diff mbox series

[v3,2/3] drm/i915/fbdev: suspend HPD before fbdev unregistration

Message ID 20220713152019.343432-3-andrzej.hajda@intel.com (mailing list archive)
State New, archived
Headers show
Series drm/i915/display: stop HPD workers before display driver unregister | expand

Commit Message

Andrzej Hajda July 13, 2022, 3:20 p.m. UTC 
HPD event after fbdev unregistration can cause registration of deferred
fbdev which will not be unregistered later, causing use-after-free.
To avoid it HPD handling should be suspended before fbdev unregistration.

It should fix following GPF:
[272.634530] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI
[272.634536] CPU: 0 PID: 6030 Comm: i915_selftest Tainted: G     U            5.18.0-rc5-CI_DRM_11603-g12dccf4f5eef+ #1
[272.634541] Hardware name: Intel Corporation Raptor Lake Client Platform/RPL-S ADP-S DDR5 UDIMM CRB, BIOS RPLSFWI1.R00.2397.A01.2109300731 09/30/2021
[272.634545] RIP: 0010:fb_do_apertures_overlap.part.14+0x26/0x60
...
[272.634582] Call Trace:
[272.634583]  <TASK>
[272.634585]  do_remove_conflicting_framebuffers+0x59/0xa0
[272.634589]  remove_conflicting_framebuffers+0x2d/0xc0
[272.634592]  remove_conflicting_pci_framebuffers+0xc8/0x110
[272.634595]  drm_aperture_remove_conflicting_pci_framebuffers+0x52/0x70
[272.634604]  i915_driver_probe+0x63a/0xdd0 [i915]

Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5329
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5510
Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
---
 drivers/gpu/drm/i915/display/intel_fbdev.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Murthy, Arun R July 14, 2022, 3:09 a.m. UTC | #1 
> -----Original Message-----
> From: Hajda, Andrzej <andrzej.hajda@intel.com>
> Sent: Wednesday, July 13, 2022 8:50 PM
> To: Jani Nikula <jani.nikula@linux.intel.com>; Ville Syrjälä
> <ville.syrjala@linux.intel.com>; Murthy, Arun R <arun.r.murthy@intel.com>
> Cc: Hajda, Andrzej <andrzej.hajda@intel.com>; Joonas Lahtinen
> <joonas.lahtinen@linux.intel.com>; Vivi, Rodrigo <rodrigo.vivi@intel.com>;
> Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>; Daniel Vetter
> <daniel@ffwll.ch>; intel-gfx@lists.freedesktop.org; dri-
> devel@lists.freedesktop.org
> Subject: [PATCH v3 2/3] drm/i915/fbdev: suspend HPD before fbdev
> unregistration
> 
> HPD event after fbdev unregistration can cause registration of deferred fbdev
> which will not be unregistered later, causing use-after-free.
> To avoid it HPD handling should be suspended before fbdev unregistration.
> 
> It should fix following GPF:
> [272.634530] general protection fault, probably for non-canonical address
> 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI
> [272.634536] CPU: 0 PID: 6030 Comm: i915_selftest Tainted: G     U
> 5.18.0-rc5-CI_DRM_11603-g12dccf4f5eef+ #1
> [272.634541] Hardware name: Intel Corporation Raptor Lake Client
> Platform/RPL-S ADP-S DDR5 UDIMM CRB, BIOS
> RPLSFWI1.R00.2397.A01.2109300731 09/30/2021 [272.634545] RIP:
> 0010:fb_do_apertures_overlap.part.14+0x26/0x60
> ...
> [272.634582] Call Trace:
> [272.634583]  <TASK>
> [272.634585]  do_remove_conflicting_framebuffers+0x59/0xa0
> [272.634589]  remove_conflicting_framebuffers+0x2d/0xc0
> [272.634592]  remove_conflicting_pci_framebuffers+0xc8/0x110
> [272.634595]
> drm_aperture_remove_conflicting_pci_framebuffers+0x52/0x70
> [272.634604]  i915_driver_probe+0x63a/0xdd0 [i915]
> 
> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5329
> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5510
> Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
> ---
Reviewed-by: Arun R Murthy <arun.r.murthy@intel.com>

Thanks and Regards,
Arun R Murthy
--------------------
Andrzej Hajda July 14, 2022, 9:53 a.m. UTC | #2 
On 14.07.2022 05:09, Murthy, Arun R wrote:
>> -----Original Message-----
>> From: Hajda, Andrzej <andrzej.hajda@intel.com>
>> Sent: Wednesday, July 13, 2022 8:50 PM
>> To: Jani Nikula <jani.nikula@linux.intel.com>; Ville Syrjälä
>> <ville.syrjala@linux.intel.com>; Murthy, Arun R <arun.r.murthy@intel.com>
>> Cc: Hajda, Andrzej <andrzej.hajda@intel.com>; Joonas Lahtinen
>> <joonas.lahtinen@linux.intel.com>; Vivi, Rodrigo <rodrigo.vivi@intel.com>;
>> Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>; Daniel Vetter
>> <daniel@ffwll.ch>; intel-gfx@lists.freedesktop.org; dri-
>> devel@lists.freedesktop.org
>> Subject: [PATCH v3 2/3] drm/i915/fbdev: suspend HPD before fbdev
>> unregistration
>>
>> HPD event after fbdev unregistration can cause registration of deferred fbdev
>> which will not be unregistered later, causing use-after-free.
>> To avoid it HPD handling should be suspended before fbdev unregistration.
>>
>> It should fix following GPF:
>> [272.634530] general protection fault, probably for non-canonical address
>> 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI
>> [272.634536] CPU: 0 PID: 6030 Comm: i915_selftest Tainted: G     U
>> 5.18.0-rc5-CI_DRM_11603-g12dccf4f5eef+ #1
>> [272.634541] Hardware name: Intel Corporation Raptor Lake Client
>> Platform/RPL-S ADP-S DDR5 UDIMM CRB, BIOS
>> RPLSFWI1.R00.2397.A01.2109300731 09/30/2021 [272.634545] RIP:
>> 0010:fb_do_apertures_overlap.part.14+0x26/0x60
>> ...
>> [272.634582] Call Trace:
>> [272.634583]  <TASK>
>> [272.634585]  do_remove_conflicting_framebuffers+0x59/0xa0
>> [272.634589]  remove_conflicting_framebuffers+0x2d/0xc0
>> [272.634592]  remove_conflicting_pci_framebuffers+0xc8/0x110
>> [272.634595]
>> drm_aperture_remove_conflicting_pci_framebuffers+0x52/0x70
>> [272.634604]  i915_driver_probe+0x63a/0xdd0 [i915]
>>
>> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5329
>> Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/5510
>> Signed-off-by: Andrzej Hajda <andrzej.hajda@intel.com>
>> ---
> Reviewed-by: Arun R Murthy <arun.r.murthy@intel.com>
> 
> Thanks and Regards,
> Arun R Murthy
> --------------------

Ups, I forgot to add your r-b.
Anyway, thanks for both r-b.

Regards
Andrzej
diff mbox series

Patch

diff --git a/drivers/gpu/drm/i915/display/intel_fbdev.c b/drivers/gpu/drm/i915/display/intel_fbdev.c
index 221336178991f0..b682fd72d4bf25 100644
--- a/drivers/gpu/drm/i915/display/intel_fbdev.c
+++ b/drivers/gpu/drm/i915/display/intel_fbdev.c
@@ -573,7 +573,8 @@  void intel_fbdev_unregister(struct drm_i915_private *dev_priv)
 	if (!ifbdev)
 		return;
 
-	cancel_work_sync(&dev_priv->fbdev_suspend_work);
+	intel_fbdev_set_suspend(&dev_priv->drm, FBINFO_STATE_SUSPENDED, true);
+
 	if (!current_is_async())
 		intel_fbdev_sync(ifbdev);