Message ID | 1654248167-10594-1-git-send-email-quic_vpolimer@quicinc.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [v1] drm/msm: add null checks for drm device to avoid crash during probe defer | expand |
On 03/06/2022 12:22, Vinod Polimera wrote: > During probe defer, drm device is not initialized and an external > trigger to shutdown is trying to clean up drm device leading to crash. > Add checks to avoid drm device cleanup in such cases. > > BUG: unable to handle kernel NULL pointer dereference at virtual > address 00000000000000b8 > > Call trace: > > drm_atomic_helper_shutdown+0x44/0x144 > msm_pdev_shutdown+0x2c/0x38 > platform_shutdown+0x2c/0x38 > device_shutdown+0x158/0x210 > kernel_restart_prepare+0x40/0x4c > kernel_restart+0x20/0x6c > __arm64_sys_reboot+0x194/0x23c > invoke_syscall+0x50/0x13c > el0_svc_common+0xa0/0x17c > do_el0_svc_compat+0x28/0x34 > el0_svc_compat+0x20/0x70 > el0t_32_sync_handler+0xa8/0xcc > el0t_32_sync+0x1a8/0x1ac > > Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com> Fixes ? > --- > drivers/gpu/drm/msm/msm_drv.c | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c > index 4448536..d62ac66 100644 > --- a/drivers/gpu/drm/msm/msm_drv.c > +++ b/drivers/gpu/drm/msm/msm_drv.c > @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev) > struct msm_drm_private *priv = dev->dev_private; > struct msm_kms *kms = priv->kms; > > + if (!irq_has_action(kms->irq)) > + return; > + Is this part required with https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1? > kms->funcs->irq_uninstall(kms); > if (kms->irq_requested) > free_irq(kms->irq, dev); > @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev) > > ddev->dev_private = NULL; > drm_dev_put(ddev); > + priv->dev = NULL; What are you trying to protect here? > > destroy_workqueue(priv->wq); > > @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev) > struct msm_drm_private *priv = platform_get_drvdata(pdev); > struct drm_device *drm = priv ? priv->dev : NULL; > > - if (!priv || !priv->kms) > + if (!priv || !priv->kms || !drm) > return; > > drm_atomic_helper_shutdown(drm);
> -----Original Message----- > From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> > Sent: Friday, June 3, 2022 3:07 PM > To: Vinod Polimera (QUIC) <quic_vpolimer@quicinc.com>; dri- > devel@lists.freedesktop.org; linux-arm-msm@vger.kernel.org; > freedreno@lists.freedesktop.org; devicetree@vger.kernel.org > Cc: linux-kernel@vger.kernel.org; robdclark@gmail.com; > dianders@chromium.org; vpolimer@quicinc.com; swboyd@chromium.org; > kalyant@quicinc.com > Subject: Re: [v1] drm/msm: add null checks for drm device to avoid crash > during probe defer > > WARNING: This email originated from outside of Qualcomm. Please be wary > of any links or attachments, and do not enable macros. > > On 03/06/2022 12:22, Vinod Polimera wrote: > > During probe defer, drm device is not initialized and an external > > trigger to shutdown is trying to clean up drm device leading to crash. > > Add checks to avoid drm device cleanup in such cases. > > > > BUG: unable to handle kernel NULL pointer dereference at virtual > > address 00000000000000b8 > > > > Call trace: > > > > drm_atomic_helper_shutdown+0x44/0x144 > > msm_pdev_shutdown+0x2c/0x38 > > platform_shutdown+0x2c/0x38 > > device_shutdown+0x158/0x210 > > kernel_restart_prepare+0x40/0x4c > > kernel_restart+0x20/0x6c > > __arm64_sys_reboot+0x194/0x23c > > invoke_syscall+0x50/0x13c > > el0_svc_common+0xa0/0x17c > > do_el0_svc_compat+0x28/0x34 > > el0_svc_compat+0x20/0x70 > > el0t_32_sync_handler+0xa8/0xcc > > el0t_32_sync+0x1a8/0x1ac > > > > Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com> > > Fixes ? - Added fixes tag in v2. > > > --- > > drivers/gpu/drm/msm/msm_drv.c | 6 +++++- > > 1 file changed, 5 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/msm/msm_drv.c > b/drivers/gpu/drm/msm/msm_drv.c > > index 4448536..d62ac66 100644 > > --- a/drivers/gpu/drm/msm/msm_drv.c > > +++ b/drivers/gpu/drm/msm/msm_drv.c > > @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device > *dev) > > struct msm_drm_private *priv = dev->dev_private; > > struct msm_kms *kms = priv->kms; > > > > + if (!irq_has_action(kms->irq)) > > + return; > > + > > Is this part required with > https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1? Yes, I feel like this is a better approach than maintaining a new variable. I see a couple of drivers following similar approach to safeguard uninstall without being install called. > > > kms->funcs->irq_uninstall(kms); > > if (kms->irq_requested) > > free_irq(kms->irq, dev); > > @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev) > > > > ddev->dev_private = NULL; > > drm_dev_put(ddev); > > + priv->dev = NULL; > > What are you trying to protect here? If we get a shutdown call after probe defer, there can be stale pointer in priv->dev which is invalid that needs to be cleared. > > > > > destroy_workqueue(priv->wq); > > > > @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device > *pdev) > > struct msm_drm_private *priv = platform_get_drvdata(pdev); > > struct drm_device *drm = priv ? priv->dev : NULL; > > > > - if (!priv || !priv->kms) > > + if (!priv || !priv->kms || !drm) > > return; > > > > drm_atomic_helper_shutdown(drm); > > > -- > With best wishes > Dmitry
diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c index 4448536..d62ac66 100644 --- a/drivers/gpu/drm/msm/msm_drv.c +++ b/drivers/gpu/drm/msm/msm_drv.c @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device *dev) struct msm_drm_private *priv = dev->dev_private; struct msm_kms *kms = priv->kms; + if (!irq_has_action(kms->irq)) + return; + kms->funcs->irq_uninstall(kms); if (kms->irq_requested) free_irq(kms->irq, dev); @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev) ddev->dev_private = NULL; drm_dev_put(ddev); + priv->dev = NULL; destroy_workqueue(priv->wq); @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device *pdev) struct msm_drm_private *priv = platform_get_drvdata(pdev); struct drm_device *drm = priv ? priv->dev : NULL; - if (!priv || !priv->kms) + if (!priv || !priv->kms || !drm) return; drm_atomic_helper_shutdown(drm);
During probe defer, drm device is not initialized and an external trigger to shutdown is trying to clean up drm device leading to crash. Add checks to avoid drm device cleanup in such cases. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000000000b8 Call trace: drm_atomic_helper_shutdown+0x44/0x144 msm_pdev_shutdown+0x2c/0x38 platform_shutdown+0x2c/0x38 device_shutdown+0x158/0x210 kernel_restart_prepare+0x40/0x4c kernel_restart+0x20/0x6c __arm64_sys_reboot+0x194/0x23c invoke_syscall+0x50/0x13c el0_svc_common+0xa0/0x17c do_el0_svc_compat+0x28/0x34 el0_svc_compat+0x20/0x70 el0t_32_sync_handler+0xa8/0xcc el0t_32_sync+0x1a8/0x1ac Signed-off-by: Vinod Polimera <quic_vpolimer@quicinc.com> --- drivers/gpu/drm/msm/msm_drv.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)