* [RFC] drm/exynos: abort commit when framebuffer is removed from plane
@ 2014-06-19 15:13 Rahul Sharma
2014-07-08 10:03 ` Rahul Sharma
2014-07-08 15:55 ` Inki Dae
0 siblings, 2 replies; 5+ messages in thread
From: Rahul Sharma @ 2014-06-19 15:13 UTC (permalink / raw)
To: dri-devel
Cc: linux-samsung-soc, inki.dae, kgene.kim, joshi, r.sh.open, Rahul Sharma
This situation arises when userspace remove the frambuffer object
and call setmode ioctl.
drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
and
drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
exynos_drm_crtc_plane_commit which is NULL.
This crashes the system.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
---
This works fine but I am not confident on the correctness of the
solution.
drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
index 95c9435..da4efe4 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
@@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
return -EPERM;
}
+ /* when framebuffer is removed, commit should not proceed. */
+ if(!plane->fb){
+ DRM_ERROR("framebuffer has been removed from plane.\n");
+ return -EFAULT;
+ }
+
crtc_w = crtc->primary->fb->width - x;
crtc_h = crtc->primary->fb->height - y;
--
1.7.9.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [RFC] drm/exynos: abort commit when framebuffer is removed from plane
2014-06-19 15:13 [RFC] drm/exynos: abort commit when framebuffer is removed from plane Rahul Sharma
@ 2014-07-08 10:03 ` Rahul Sharma
2014-07-08 15:55 ` Inki Dae
1 sibling, 0 replies; 5+ messages in thread
From: Rahul Sharma @ 2014-07-08 10:03 UTC (permalink / raw)
To: dri-devel
Cc: linux-samsung-soc, Inki Dae, Kukjin Kim, sunil joshi,
Rahul Sharma, Rahul Sharma
Hi Inki,
What do you think about the following fix? I need your inputs for this.
Regards,
Rahul Sharma
On 19 June 2014 20:43, Rahul Sharma <rahul.sharma@samsung.com> wrote:
> This situation arises when userspace remove the frambuffer object
> and call setmode ioctl.
>
> drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
> and
> drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
> exynos_drm_crtc_plane_commit which is NULL.
>
> This crashes the system.
>
> Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
> ---
> This works fine but I am not confident on the correctness of the
> solution.
>
> drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> index 95c9435..da4efe4 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> @@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
> return -EPERM;
> }
>
> + /* when framebuffer is removed, commit should not proceed. */
> + if(!plane->fb){
> + DRM_ERROR("framebuffer has been removed from plane.\n");
> + return -EFAULT;
> + }
> +
> crtc_w = crtc->primary->fb->width - x;
> crtc_h = crtc->primary->fb->height - y;
>
> --
> 1.7.9.5
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] drm/exynos: abort commit when framebuffer is removed from plane
2014-06-19 15:13 [RFC] drm/exynos: abort commit when framebuffer is removed from plane Rahul Sharma
2014-07-08 10:03 ` Rahul Sharma
@ 2014-07-08 15:55 ` Inki Dae
2014-07-09 11:06 ` Rahul Sharma
1 sibling, 1 reply; 5+ messages in thread
From: Inki Dae @ 2014-07-08 15:55 UTC (permalink / raw)
To: Rahul Sharma; +Cc: kgene.kim, linux-samsung-soc, joshi, dri-devel
2014-06-20 0:13 GMT+09:00 Rahul Sharma <rahul.sharma@samsung.com>:
> This situation arises when userspace remove the frambuffer object
> and call setmode ioctl.
>
> drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
> and
> drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
> exynos_drm_crtc_plane_commit which is NULL.
If user process requested drm_mode_rmfb with a fb_id, fb object to the
fb_id must be removed from crtc_idr table. So drm_mode_setcrtc should
be failed because there is no the fb object in the crtc_idr table
anymore.
I cannot understand how exynos_drm_crtc_plane_commit function could be
called. Can you give me more details?
Thanks,
Inki Dae
>
> This crashes the system.
>
> Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
> ---
> This works fine but I am not confident on the correctness of the
> solution.
>
> drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> index 95c9435..da4efe4 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> @@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
> return -EPERM;
> }
>
> + /* when framebuffer is removed, commit should not proceed. */
> + if(!plane->fb){
> + DRM_ERROR("framebuffer has been removed from plane.\n");
> + return -EFAULT;
> + }
> +
> crtc_w = crtc->primary->fb->width - x;
> crtc_h = crtc->primary->fb->height - y;
>
> --
> 1.7.9.5
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] drm/exynos: abort commit when framebuffer is removed from plane
2014-07-08 15:55 ` Inki Dae
@ 2014-07-09 11:06 ` Rahul Sharma
2014-07-09 14:39 ` Inki Dae
0 siblings, 1 reply; 5+ messages in thread
From: Rahul Sharma @ 2014-07-09 11:06 UTC (permalink / raw)
To: Inki Dae; +Cc: Kukjin Kim, linux-samsung-soc, sunil joshi, dri-devel
On 8 July 2014 21:25, Inki Dae <inki.dae@samsung.com> wrote:
> 2014-06-20 0:13 GMT+09:00 Rahul Sharma <rahul.sharma@samsung.com>:
>> This situation arises when userspace remove the frambuffer object
>> and call setmode ioctl.
>>
>> drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
>> and
>> drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
>> exynos_drm_crtc_plane_commit which is NULL.
>
> If user process requested drm_mode_rmfb with a fb_id, fb object to the
> fb_id must be removed from crtc_idr table. So drm_mode_setcrtc should
> be failed because there is no the fb object in the crtc_idr table
> anymore.
> I cannot understand how exynos_drm_crtc_plane_commit function could be
> called. Can you give me more details?
Inki,
These logs should clarify more about the problem:
localhost ~ # halt
localhost ~ # [ 130.570309] init: debugd main process (781) killed by
TERM signal
[ 130.602453] init: lid_touchpad_helper main process (2100) killed by
TERM signal
[ 131.374955] CPU: 2 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
[ 131.380558] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
(show_stack+0x20/0x24)
[ 131.388327] [<c001213c>] (show_stack) from [<c05217d4>]
(dump_stack+0x7c/0x98)
[ 131.395522] [<c05217d4>] (dump_stack) from [<c02ab7e4>]
(exynos_drm_crtc_plane_commit+0x20/0x40)
[ 131.404263] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
[<c02ae28c>] (exynos_plane_commit+0x24/0x28)
[ 131.413779] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
(exynos_drm_crtc_commit+0x2c/0x54)
[ 131.422802] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
(exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
[ 131.433468] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
from [<c02ab3f0>] (exynos_drm_crtc_page_flip+0x100/0x174)
[ 131.444587] [<c02ab3f0>] (exynos_drm_crtc_page_flip) from
[<c02a1ab4>] (drm_mode_page_flip_ioctl+0x1f0/0x2b0)
-->> [ 131.454460] [<c02a1ab4>] (drm_mode_page_flip_ioctl) from
[<c0292cb4>] (drm_ioctl+0x270/0x44c)
[ 131.462966] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
(do_vfs_ioctl+0x4e4/0x5a0)
[ 131.470397] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
(SyS_ioctl+0x5c/0x84)
[ 131.477728] [<c0113144>] (SyS_ioctl) from [<c000e380>]
(ret_fast_syscall+0x0/0x30)
[ 131.762797] CPU: 1 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
[ 131.768378] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
(show_stack+0x20/0x24)
[ 131.776151] [<c001213c>] (show_stack) from [<c05217d4>]
(dump_stack+0x7c/0x98)
[ 131.783315] [<c05217d4>] (dump_stack) from [<c029c130>]
(drm_plane_force_disable+0x5c/0x68)
[ 131.791658] [<c029c130>] (drm_plane_force_disable) from
[<c029cf68>] (drm_framebuffer_remove+0xe4/0x110)
[ 131.801070] [<c029cf68>] (drm_framebuffer_remove) from [<c02a09c0>]
(drm_mode_rmfb+0xd4/0xfc)
-->> [ 131.809597] [<c02a09c0>] (drm_mode_rmfb) from [<c0292cb4>]
(drm_ioctl+0x270/0x44c)
[ 131.817135] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
(do_vfs_ioctl+0x4e4/0x5a0)
[ 131.824609] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
(SyS_ioctl+0x5c/0x84)
[ 131.831884] [<c0113144>] (SyS_ioctl) from [<c000e380>]
(ret_fast_syscall+0x0/0x30)
[ 132.077803] CPU: 0 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
[ 132.083413] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
(show_stack+0x20/0x24)
[ 132.091111] [<c001213c>] (show_stack) from [<c05217d4>]
(dump_stack+0x7c/0x98)
[ 132.098343] [<c05217d4>] (dump_stack) from [<c02ab7e4>]
(exynos_drm_crtc_plane_commit+0x20/0x40)
[ 132.107098] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
[<c02ae28c>] (exynos_plane_commit+0x24/0x28)
[ 132.116631] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
(exynos_drm_crtc_commit+0x2c/0x54)
[ 132.125660] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
(exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
[ 132.136330] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
from [<c02ab2ec>] (exynos_drm_crtc_mode_set_base+0x18/0x1c)
[ 132.147605] [<c02ab2ec>] (exynos_drm_crtc_mode_set_base) from
[<c028c148>] (drm_crtc_helper_set_config+0x828/0x8a4)
[ 132.158029] [<c028c148>] (drm_crtc_helper_set_config) from
[<c029ce1c>] (drm_mode_set_config_internal+0x58/0xc0)
[ 132.168155] [<c029ce1c>] (drm_mode_set_config_internal) from
[<c029fe64>] (drm_mode_setcrtc+0x388/0x4ac)
-->> [ 132.177630] [<c029fe64>] (drm_mode_setcrtc) from [<c0292cb4>]
(drm_ioctl+0x270/0x44c)
[ 132.185417] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
(do_vfs_ioctl+0x4e4/0x5a0)
[ 132.192897] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
(SyS_ioctl+0x5c/0x84)
[ 132.200138] [<c0113144>] (SyS_ioctl) from [<c000e380>]
(ret_fast_syscall+0x0/0x30)
[ 132.207735] Unable to handle kernel NULL pointer dereference at
virtual address 0000032c
..
..
[ 132.510786] ff80: b6ebdeb8 bee1d5e8 c06864a2 00000036 c000e5a4
ecf0e000 00000000 ecf0ffa8
[ 132.518941] ffa0: c000e380 c01130f4 b6ebdeb8 bee1d5e8 00000005
c06864a2 bee1d5e8 00000001
[ 132.527095] ffc0: b6ebdeb8 bee1d5e8 c06864a2 00000036 b85d4a74
b8702a60 00000000 bee1d688
[ 132.535250] ffe0: b6a82f30 bee1d5cc b6a75cff b6bce50c 00000010
00000005 e1a0c00d e92dd800
[ 132.543408] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
[<c02ae28c>] (exynos_plane_commit+0x24/0x28)
[ 132.552949] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
(exynos_drm_crtc_commit+0x2c/0x54)
[ 132.561971] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
(exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
[ 132.572641] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
from [<c02ab2ec>] (exynos_drm_crtc_mode_set_base+0x18/0x1c)
[ 132.583919] [<c02ab2ec>] (exynos_drm_crtc_mode_set_base) from
[<c028c148>] (drm_crtc_helper_set_config+0x828/0x8a4)
[ 132.594329] [<c028c148>] (drm_crtc_helper_set_config) from
[<c029ce1c>] (drm_mode_set_config_internal+0x58/0xc0)
[ 132.604478] [<c029ce1c>] (drm_mode_set_config_internal) from
[<c029fe64>] (drm_mode_setcrtc+0x388/0x4ac)
[ 132.613933] [<c029fe64>] (drm_mode_setcrtc) from [<c0292cb4>]
(drm_ioctl+0x270/0x44c)
[ 132.621741] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
(do_vfs_ioctl+0x4e4/0x5a0)
[ 132.629201] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
(SyS_ioctl+0x5c/0x84)
[ 132.636489] [<c0113144>] (SyS_ioctl) from [<c000e380>]
(ret_fast_syscall+0x0/0x30)
[ 132.644035] Code: e8bd4000 e1a05000 e1a04001 eb09d7dc (e595032c)
[ 132.650164] ---[ end trace 4bc5b9657975a179 ]---
[ 132.654749] Kernel panic - not syncing: Fatal exception
[ 132.659912] CPU3: stopping
[ 132.662600] CPU: 3 PID: 478 Comm: rs:main Q:Reg Tainted: G D W
3.16.0-rc1+ #623
[ 132.670673] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
(show_stack+0x20/0x24)
[ 132.678392] [<c001213c>] (show_stack) from [<c05217d4>]
(dump_stack+0x7c/0x98)
[ 132.685590] [<c05217d4>] (dump_stack) from [<c001409c>]
(handle_IPI+0xd8/0x160)
[ 132.692876] [<c001409c>] (handle_IPI) from [<c0008688>]
(gic_handle_irq+0x68/0x70)
[ 132.700423] [<c0008688>] (gic_handle_irq) from [<c0012cc0>]
(__irq_svc+0x40/0x50)
Regards,
Rahul Sharma.
>
> Thanks,
> Inki Dae
>
>>
>> This crashes the system.
>>
>> Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
>> ---
>> This works fine but I am not confident on the correctness of the
>> solution.
>>
>> drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
>> 1 file changed, 6 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>> index 95c9435..da4efe4 100644
>> --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>> +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>> @@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
>> return -EPERM;
>> }
>>
>> + /* when framebuffer is removed, commit should not proceed. */
>> + if(!plane->fb){
>> + DRM_ERROR("framebuffer has been removed from plane.\n");
>> + return -EFAULT;
>> + }
>> +
>> crtc_w = crtc->primary->fb->width - x;
>> crtc_h = crtc->primary->fb->height - y;
>>
>> --
>> 1.7.9.5
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [RFC] drm/exynos: abort commit when framebuffer is removed from plane
2014-07-09 11:06 ` Rahul Sharma
@ 2014-07-09 14:39 ` Inki Dae
0 siblings, 0 replies; 5+ messages in thread
From: Inki Dae @ 2014-07-09 14:39 UTC (permalink / raw)
To: Rahul Sharma; +Cc: Kukjin Kim, linux-samsung-soc, sunil joshi, dri-devel
On 2014년 07월 09일 20:06, Rahul Sharma wrote:
> On 8 July 2014 21:25, Inki Dae <inki.dae@samsung.com> wrote:
>> 2014-06-20 0:13 GMT+09:00 Rahul Sharma <rahul.sharma@samsung.com>:
>>> This situation arises when userspace remove the frambuffer object
>>> and call setmode ioctl.
>>>
>>> drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
>>> and
>>> drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
>>> exynos_drm_crtc_plane_commit which is NULL.
>>
>> If user process requested drm_mode_rmfb with a fb_id, fb object to the
>> fb_id must be removed from crtc_idr table. So drm_mode_setcrtc should
>> be failed because there is no the fb object in the crtc_idr table
>> anymore.
>> I cannot understand how exynos_drm_crtc_plane_commit function could be
>> called. Can you give me more details?
>
> Inki,
>
> These logs should clarify more about the problem:
Thanks. And how can I reenact below problem? if we could reenact this
problem, we may find out fundamental problem and resolve it in more
generic. Can I get example code?
Thanks,
Inki Dae
>
> localhost ~ # halt
> localhost ~ # [ 130.570309] init: debugd main process (781) killed by
> TERM signal
> [ 130.602453] init: lid_touchpad_helper main process (2100) killed by
> TERM signal
> [ 131.374955] CPU: 2 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
> [ 131.380558] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
> (show_stack+0x20/0x24)
> [ 131.388327] [<c001213c>] (show_stack) from [<c05217d4>]
> (dump_stack+0x7c/0x98)
> [ 131.395522] [<c05217d4>] (dump_stack) from [<c02ab7e4>]
> (exynos_drm_crtc_plane_commit+0x20/0x40)
> [ 131.404263] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
> [<c02ae28c>] (exynos_plane_commit+0x24/0x28)
> [ 131.413779] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
> (exynos_drm_crtc_commit+0x2c/0x54)
> [ 131.422802] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
> (exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
> [ 131.433468] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
> from [<c02ab3f0>] (exynos_drm_crtc_page_flip+0x100/0x174)
> [ 131.444587] [<c02ab3f0>] (exynos_drm_crtc_page_flip) from
> [<c02a1ab4>] (drm_mode_page_flip_ioctl+0x1f0/0x2b0)
> -->> [ 131.454460] [<c02a1ab4>] (drm_mode_page_flip_ioctl) from
> [<c0292cb4>] (drm_ioctl+0x270/0x44c)
> [ 131.462966] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
> (do_vfs_ioctl+0x4e4/0x5a0)
> [ 131.470397] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
> (SyS_ioctl+0x5c/0x84)
> [ 131.477728] [<c0113144>] (SyS_ioctl) from [<c000e380>]
> (ret_fast_syscall+0x0/0x30)
> [ 131.762797] CPU: 1 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
> [ 131.768378] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
> (show_stack+0x20/0x24)
> [ 131.776151] [<c001213c>] (show_stack) from [<c05217d4>]
> (dump_stack+0x7c/0x98)
> [ 131.783315] [<c05217d4>] (dump_stack) from [<c029c130>]
> (drm_plane_force_disable+0x5c/0x68)
> [ 131.791658] [<c029c130>] (drm_plane_force_disable) from
> [<c029cf68>] (drm_framebuffer_remove+0xe4/0x110)
> [ 131.801070] [<c029cf68>] (drm_framebuffer_remove) from [<c02a09c0>]
> (drm_mode_rmfb+0xd4/0xfc)
> -->> [ 131.809597] [<c02a09c0>] (drm_mode_rmfb) from [<c0292cb4>]
> (drm_ioctl+0x270/0x44c)
> [ 131.817135] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
> (do_vfs_ioctl+0x4e4/0x5a0)
> [ 131.824609] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
> (SyS_ioctl+0x5c/0x84)
> [ 131.831884] [<c0113144>] (SyS_ioctl) from [<c000e380>]
> (ret_fast_syscall+0x0/0x30)
> [ 132.077803] CPU: 0 PID: 834 Comm: X Tainted: G W 3.16.0-rc1+ #623
> [ 132.083413] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
> (show_stack+0x20/0x24)
> [ 132.091111] [<c001213c>] (show_stack) from [<c05217d4>]
> (dump_stack+0x7c/0x98)
> [ 132.098343] [<c05217d4>] (dump_stack) from [<c02ab7e4>]
> (exynos_drm_crtc_plane_commit+0x20/0x40)
> [ 132.107098] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
> [<c02ae28c>] (exynos_plane_commit+0x24/0x28)
> [ 132.116631] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
> (exynos_drm_crtc_commit+0x2c/0x54)
> [ 132.125660] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
> (exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
> [ 132.136330] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
> from [<c02ab2ec>] (exynos_drm_crtc_mode_set_base+0x18/0x1c)
> [ 132.147605] [<c02ab2ec>] (exynos_drm_crtc_mode_set_base) from
> [<c028c148>] (drm_crtc_helper_set_config+0x828/0x8a4)
> [ 132.158029] [<c028c148>] (drm_crtc_helper_set_config) from
> [<c029ce1c>] (drm_mode_set_config_internal+0x58/0xc0)
> [ 132.168155] [<c029ce1c>] (drm_mode_set_config_internal) from
> [<c029fe64>] (drm_mode_setcrtc+0x388/0x4ac)
> -->> [ 132.177630] [<c029fe64>] (drm_mode_setcrtc) from [<c0292cb4>]
> (drm_ioctl+0x270/0x44c)
> [ 132.185417] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
> (do_vfs_ioctl+0x4e4/0x5a0)
> [ 132.192897] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
> (SyS_ioctl+0x5c/0x84)
> [ 132.200138] [<c0113144>] (SyS_ioctl) from [<c000e380>]
> (ret_fast_syscall+0x0/0x30)
> [ 132.207735] Unable to handle kernel NULL pointer dereference at
> virtual address 0000032c
> ..
> ..
> [ 132.510786] ff80: b6ebdeb8 bee1d5e8 c06864a2 00000036 c000e5a4
> ecf0e000 00000000 ecf0ffa8
> [ 132.518941] ffa0: c000e380 c01130f4 b6ebdeb8 bee1d5e8 00000005
> c06864a2 bee1d5e8 00000001
> [ 132.527095] ffc0: b6ebdeb8 bee1d5e8 c06864a2 00000036 b85d4a74
> b8702a60 00000000 bee1d688
> [ 132.535250] ffe0: b6a82f30 bee1d5cc b6a75cff b6bce50c 00000010
> 00000005 e1a0c00d e92dd800
> [ 132.543408] [<c02ab7e4>] (exynos_drm_crtc_plane_commit) from
> [<c02ae28c>] (exynos_plane_commit+0x24/0x28)
> [ 132.552949] [<c02ae28c>] (exynos_plane_commit) from [<c02ab1c8>]
> (exynos_drm_crtc_commit+0x2c/0x54)
> [ 132.561971] [<c02ab1c8>] (exynos_drm_crtc_commit) from [<c02ab2c0>]
> (exynos_drm_crtc_mode_set_commit.isra.1+0x8c/0xa0)
> [ 132.572641] [<c02ab2c0>] (exynos_drm_crtc_mode_set_commit.isra.1)
> from [<c02ab2ec>] (exynos_drm_crtc_mode_set_base+0x18/0x1c)
> [ 132.583919] [<c02ab2ec>] (exynos_drm_crtc_mode_set_base) from
> [<c028c148>] (drm_crtc_helper_set_config+0x828/0x8a4)
> [ 132.594329] [<c028c148>] (drm_crtc_helper_set_config) from
> [<c029ce1c>] (drm_mode_set_config_internal+0x58/0xc0)
> [ 132.604478] [<c029ce1c>] (drm_mode_set_config_internal) from
> [<c029fe64>] (drm_mode_setcrtc+0x388/0x4ac)
> [ 132.613933] [<c029fe64>] (drm_mode_setcrtc) from [<c0292cb4>]
> (drm_ioctl+0x270/0x44c)
> [ 132.621741] [<c0292cb4>] (drm_ioctl) from [<c011302c>]
> (do_vfs_ioctl+0x4e4/0x5a0)
> [ 132.629201] [<c011302c>] (do_vfs_ioctl) from [<c0113144>]
> (SyS_ioctl+0x5c/0x84)
> [ 132.636489] [<c0113144>] (SyS_ioctl) from [<c000e380>]
> (ret_fast_syscall+0x0/0x30)
> [ 132.644035] Code: e8bd4000 e1a05000 e1a04001 eb09d7dc (e595032c)
> [ 132.650164] ---[ end trace 4bc5b9657975a179 ]---
> [ 132.654749] Kernel panic - not syncing: Fatal exception
> [ 132.659912] CPU3: stopping
> [ 132.662600] CPU: 3 PID: 478 Comm: rs:main Q:Reg Tainted: G D W
> 3.16.0-rc1+ #623
> [ 132.670673] [<c00155b8>] (unwind_backtrace) from [<c001213c>]
> (show_stack+0x20/0x24)
> [ 132.678392] [<c001213c>] (show_stack) from [<c05217d4>]
> (dump_stack+0x7c/0x98)
> [ 132.685590] [<c05217d4>] (dump_stack) from [<c001409c>]
> (handle_IPI+0xd8/0x160)
> [ 132.692876] [<c001409c>] (handle_IPI) from [<c0008688>]
> (gic_handle_irq+0x68/0x70)
> [ 132.700423] [<c0008688>] (gic_handle_irq) from [<c0012cc0>]
> (__irq_svc+0x40/0x50)
>
> Regards,
> Rahul Sharma.
>
>>
>> Thanks,
>> Inki Dae
>>
>>>
>>> This crashes the system.
>>>
>>> Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
>>> ---
>>> This works fine but I am not confident on the correctness of the
>>> solution.
>>>
>>> drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
>>> 1 file changed, 6 insertions(+)
>>>
>>> diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>>> index 95c9435..da4efe4 100644
>>> --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>>> +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
>>> @@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
>>> return -EPERM;
>>> }
>>>
>>> + /* when framebuffer is removed, commit should not proceed. */
>>> + if(!plane->fb){
>>> + DRM_ERROR("framebuffer has been removed from plane.\n");
>>> + return -EFAULT;
>>> + }
>>> +
>>> crtc_w = crtc->primary->fb->width - x;
>>> crtc_h = crtc->primary->fb->height - y;
>>>
>>> --
>>> 1.7.9.5
>>>
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
>>> the body of a message to majordomo@vger.kernel.org
>>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-09 14:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-19 15:13 [RFC] drm/exynos: abort commit when framebuffer is removed from plane Rahul Sharma
2014-07-08 10:03 ` Rahul Sharma
2014-07-08 15:55 ` Inki Dae
2014-07-09 11:06 ` Rahul Sharma
2014-07-09 14:39 ` Inki Dae
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.