2F6%2F5%2F350&data=04%7C01%7Cchristian.koenig%40amd.com%7Ce905b6bd2aa842ace15508d92b15b96d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637588195000729460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zFqheBbJcOHtYgqG%2Fs63AT1dwuk4REmUDJWHvzaLAlc%3D&reserved=0
And the problem is that ttm_dma->dma_address is NULL, right? Mhm, I
don't see how that can happen since nouveau is using ttm_sg_tt_init().
Apart from that what nouveau does here is rather questionable since you
need a coherent architecture for most things anyway, but that's not what
we are trying to fix here.
Can you try to narrow down if ttm_sg_tt_init is called before calling
this function for the tt object in question?
Thanks,
Christian.
WARNING: multiple messages have this Message-ID (diff)
From: "Christian König" <christian.koenig@amd.com>
To: Ondrej Zary <linux@zary.sk>
Cc: nouveau@lists.freedesktop.org, Ben Skeggs <bskeggs@redhat.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: [Nouveau] nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device
Date: Wed, 9 Jun 2021 11:21:05 +0200 [thread overview]
Message-ID: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> (raw)
In-Reply-To: <202106090910.51188.linux@zary.sk>
Am 09.06.21 um 09:10 schrieb Ondrej Zary:
> On Wednesday 09 June 2021, Christian König wrote:
>> Am 09.06.21 um 08:57 schrieb Ondrej Zary:
>>> [SNIP]
>>>> Thanks for the heads up. So the problem with my patch is already fixed,
>>>> isn't it?
>>> The NULL pointer dereference in nouveau_bo_wr16 introduced in
>>> 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by
>>> aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d.
>>>
>>> That's the bug I hit when bisecting the original problem:
>>> NULL pointer dereference in nouveau_bo_sync_for_device
>>> It's caused by:
>>> # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: merge ttm_dma_tt back into ttm_tt
>> Good that I've asked :)
>>
>> Ok that's a bit strange. e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 was
>> created mostly automated.
>>
>> Do you have the original backtrace of that NULL pointer deref once more?
> The original backtrace is here: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flkml.org%2Flkml%2F2021%2F6%2F5%2F350&data=04%7C01%7Cchristian.koenig%40amd.com%7Ce905b6bd2aa842ace15508d92b15b96d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637588195000729460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zFqheBbJcOHtYgqG%2Fs63AT1dwuk4REmUDJWHvzaLAlc%3D&reserved=0
And the problem is that ttm_dma->dma_address is NULL, right? Mhm, I
don't see how that can happen since nouveau is using ttm_sg_tt_init().
Apart from that what nouveau does here is rather questionable since you
need a coherent architecture for most things anyway, but that's not what
we are trying to fix here.
Can you try to narrow down if ttm_sg_tt_init is called before calling
this function for the tt object in question?
Thanks,
Christian.
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/nouveau
WARNING: multiple messages have this Message-ID (diff)
From: "Christian König" <christian.koenig@amd.com>
To: Ondrej Zary <linux@zary.sk>
Cc: nouveau@lists.freedesktop.org, Ben Skeggs <bskeggs@redhat.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org
Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device
Date: Wed, 9 Jun 2021 11:21:05 +0200 [thread overview]
Message-ID: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> (raw)
In-Reply-To: <202106090910.51188.linux@zary.sk>
Am 09.06.21 um 09:10 schrieb Ondrej Zary:
> On Wednesday 09 June 2021, Christian König wrote:
>> Am 09.06.21 um 08:57 schrieb Ondrej Zary:
>>> [SNIP]
>>>> Thanks for the heads up. So the problem with my patch is already fixed,
>>>> isn't it?
>>> The NULL pointer dereference in nouveau_bo_wr16 introduced in
>>> 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by
>>> aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d.
>>>
>>> That's the bug I hit when bisecting the original problem:
>>> NULL pointer dereference in nouveau_bo_sync_for_device
>>> It's caused by:
>>> # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: merge ttm_dma_tt back into ttm_tt
>> Good that I've asked :)
>>
>> Ok that's a bit strange. e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 was
>> created mostly automated.
>>
>> Do you have the original backtrace of that NULL pointer deref once more?
> The original backtrace is here: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flkml.org%2Flkml%2F2021%2F6%2F5%2F350&data=04%7C01%7Cchristian.koenig%40amd.com%7Ce905b6bd2aa842ace15508d92b15b96d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637588195000729460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zFqheBbJcOHtYgqG%2Fs63AT1dwuk4REmUDJWHvzaLAlc%3D&reserved=0
And the problem is that ttm_dma->dma_address is NULL, right? Mhm, I
don't see how that can happen since nouveau is using ttm_sg_tt_init().
Apart from that what nouveau does here is rather questionable since you
need a coherent architecture for most things anyway, but that's not what
we are trying to fix here.
Can you try to narrow down if ttm_sg_tt_init is called before calling
this function for the tt object in question?
Thanks,
Christian.
next prev parent reply other threads:[~2021-06-09 9:21 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-05 19:43 nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device Ondrej Zary
2021-06-05 19:43 ` Ondrej Zary
2021-06-05 19:43 ` [Nouveau] " Ondrej Zary
2021-06-05 21:22 ` Ilia Mirkin
2021-06-05 21:22 ` Ilia Mirkin
2021-06-05 21:22 ` Ilia Mirkin
2021-06-05 21:34 ` Ondrej Zary
2021-06-05 21:34 ` Ondrej Zary
2021-06-05 21:34 ` [Nouveau] " Ondrej Zary
2021-06-06 21:16 ` Ondrej Zary
2021-06-06 21:16 ` Ondrej Zary
2021-06-06 21:16 ` [Nouveau] " Ondrej Zary
2021-06-07 20:58 ` Ondrej Zary
2021-06-07 20:58 ` Ondrej Zary
2021-06-07 20:58 ` [Nouveau] " Ondrej Zary
2021-06-08 18:47 ` Ondrej Zary
2021-06-08 18:47 ` Ondrej Zary
2021-06-08 18:47 ` [Nouveau] " Ondrej Zary
2021-06-08 20:01 ` Ondrej Zary
2021-06-08 20:01 ` Ondrej Zary
2021-06-08 20:01 ` [Nouveau] " Ondrej Zary
2021-06-08 21:59 ` Ondrej Zary
2021-06-08 21:59 ` Ondrej Zary
2021-06-08 21:59 ` [Nouveau] " Ondrej Zary
2021-06-09 6:43 ` Christian König
2021-06-09 6:43 ` Christian König
2021-06-09 6:43 ` [Nouveau] " Christian König
2021-06-09 6:57 ` Ondrej Zary
2021-06-09 6:57 ` Ondrej Zary
2021-06-09 6:57 ` [Nouveau] " Ondrej Zary
2021-06-09 7:02 ` Christian König
2021-06-09 7:02 ` Christian König
2021-06-09 7:02 ` [Nouveau] " Christian König
2021-06-09 7:10 ` Ondrej Zary
2021-06-09 7:10 ` Ondrej Zary
2021-06-09 7:10 ` [Nouveau] " Ondrej Zary
2021-06-09 9:21 ` Christian König [this message]
2021-06-09 9:21 ` Christian König
2021-06-09 9:21 ` [Nouveau] " Christian König
2021-06-09 20:00 ` Ondrej Zary
2021-06-09 20:00 ` Ondrej Zary
2021-06-09 20:00 ` [Nouveau] " Ondrej Zary
2021-06-10 6:43 ` Christian König
2021-06-10 6:43 ` Christian König
2021-06-10 6:43 ` [Nouveau] " Christian König
2021-06-10 17:50 ` Ondrej Zary
2021-06-10 17:50 ` Ondrej Zary
2021-06-10 17:50 ` [Nouveau] " Ondrej Zary
2021-06-10 17:59 ` Christian König
2021-06-10 17:59 ` Christian König
2021-06-10 17:59 ` [Nouveau] " Christian König
2021-06-11 12:38 ` Christian König
2021-06-11 12:38 ` Christian König
2021-06-11 12:38 ` [Nouveau] " Christian König
2021-06-11 18:23 ` Ondrej Zary
2021-06-11 18:23 ` Ondrej Zary
2021-06-11 18:23 ` [Nouveau] " Ondrej Zary
2021-06-14 11:07 ` Christian König
2021-06-14 11:07 ` Christian König
2021-06-14 11:07 ` [Nouveau] " Christian König
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com \
--to=christian.koenig@amd.com \
--cc=bskeggs@redhat.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@zary.sk \
--cc=nouveau@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.