From: Russell King - ARM Linux <linux@arm.linux.org.uk>
To: Lucas Stach <l.stach@pengutronix.de>
Cc: dri-devel@lists.freedesktop.org
Subject: Re: [PATCH 46/48] staging: etnaviv: rewrite submit interface to use copy from user
Date: Mon, 26 Oct 2015 20:48:32 +0000 [thread overview]
Message-ID: <20151026204832.GJ22124@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <1443182280-15868-47-git-send-email-l.stach@pengutronix.de>
On Fri, Sep 25, 2015 at 01:57:58PM +0200, Lucas Stach wrote:
> +void etnaviv_gpu_cmdbuf_free(struct etnaviv_cmdbuf *cmdbuf)
> +{
> + dma_free_writecombine(cmdbuf->gpu->dev, cmdbuf->size,
> + cmdbuf->vaddr, cmdbuf->paddr);
> + kfree(cmdbuf);
> +}
...
> @@ -885,6 +914,14 @@ static void retire_worker(struct work_struct *work)
> + list_for_each_entry_safe(cmdbuf, tmp, &gpu->active_cmd_list,
> + gpu_active_list) {
> + if (fence_after_eq(fence, cmdbuf->fence)) {
> + etnaviv_gpu_cmdbuf_free(cmdbuf);
> + list_del(&cmdbuf->gpu_active_list);
I mentioned that I'd left one of my machines on a soak test - with vlc
running with a video clip, but in pause mode. vlc continues writing
frames to the etnaviv Xv GPU backend, thereby exercising these code
paths. After about 39 hours, the above provoked the oops below, which
is a use-after-free bug. Fix on its way to my git branch once builds
and reboots are complete.
Unable to handle kernel NULL pointer dereference at virtual address 00000004
pgd = c0004000
[00000004] *pgd=00000000
Internal error: Oops: 817 [#1] SMP ARM
Modules linked in: bnep rfcomm bluetooth algif_hash af_alg nfsd exportfs caam_jr rc_cec coda snd_soc_fsl_spdif imx_pcm_dma imx_sdma v4l2_mem2mem videobuf2_dma_contig cecd_dw_hdmi caam videobuf2_vmalloc videobuf2_memops imx2_wdt imx_thermal snd_soc_imx_spdif
CPU: 0 PID: 9381 Comm: kworker/u8:0 Not tainted 4.3.0-rc6+ #1862[140431.268864] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
Workqueue: etnaviv retire_worker
task: ea478000 ti: ea638000 task.ti: ea638000
PC is at retire_worker+0x108/0x158
LR is at mark_held_locks+0x74/0x98
pc : [<c0544134>] lr : [<c0077838>] psr: 200f0013
sp : ea639e58 ip : 0000022e fp : ea639e8c
r10: 00000200 r9 : 00000100 r8 : ee28b5b0
r7 : ee28b5f0 r6 : 00385989 r5 : ee28b598 r4 : ed0eeb40
r3 : c05439f0 r2 : 00000080 r1 : 00000000 r0 : 00000001
Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control: 10c5387d Table: 3d02804a DAC: 00000051
Process kworker/u8:0 (pid: 9381, stack limit = 0xea638210)
Stack: (0xea639e58 to 0xea63a000)
9e40: ea639e74 ee2b2834
9e60: c0077a58 ee28b5f0 e9595880 ee822000 ea639eb0 00000000 c09f40f8 ee1a4600
9e80: ea639eec ea639e90 c0047b4c c0544038 00000001 00000000 c0047ab8 ee822000
...
Backtrace:
[<c054402c>] (retire_worker) from [<c0047b4c>] (process_one_work+0x1c4/0x4b0)
r10:ee1a4600 r9:c09f40f8 r8:00000000 r7:ea639eb0 r6:ee822000 r5:e9595880
r4:ee28b5f0
[<c0047988>] (process_one_work) from [<c0047ea8>] (worker_thread+0x34/0x4b0)
r10:ee822000 r9:ee822000 r8:00000088 r7:e9595898 r6:e9595880 r5:00000001
r4:ee822030
[<c0047e74>] (worker_thread) from [<c004e0f4>] (kthread+0xe0/0xfc)
r10:00000000 r9:00000000 r8:00000000 r7:c0047e74 r6:e9595880 r5:00000000
r4:e1fdc800
[<c004e014>] (kthread) from [<c000fcf0>] (ret_from_fork+0x14/0x24)
r7:00000000 r6:00000000 r5:c004e014 r4:e1fdc800
Code: ba000006 ebffff50 e594301c e5941018 (e5813004)
---[ end trace d430e2a4bd7d6777 ]---
--
FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up
according to speedtest.net.
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2015-10-26 20:48 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-11 14:10 [PATCH RFCv2 0/4] Etnaviv DRM driver again Lucas Stach
2015-09-11 14:10 ` [PATCH RFCv2 1/4] of: Add vendor prefix for Vivante Corporation Lucas Stach
2015-09-11 14:10 ` [PATCH RFCv2 2/4] staging: etnaviv: add devicetree bindings Lucas Stach
2015-09-11 14:10 ` [PATCH RFCv2 3/4] staging: etnaviv: add drm driver Lucas Stach
2015-09-14 13:16 ` Rob Clark
2015-09-16 7:56 ` Russell King - ARM Linux
2015-09-16 6:11 ` Christian Gmeiner
2015-09-16 7:49 ` Russell King - ARM Linux
2015-09-16 15:30 ` Lucas Stach
2015-09-16 8:04 ` Russell King - ARM Linux
2015-09-16 10:42 ` Christian Gmeiner
2015-09-16 15:36 ` Lucas Stach
2015-09-25 11:57 ` [PATCH 00/48] Etnaviv changes RFCv1->RFCv2 Lucas Stach
2015-09-25 11:57 ` [PATCH 01/48] staging: etnaviv: avoid holding struct_mutex over dma_alloc_coherent() Lucas Stach
2015-09-25 11:57 ` [PATCH 02/48] staging: etnaviv: restructure iommu handling Lucas Stach
2015-09-25 11:57 ` [PATCH 03/48] staging: etnaviv: remove compat MMU code Lucas Stach
2015-09-25 12:18 ` Russell King - ARM Linux
2015-10-21 11:35 ` Russell King - ARM Linux
2015-10-21 12:37 ` Lucas Stach
2015-10-21 13:37 ` Russell King - ARM Linux
2015-10-21 14:53 ` Lucas Stach
2015-10-21 15:13 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 04/48] staging: etnaviv: clean up public API (part 2) Lucas Stach
2015-09-25 11:57 ` [PATCH 05/48] staging: etnaviv: rename last remaining msm_* symbols Lucas Stach
2015-09-25 11:57 ` [PATCH 06/48] staging: etnaviv: rename last remaining bits from msm to etnaviv Lucas Stach
2015-09-25 11:57 ` [PATCH 07/48] staging: etnaviv: quiten down kernel log output Lucas Stach
2015-09-25 11:57 ` [PATCH 08/48] staging: etnaviv: add proper license header to all files Lucas Stach
2015-09-25 11:57 ` [PATCH 09/48] staging: etnaviv: add Dove GPU subsystem compatible Lucas Stach
2015-09-25 11:57 ` [PATCH 10/48] staging: etnaviv: fix missing error cleanups in etnaviv_load() Lucas Stach
2015-09-25 11:57 ` [PATCH 11/48] staging: etnaviv: fix off-by-one for iommu aperture end Lucas Stach
2015-09-25 11:57 ` [PATCH 12/48] staging: etnaviv: avoid lockdep circular dependency warning Lucas Stach
2015-09-25 12:20 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 13/48] staging: etnaviv: fix gpu debugfs show implementation Lucas Stach
2015-09-25 11:57 ` [PATCH 14/48] staging: etnaviv: use vm_insert_page() rather than vm_insert_mixed() Lucas Stach
2015-09-25 11:57 ` [PATCH 15/48] staging: etnaviv: etnaviv_gem_fault: reduce struct_mutex exposure Lucas Stach
2015-09-25 11:57 ` [PATCH 16/48] staging: etnaviv: give etnaviv_gem_mmap_offset() a sane behaviour Lucas Stach
2015-09-25 11:57 ` [PATCH 17/48] staging: etnaviv: allow etnaviv_ioctl_gem_info() locking to be interruptible Lucas Stach
2015-09-25 11:57 ` [PATCH 18/48] staging: etnaviv: make context a per-GPU thing Lucas Stach
2015-09-25 11:57 ` [PATCH 19/48] staging: etnaviv: switch to per-GPU fence completion implementation Lucas Stach
2015-09-25 11:57 ` [PATCH 20/48] staging: etnaviv: provide etnaviv_queue_work() Lucas Stach
2015-09-25 11:57 ` [PATCH 21/48] staging: etnaviv: use standard kernel types rather than stdint.h types Lucas Stach
2015-09-25 11:57 ` [PATCH 22/48] staging: etnaviv: no need to initialise a list_head Lucas Stach
2015-09-25 11:57 ` [PATCH 23/48] staging: etnaviv: fix oops caused by scanning for free blocks Lucas Stach
2015-09-25 11:57 ` [PATCH 24/48] staging: etnaviv: clean up etnaviv_iommu_unmap_gem() signature Lucas Stach
2015-09-25 11:57 ` [PATCH 25/48] staging: etnaviv: increase page table size to maximum Lucas Stach
2015-09-25 11:57 ` [PATCH 26/48] staging: etnaviv: fix BUG_ON when removing module Lucas Stach
2015-09-25 11:57 ` [PATCH 27/48] staging: etnaviv: provide a helper to load the GPU clock field Lucas Stach
2015-09-25 11:57 ` [PATCH 28/48] staging: etnaviv: rename GPU clock functions Lucas Stach
2015-09-25 11:57 ` [PATCH 29/48] staging: etnaviv: fix runtime resume Lucas Stach
2015-09-25 11:57 ` [PATCH 30/48] staging: etnaviv: drop event ring buffer tracking Lucas Stach
2015-09-25 11:57 ` [PATCH 31/48] staging: etnaviv: improve efficiency of command parser Lucas Stach
2015-09-25 11:57 ` [PATCH 32/48] staging: etnaviv: no point looking up the mapping for cmdstream bos Lucas Stach
2015-09-25 11:57 ` [PATCH 33/48] staging: etnaviv: copy submit command and bos in one go Lucas Stach
2015-09-25 11:57 ` [PATCH 34/48] staging: etnaviv: remove cmd buffer offset validation in submit_reloc() Lucas Stach
2015-09-25 11:57 ` [PATCH 35/48] staging: etnaviv: move mapping teardown into etnaviv_gem_free_object() Lucas Stach
2015-09-25 11:57 ` [PATCH 36/48] staging: etnaviv: add support for GEM_WAIT ioctl Lucas Stach
2015-09-25 11:57 ` [PATCH 37/48] staging: etnaviv: avoid pinning pages in CMA Lucas Stach
2015-09-25 11:57 ` [PATCH 38/48] staging: etnaviv: fix 'ret' may be used uninitialized in this function Lucas Stach
2015-09-25 11:57 ` [PATCH 39/48] staging: etnaviv: fix error: 'etnaviv_gpu_hw_resume' defined but not used Lucas Stach
2015-09-25 11:57 ` [PATCH 40/48] staging: etnaviv: debugfs: add possibility to dump kernel buffer Lucas Stach
2015-10-21 11:38 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 41/48] staging: etnaviv: change etnaviv_buffer_init() to return prefetch Lucas Stach
2015-10-21 11:38 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 42/48] staging: etnaviv: implement simple hang recovery Lucas Stach
2015-10-21 15:43 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 43/48] staging: etnaviv: map all buffers to the GPU Lucas Stach
2015-10-21 15:23 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 44/48] staging: etnaviv: implement cache maintenance on cpu_(prep|fini) Lucas Stach
2015-10-21 15:23 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 45/48] staging: etnaviv: remove submit type Lucas Stach
2015-10-21 14:41 ` Russell King - ARM Linux
2015-09-25 11:57 ` [PATCH 46/48] staging: etnaviv: rewrite submit interface to use copy from user Lucas Stach
2015-10-21 14:41 ` Russell King - ARM Linux
2015-10-26 20:48 ` Russell King - ARM Linux [this message]
2015-10-27 10:46 ` Lucas Stach
2015-09-25 11:57 ` [PATCH 47/48] staging: etnaviv: don't use GEM buffer for internal ring buffer Lucas Stach
2015-10-21 14:51 ` Russell King - ARM Linux
2015-09-25 11:58 ` [PATCH 48/48] staging: etnaviv: remove CMDSTREAM GEM allocation from UAPI Lucas Stach
2015-10-21 15:29 ` Russell King - ARM Linux
2015-09-28 9:46 ` [PATCH 00/48] Etnaviv changes RFCv1->RFCv2 Christian Gmeiner
2015-09-28 10:39 ` Lucas Stach
2015-09-30 7:53 ` Christian Gmeiner
2015-10-01 8:50 ` Lucas Stach
2015-10-13 8:25 ` Lucas Stach
2015-10-20 7:20 ` Christian Gmeiner
2015-10-20 9:00 ` Lucas Stach
2015-10-20 9:09 ` Jon Nettleton
2015-10-20 9:40 ` Christian Gmeiner
2015-10-20 10:42 ` Fabio Estevam
2015-10-20 9:39 ` Christian Gmeiner
2015-09-16 15:05 ` [PATCH RFCv2 3/4] staging: etnaviv: add drm driver Eric Anholt
2015-09-16 16:51 ` Russell King - ARM Linux
2015-09-16 18:43 ` Eric Anholt
2015-09-11 14:10 ` [PATCH RFCv2 4/4] ARM: imx6: add Vivante GPU nodes Lucas Stach
2015-09-11 14:15 ` [PATCH RFCv2 0/4] Etnaviv DRM driver again Lucas Stach
2015-10-20 9:36 ` Daniel Vetter
2015-10-21 17:04 ` Russell King - ARM Linux
2015-10-22 7:12 ` Daniel Vetter
2015-10-22 8:19 ` Lucas Stach
2015-10-22 8:42 ` Lucas Stach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151026204832.GJ22124@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=dri-devel@lists.freedesktop.org \
--cc=l.stach@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.