* [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
@ 2022-06-03 9:22 ` Vinod Polimera
0 siblings, 0 replies; 6+ messages in thread
From: Vinod Polimera @ 2022-06-03 9:22 UTC (permalink / raw)
To: dri-devel, linux-arm-msm, freedreno, devicetree
Cc: Vinod Polimera, linux-kernel, robdclark, dianders, vpolimer,
swboyd, kalyant, dmitry.baryshkov
During probe defer, drm device is not initialized and an external
trigger to shutdown is trying to clean up drm device leading to crash.
Add checks to avoid drm device cleanup in such cases.
BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000000000000b8
Call trace:
drm_atomic_helper_shutdown+0x44/0x144
msm_pdev_shutdown+0x2c/0x38
platform_shutdown+0x2c/0x38
device_shutdown+0x158/0x210
kernel_restart_prepare+0x40/0x4c
kernel_restart+0x20/0x6c
__arm64_sys_reboot+0x194/0x23c
invoke_syscall+0x50/0x13c
el0_svc_common+0xa0/0x17c
do_el0_svc_compat+0x28/0x34
el0_svc_compat+0x20/0x70
el0t_32_sync_handler+0xa8/0xcc
el0t_32_sync+0x1a8/0x1ac
Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
---
drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 4448536..d62ac66 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev)
struct msm_drm_private *priv = dev->dev_private;
struct msm_kms *kms = priv->kms;
+ if (!irq_has_action(kms->irq))
+ return;
+
kms->funcs->irq_uninstall(kms);
if (kms->irq_requested)
free_irq(kms->irq, dev);
@@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
ddev->dev_private = NULL;
drm_dev_put(ddev);
+ priv->dev = NULL;
destroy_workqueue(priv->wq);
@@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev)
struct msm_drm_private *priv = platform_get_drvdata(pdev);
struct drm_device *drm = priv ? priv->dev : NULL;
- if (!priv || !priv->kms)
+ if (!priv || !priv->kms || !drm)
return;
drm_atomic_helper_shutdown(drm);
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
@ 2022-06-03 9:22 ` Vinod Polimera
0 siblings, 0 replies; 6+ messages in thread
From: Vinod Polimera @ 2022-06-03 9:22 UTC (permalink / raw)
To: dri-devel, linux-arm-msm, freedreno, devicetree
Cc: vpolimer, dianders, linux-kernel, dmitry.baryshkov, swboyd,
kalyant, Vinod Polimera
During probe defer, drm device is not initialized and an external
trigger to shutdown is trying to clean up drm device leading to crash.
Add checks to avoid drm device cleanup in such cases.
BUG: unable to handle kernel NULL pointer dereference at virtual
address 00000000000000b8
Call trace:
drm_atomic_helper_shutdown+0x44/0x144
msm_pdev_shutdown+0x2c/0x38
platform_shutdown+0x2c/0x38
device_shutdown+0x158/0x210
kernel_restart_prepare+0x40/0x4c
kernel_restart+0x20/0x6c
__arm64_sys_reboot+0x194/0x23c
invoke_syscall+0x50/0x13c
el0_svc_common+0xa0/0x17c
do_el0_svc_compat+0x28/0x34
el0_svc_compat+0x20/0x70
el0t_32_sync_handler+0xa8/0xcc
el0t_32_sync+0x1a8/0x1ac
Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
---
drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 4448536..d62ac66 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev)
struct msm_drm_private *priv = dev->dev_private;
struct msm_kms *kms = priv->kms;
+ if (!irq_has_action(kms->irq))
+ return;
+
kms->funcs->irq_uninstall(kms);
if (kms->irq_requested)
free_irq(kms->irq, dev);
@@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
ddev->dev_private = NULL;
drm_dev_put(ddev);
+ priv->dev = NULL;
destroy_workqueue(priv->wq);
@@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev)
struct msm_drm_private *priv = platform_get_drvdata(pdev);
struct drm_device *drm = priv ? priv->dev : NULL;
- if (!priv || !priv->kms)
+ if (!priv || !priv->kms || !drm)
return;
drm_atomic_helper_shutdown(drm);
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
2022-06-03 9:22 ` Vinod Polimera
@ 2022-06-03 9:37 ` Dmitry Baryshkov
-1 siblings, 0 replies; 6+ messages in thread
From: Dmitry Baryshkov @ 2022-06-03 9:37 UTC (permalink / raw)
To: Vinod Polimera, dri-devel, linux-arm-msm, freedreno, devicetree
Cc: linux-kernel, robdclark, dianders, vpolimer, swboyd, kalyant
On 03/06/2022 12:22, Vinod Polimera wrote:
> During probe defer, drm device is not initialized and an external
> trigger to shutdown is trying to clean up drm device leading to crash.
> Add checks to avoid drm device cleanup in such cases.
>
> BUG: unable to handle kernel NULL pointer dereference at virtual
> address 00000000000000b8
>
> Call trace:
>
> drm_atomic_helper_shutdown+0x44/0x144
> msm_pdev_shutdown+0x2c/0x38
> platform_shutdown+0x2c/0x38
> device_shutdown+0x158/0x210
> kernel_restart_prepare+0x40/0x4c
> kernel_restart+0x20/0x6c
> __arm64_sys_reboot+0x194/0x23c
> invoke_syscall+0x50/0x13c
> el0_svc_common+0xa0/0x17c
> do_el0_svc_compat+0x28/0x34
> el0_svc_compat+0x20/0x70
> el0t_32_sync_handler+0xa8/0xcc
> el0t_32_sync+0x1a8/0x1ac
>
> Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
Fixes ?
> ---
> drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
> index 4448536..d62ac66 100644
> --- a/drivers/gpu/drm/msm/msm_drv.c
> +++ b/drivers/gpu/drm/msm/msm_drv.c
> @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev)
> struct msm_drm_private *priv = dev->dev_private;
> struct msm_kms *kms = priv->kms;
>
> + if (!irq_has_action(kms->irq))
> + return;
> +
Is this part required with
https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1?
> kms->funcs->irq_uninstall(kms);
> if (kms->irq_requested)
> free_irq(kms->irq, dev);
> @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
>
> ddev->dev_private = NULL;
> drm_dev_put(ddev);
> + priv->dev = NULL;
What are you trying to protect here?
>
> destroy_workqueue(priv->wq);
>
> @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev)
> struct msm_drm_private *priv = platform_get_drvdata(pdev);
> struct drm_device *drm = priv ? priv->dev : NULL;
>
> - if (!priv || !priv->kms)
> + if (!priv || !priv->kms || !drm)
> return;
>
> drm_atomic_helper_shutdown(drm);
--
With best wishes
Dmitry
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
@ 2022-06-03 9:37 ` Dmitry Baryshkov
0 siblings, 0 replies; 6+ messages in thread
From: Dmitry Baryshkov @ 2022-06-03 9:37 UTC (permalink / raw)
To: Vinod Polimera, dri-devel, linux-arm-msm, freedreno, devicetree
Cc: dianders, vpolimer, linux-kernel, swboyd, kalyant
On 03/06/2022 12:22, Vinod Polimera wrote:
> During probe defer, drm device is not initialized and an external
> trigger to shutdown is trying to clean up drm device leading to crash.
> Add checks to avoid drm device cleanup in such cases.
>
> BUG: unable to handle kernel NULL pointer dereference at virtual
> address 00000000000000b8
>
> Call trace:
>
> drm_atomic_helper_shutdown+0x44/0x144
> msm_pdev_shutdown+0x2c/0x38
> platform_shutdown+0x2c/0x38
> device_shutdown+0x158/0x210
> kernel_restart_prepare+0x40/0x4c
> kernel_restart+0x20/0x6c
> __arm64_sys_reboot+0x194/0x23c
> invoke_syscall+0x50/0x13c
> el0_svc_common+0xa0/0x17c
> do_el0_svc_compat+0x28/0x34
> el0_svc_compat+0x20/0x70
> el0t_32_sync_handler+0xa8/0xcc
> el0t_32_sync+0x1a8/0x1ac
>
> Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
Fixes ?
> ---
> drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
> index 4448536..d62ac66 100644
> --- a/drivers/gpu/drm/msm/msm_drv.c
> +++ b/drivers/gpu/drm/msm/msm_drv.c
> @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev)
> struct msm_drm_private *priv = dev->dev_private;
> struct msm_kms *kms = priv->kms;
>
> + if (!irq_has_action(kms->irq))
> + return;
> +
Is this part required with
https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1?
> kms->funcs->irq_uninstall(kms);
> if (kms->irq_requested)
> free_irq(kms->irq, dev);
> @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
>
> ddev->dev_private = NULL;
> drm_dev_put(ddev);
> + priv->dev = NULL;
What are you trying to protect here?
>
> destroy_workqueue(priv->wq);
>
> @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev)
> struct msm_drm_private *priv = platform_get_drvdata(pdev);
> struct drm_device *drm = priv ? priv->dev : NULL;
>
> - if (!priv || !priv->kms)
> + if (!priv || !priv->kms || !drm)
> return;
>
> drm_atomic_helper_shutdown(drm);
--
With best wishes
Dmitry
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
2022-06-03 9:37 ` Dmitry Baryshkov
@ 2022-06-03 10:55 ` Vinod Polimera
-1 siblings, 0 replies; 6+ messages in thread
From: Vinod Polimera @ 2022-06-03 10:55 UTC (permalink / raw)
To: dmitry.baryshkov, Vinod Polimera (QUIC),
dri-devel, linux-arm-msm, freedreno, devicetree
Cc: linux-kernel, robdclark, dianders, vpolimer, swboyd, Kalyan Thota (QUIC)
> -----Original Message-----
> From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> Sent: Friday, June 3, 2022 3:07 PM
> To: Vinod Polimera (QUIC) <quic_vpolimer@quicinc.com>; dri-
> devel@lists.freedesktop.org; linux-arm-msm@vger.kernel.org;
> freedreno@lists.freedesktop.org; devicetree@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org; robdclark@gmail.com;
> dianders@chromium.org; vpolimer@quicinc.com; swboyd@chromium.org;
> kalyant@quicinc.com
> Subject: Re: [v1] drm/msm: add null checks for drm device to avoid crash
> during probe defer
>
> WARNING: This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
> On 03/06/2022 12:22, Vinod Polimera wrote:
> > During probe defer, drm device is not initialized and an external
> > trigger to shutdown is trying to clean up drm device leading to crash.
> > Add checks to avoid drm device cleanup in such cases.
> >
> > BUG: unable to handle kernel NULL pointer dereference at virtual
> > address 00000000000000b8
> >
> > Call trace:
> >
> > drm_atomic_helper_shutdown+0x44/0x144
> > msm_pdev_shutdown+0x2c/0x38
> > platform_shutdown+0x2c/0x38
> > device_shutdown+0x158/0x210
> > kernel_restart_prepare+0x40/0x4c
> > kernel_restart+0x20/0x6c
> > __arm64_sys_reboot+0x194/0x23c
> > invoke_syscall+0x50/0x13c
> > el0_svc_common+0xa0/0x17c
> > do_el0_svc_compat+0x28/0x34
> > el0_svc_compat+0x20/0x70
> > el0t_32_sync_handler+0xa8/0xcc
> > el0t_32_sync+0x1a8/0x1ac
> >
> > Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
>
> Fixes ?
- Added fixes tag in v2.
>
> > ---
> > drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/msm/msm_drv.c
> b/drivers/gpu/drm/msm/msm_drv.c
> > index 4448536..d62ac66 100644
> > --- a/drivers/gpu/drm/msm/msm_drv.c
> > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device
> *dev)
> > struct msm_drm_private *priv = dev->dev_private;
> > struct msm_kms *kms = priv->kms;
> >
> > + if (!irq_has_action(kms->irq))
> > + return;
> > +
>
> Is this part required with
> https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1?
Yes, I feel like this is a better approach than maintaining a new variable. I see a couple of drivers following similar approach to safeguard uninstall without being install called.
>
> > kms->funcs->irq_uninstall(kms);
> > if (kms->irq_requested)
> > free_irq(kms->irq, dev);
> > @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
> >
> > ddev->dev_private = NULL;
> > drm_dev_put(ddev);
> > + priv->dev = NULL;
>
> What are you trying to protect here?
If we get a shutdown call after probe defer, there can be stale pointer in priv->dev which is invalid that needs to be cleared.
>
> >
> > destroy_workqueue(priv->wq);
> >
> > @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device
> *pdev)
> > struct msm_drm_private *priv = platform_get_drvdata(pdev);
> > struct drm_device *drm = priv ? priv->dev : NULL;
> >
> > - if (!priv || !priv->kms)
> > + if (!priv || !priv->kms || !drm)
> > return;
> >
> > drm_atomic_helper_shutdown(drm);
>
>
> --
> With best wishes
> Dmitry
^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: [v1] drm/msm: add null checks for drm device to avoid crash during probe defer
@ 2022-06-03 10:55 ` Vinod Polimera
0 siblings, 0 replies; 6+ messages in thread
From: Vinod Polimera @ 2022-06-03 10:55 UTC (permalink / raw)
To: dmitry.baryshkov, Vinod Polimera (QUIC),
dri-devel, linux-arm-msm, freedreno, devicetree
Cc: Kalyan Thota (QUIC), vpolimer, linux-kernel, swboyd, dianders
> -----Original Message-----
> From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
> Sent: Friday, June 3, 2022 3:07 PM
> To: Vinod Polimera (QUIC) <quic_vpolimer@quicinc.com>; dri-
> devel@lists.freedesktop.org; linux-arm-msm@vger.kernel.org;
> freedreno@lists.freedesktop.org; devicetree@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org; robdclark@gmail.com;
> dianders@chromium.org; vpolimer@quicinc.com; swboyd@chromium.org;
> kalyant@quicinc.com
> Subject: Re: [v1] drm/msm: add null checks for drm device to avoid crash
> during probe defer
>
> WARNING: This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
>
> On 03/06/2022 12:22, Vinod Polimera wrote:
> > During probe defer, drm device is not initialized and an external
> > trigger to shutdown is trying to clean up drm device leading to crash.
> > Add checks to avoid drm device cleanup in such cases.
> >
> > BUG: unable to handle kernel NULL pointer dereference at virtual
> > address 00000000000000b8
> >
> > Call trace:
> >
> > drm_atomic_helper_shutdown+0x44/0x144
> > msm_pdev_shutdown+0x2c/0x38
> > platform_shutdown+0x2c/0x38
> > device_shutdown+0x158/0x210
> > kernel_restart_prepare+0x40/0x4c
> > kernel_restart+0x20/0x6c
> > __arm64_sys_reboot+0x194/0x23c
> > invoke_syscall+0x50/0x13c
> > el0_svc_common+0xa0/0x17c
> > do_el0_svc_compat+0x28/0x34
> > el0_svc_compat+0x20/0x70
> > el0t_32_sync_handler+0xa8/0xcc
> > el0t_32_sync+0x1a8/0x1ac
> >
> > Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com>
>
> Fixes ?
- Added fixes tag in v2.
>
> > ---
> > drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/msm/msm_drv.c
> b/drivers/gpu/drm/msm/msm_drv.c
> > index 4448536..d62ac66 100644
> > --- a/drivers/gpu/drm/msm/msm_drv.c
> > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device
> *dev)
> > struct msm_drm_private *priv = dev->dev_private;
> > struct msm_kms *kms = priv->kms;
> >
> > + if (!irq_has_action(kms->irq))
> > + return;
> > +
>
> Is this part required with
> https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1?
Yes, I feel like this is a better approach than maintaining a new variable. I see a couple of drivers following similar approach to safeguard uninstall without being install called.
>
> > kms->funcs->irq_uninstall(kms);
> > if (kms->irq_requested)
> > free_irq(kms->irq, dev);
> > @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
> >
> > ddev->dev_private = NULL;
> > drm_dev_put(ddev);
> > + priv->dev = NULL;
>
> What are you trying to protect here?
If we get a shutdown call after probe defer, there can be stale pointer in priv->dev which is invalid that needs to be cleared.
>
> >
> > destroy_workqueue(priv->wq);
> >
> > @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device
> *pdev)
> > struct msm_drm_private *priv = platform_get_drvdata(pdev);
> > struct drm_device *drm = priv ? priv->dev : NULL;
> >
> > - if (!priv || !priv->kms)
> > + if (!priv || !priv->kms || !drm)
> > return;
> >
> > drm_atomic_helper_shutdown(drm);
>
>
> --
> With best wishes
> Dmitry
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-06-03 10:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-03 9:22 [v1] drm/msm: add null checks for drm device to avoid crash during probe defer Vinod Polimera
2022-06-03 9:22 ` Vinod Polimera
2022-06-03 9:37 ` Dmitry Baryshkov
2022-06-03 9:37 ` Dmitry Baryshkov
2022-06-03 10:55 ` Vinod Polimera
2022-06-03 10:55 ` Vinod Polimera
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.