ttm_get_pages() will OOPS with highmem allocation

Message ID	20121113203155.0c1880d9@sd070 (mailing list archive)
State	New, archived
Headers	show Return-Path: <dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org> Date: Tue, 13 Nov 2012 20:31:55 +0200 From: Jonathan Morton <jonathan.morton@movial.com> To: dri-devel@lists.freedesktop.org Subject: [PATCH] ttm_get_pages() will OOPS with highmem allocation Message-ID: <20121113203155.0c1880d9@sd070> Organization: Movial CT Mime-Version: 1.0 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org

Message ID

20121113203155.0c1880d9@sd070 (mailing list archive)

State

New, archived

Headers

Date: Tue, 13 Nov 2012 20:31:55 +0200
From: Jonathan Morton <jonathan.morton@movial.com>
To: dri-devel@lists.freedesktop.org
Subject: [PATCH] ttm_get_pages() will OOPS with highmem allocation
Message-ID: <20121113203155.0c1880d9@sd070>
Organization: Movial CT
Mime-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org
Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org

Commit Message

Jonathan Morton Nov. 13, 2012, 6:31 p.m. UTC

Reposting from this kernel bug:
https://bugzilla.kernel.org/show_bug.cgi?id=50241

I've tested the patch and it solves a highly repeatable OOPS with the
CedarView driver that I'm porting.

From 3552913d3a1c2d3c4ce158e91dc18cd12b522cb2 Mon Sep 17 00:00:00 2001
From: Yakui Zhao <yakui.zhao@intel.com>
Date: Tue, 7 Feb 2012 15:33:13 -0500
Subject: [PATCH] Clear the ttm page allocated from high memory zone correctly

The TTM page can be allocated from high memory. In such case it is
wrong to use the page_address(page) as the virtual address for the high memory
page.

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
---
 drivers/gpu/drm/ttm/ttm_page_alloc.c |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

Comments

Thomas Hellstrom Nov. 14, 2012, 8:48 a.m. UTC | #1

On 11/13/2012 07:31 PM, Jonathan Morton wrote:
> Reposting from this kernel bug:
> https://bugzilla.kernel.org/show_bug.cgi?id=50241
>
> I've tested the patch and it solves a highly repeatable OOPS with the
> CedarView driver that I'm porting.
>
>
> >From 3552913d3a1c2d3c4ce158e91dc18cd12b522cb2 Mon Sep 17 00:00:00 2001
> From: Yakui Zhao <yakui.zhao@intel.com>
> Date: Tue, 7 Feb 2012 15:33:13 -0500
> Subject: [PATCH] Clear the ttm page allocated from high memory zone correctly
>
> The TTM page can be allocated from high memory. In such case it is
> wrong to use the page_address(page) as the virtual address for the high memory
> page.
>
> Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
> ---
>   drivers/gpu/drm/ttm/ttm_page_alloc.c |    5 ++++-
>   1 files changed, 4 insertions(+), 1 deletions(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
> index d948575..df976d9 100644
> --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
> +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
> @@ -708,7 +708,10 @@ int ttm_get_pages(struct list_head *pages, int flags,
>   	/* clear the pages coming from the pool if requested */
>   	if (flags & TTM_PAGE_FLAG_ZERO_ALLOC) {
>   		list_for_each_entry(p, pages, lru) {
> -			clear_page(page_address(p));
> +			if (PageHighMem(p))
> +				clear_highpage(p);
> +			else
> +				clear_page(page_address(p));
>   		}
>   	}
>   

This is a pretty bad bug. I think the only reason it hasn't been hit 
more often is that TTM_PAGE_FLAG_ZERO_ALLOC may not be used that often.
Please resend this patch with

Cc: stable@vger.kernel.org
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>

Thanks,
Thomas

diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index d948575..df976d9 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
+++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -708,7 +708,10 @@  int ttm_get_pages(struct list_head *pages, int flags,
 	/* clear the pages coming from the pool if requested */
 	if (flags & TTM_PAGE_FLAG_ZERO_ALLOC) {
 		list_for_each_entry(p, pages, lru) {
-			clear_page(page_address(p));
+			if (PageHighMem(p))
+				clear_highpage(p);
+			else
+				clear_page(page_address(p));
 		}
 	}

ttm_get_pages() will OOPS with highmem allocation

Commit Message

Comments

Patch