AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-02-23 00:11:19 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
a45b30a6c5
linux_dsm_epyc7002/drivers/gpu/drm
History
Chris Wilson a45b30a6c5 drm/i915/fbdev: Serialise early hotplug events with async fbdev config 
As both the hotplug event and fbdev configuration run asynchronously, it
is possible for them to run concurrently. If configuration fails, we were
freeing the fbdev causing a use-after-free in the hotplug event.

<7>[ 3069.935211] [drm:intel_fb_initial_config [i915]] Not using firmware configuration
<7>[ 3069.935225] [drm:drm_setup_crtcs] looking for cmdline mode on connector 77
<7>[ 3069.935229] [drm:drm_setup_crtcs] looking for preferred mode on connector 77 0
<7>[ 3069.935233] [drm:drm_setup_crtcs] found mode 3200x1800
<7>[ 3069.935236] [drm:drm_setup_crtcs] picking CRTCs for 8192x8192 config
<7>[ 3069.935253] [drm:drm_setup_crtcs] desired mode 3200x1800 set on crtc 43 (0,0)
<7>[ 3069.935323] [drm:intelfb_create [i915]] no BIOS fb, allocating a new one
<4>[ 3069.967737] general protection fault: 0000 [#1] PREEMPT SMP
<0>[ 3069.977453] ---------------------------------
<4>[ 3069.977457] Modules linked in: i915(+) vgem snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm r8169 mei_me mii prime_numbers mei i2c_hid pinctrl_geminilake pinctrl_intel [last unloaded: i915]
<4>[ 3069.977492] CPU: 1 PID: 15414 Comm: kworker/1:0 Tainted: G     U          4.14.0-CI-CI_DRM_3388+ #1
<4>[ 3069.977497] Hardware name: Intel Corp. Geminilake/GLK RVP1 DDR4 (05), BIOS GELKRVPA.X64.0062.B30.1708222146 08/22/2017
<4>[ 3069.977508] Workqueue: events output_poll_execute
<4>[ 3069.977512] task: ffff880177734e40 task.stack: ffffc90001fe4000
<4>[ 3069.977519] RIP: 0010:__lock_acquire+0x109/0x1b60
<4>[ 3069.977523] RSP: 0018:ffffc90001fe7bb0 EFLAGS: 00010002
<4>[ 3069.977526] RAX: 6b6b6b6b6b6b6b6b RBX: 0000000000000282 RCX: 0000000000000000
<4>[ 3069.977530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880170d4efd0
<4>[ 3069.977534] RBP: ffffc90001fe7c70 R08: 0000000000000001 R09: 0000000000000000
<4>[ 3069.977538] R10: 0000000000000000 R11: ffffffff81899609 R12: ffff880170d4efd0
<4>[ 3069.977542] R13: ffff880177734e40 R14: 0000000000000001 R15: 0000000000000000
<4>[ 3069.977547] FS:  0000000000000000(0000) GS:ffff88017fc80000(0000) knlGS:0000000000000000
<4>[ 3069.977551] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 3069.977555] CR2: 00007f7e8b7bcf04 CR3: 0000000003e0f000 CR4: 00000000003406e0
<4>[ 3069.977559] Call Trace:
<4>[ 3069.977565]  ? mark_held_locks+0x64/0x90
<4>[ 3069.977571]  ? _raw_spin_unlock_irq+0x24/0x50
<4>[ 3069.977575]  ? _raw_spin_unlock_irq+0x24/0x50
<4>[ 3069.977579]  ? trace_hardirqs_on_caller+0xde/0x1c0
<4>[ 3069.977583]  ? _raw_spin_unlock_irq+0x2f/0x50
<4>[ 3069.977588]  ? finish_task_switch+0xa5/0x210
<4>[ 3069.977592]  ? lock_acquire+0xaf/0x200
<4>[ 3069.977596]  lock_acquire+0xaf/0x200
<4>[ 3069.977600]  ? __mutex_lock+0x5e9/0x9b0
<4>[ 3069.977604]  _raw_spin_lock+0x2a/0x40
<4>[ 3069.977608]  ? __mutex_lock+0x5e9/0x9b0
<4>[ 3069.977612]  __mutex_lock+0x5e9/0x9b0
<4>[ 3069.977616]  ? drm_fb_helper_hotplug_event.part.19+0x16/0xa0
<4>[ 3069.977621]  ? drm_fb_helper_hotplug_event.part.19+0x16/0xa0
<4>[ 3069.977625]  drm_fb_helper_hotplug_event.part.19+0x16/0xa0
<4>[ 3069.977630]  output_poll_execute+0x8d/0x180
<4>[ 3069.977635]  process_one_work+0x22e/0x660
<4>[ 3069.977640]  worker_thread+0x48/0x3a0
<4>[ 3069.977644]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
<4>[ 3069.977649]  kthread+0x102/0x140
<4>[ 3069.977653]  ? process_one_work+0x660/0x660
<4>[ 3069.977657]  ? kthread_create_on_node+0x40/0x40
<4>[ 3069.977662]  ret_from_fork+0x27/0x40
<4>[ 3069.977666] Code: 8d 62 f8 c3 49 81 3c 24 e0 fa 3c 82 41 be 00 00 00 00 45 0f 45 f0 83 fe 01 77 86 89 f0 49 8b 44 c4 08 48 85 c0 0f 84 76 ff ff ff <f0> ff 80 38 01 00 00 8b 1d 62 f9 e8 01 45 8b 85 b8 08 00 00 85
<1>[ 3069.977707] RIP: __lock_acquire+0x109/0x1b60 RSP: ffffc90001fe7bb0
<4>[ 3069.977712] ---[ end trace 4ad012eb3af62df7 ]---

In order to keep the dev_priv->ifbdev alive after failure, we have to
avoid the free and leave it empty until we unload the module (which is
less than ideal, but a necessary evil for simplicity). Then we can use
intel_fbdev_sync() to serialise the hotplug event with the configuration.
The serialisation between the two was removed in commit 934458c2c9
("Revert "drm/i915: Fix races on fbdev""), but the use after free is much
older, commit 366e39b4d2 ("drm/i915: Tear down fbdev if initialization
fails")

Fixes: 366e39b4d2 ("drm/i915: Tear down fbdev if initialization fails")
Fixes: 934458c2c9 ("Revert "drm/i915: Fix races on fbdev"")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Lukas Wunner <lukas@wunner.de>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@vger.kernel.org
Reviewed-by: Lukas Wunner <lukas@wunner.de>
Link: https://patchwork.freedesktop.org/patch/msgid/20171125194155.355-1-chris@chris-wilson.co.uk
(cherry picked from commit ad88d7fc6c)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
2017-11-28 10:31:52 +02:00
..
amd Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-11-25 08:37:16 -10:00
arc drm/arc: Use drm_gem_fb_create() 2017-09-02 14:23:06 +02:00
arm main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
armada main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
ast main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
atmel-hlcdc main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
bochs main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
bridge main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
cirrus drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
etnaviv main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
exynos treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
fsl-dcu fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
gma500 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
hisilicon drm/hisilicon: Ensure LDI regs are properly configured. 2017-11-01 10:36:50 +08:00
i2c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
i810
i915 drm/i915/fbdev: Serialise early hotplug events with async fbdev config 2017-11-28 10:31:52 +02:00
imx fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
lib License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mediatek main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
meson drm/meson: Use drm_gem_fb_create() 2017-10-01 17:01:39 +02:00
mga
mgag200 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
msm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
mxsfb drm/mxsfb: Use drm_gem_fb_create() and drm_gem_fb_prepare_fb() 2017-10-01 17:02:20 +02:00
nouveau main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
omapdrm treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
panel main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
pl111 main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
qxl qxl: alloc & use shadow for dumb buffers 2017-10-23 08:23:11 +02:00
r128 r128: switch compat ioctls to drm_ioctl_kernel() 2017-09-29 13:42:35 -04:00
radeon fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
rcar-du main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
rockchip treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
savage
selftests License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
shmobile main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
sis
sti main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
stm drm/stm: ltdc: remove bridge from driver internal structure 2017-10-10 11:32:48 +02:00
sun4i main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
tdfx
tegra fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
tilcdc fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
tinydrm drm/tinydrm: Remove explicit .best_encoder assignment 2017-10-13 17:34:51 +02:00
ttm main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
tve200 drm/tve200: Use drm_gem_fb_create() and drm_gem_fb_prepare_fb() 2017-10-01 17:04:36 +02:00
udl Merge tag 'drm-misc-next-2017-10-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-24 16:51:05 +10:00
vc4 drm/vc4: Convert timers to use timer_setup() 2017-11-21 15:46:44 -08:00
vgem treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
via treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
virtio main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
vmwgfx main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
zte main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
ati_pcigart.c
drm_agpsupport.c drm/agpsupport: Remove extra blank line 2017-09-20 09:54:19 -07:00
drm_atomic_helper.c Merge tag 'drm-misc-next-2017-10-20' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-24 16:51:05 +10:00
drm_atomic.c drm: Reorganize drm_pending_event to support future event types [v2] 2017-10-21 07:23:40 +10:00
drm_auth.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_blend.c mm: treewide: remove GFP_TEMPORARY allocation flag 2017-09-13 18:53:16 -07:00
drm_bridge.c drm/bridge: change return type of drm_bridge_add function 2017-08-21 08:51:53 +05:30
drm_bufs.c
drm_cache.c
drm_color_mgmt.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_connector.c drm: add connector info/property for non-desktop displays [v2] 2017-11-23 12:45:25 +10:00
drm_context.c
drm_crtc_helper_internal.h
drm_crtc_helper.c drm: Replace kzalloc with kcalloc 2017-10-13 15:49:03 -04:00
drm_crtc_internal.h drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_crtc.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_debugfs_crc.c drm/atomic: Prepare drm_modeset_lock infrastructure for interruptible waiting, v2. 2017-09-13 09:50:52 +02:00
drm_debugfs.c
drm_dma.c
drm_dp_aux_dev.c Pass mode to wait_on_atomic_t() action funcs and provide default actions 2017-11-13 15:38:16 +00:00
drm_dp_dual_mode_helper.c drm: Add retries for lspcon mode detection 2017-10-13 12:13:54 +03:00
drm_dp_helper.c drm/dp: WARN about invalid/unknown link rates and bw codes 2017-10-11 18:41:44 +03:00
drm_dp_mst_topology.c drm/dp/mst: Sideband message transaction to power up/down nodes 2017-09-11 16:03:57 +03:00
drm_drv.c drm: Add new LEASE debug level 2017-10-25 16:31:29 +10:00
drm_dumb_buffers.c
drm_edid_load.c drm: add backwards compatibility support for drm_kms_helper.edid_firmware 2017-09-19 18:11:45 +03:00
drm_edid.c drm/edid: quirk HTC vive headset as non-desktop. [v2] 2017-11-23 12:45:31 +10:00
drm_encoder_slave.c
drm_encoder.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_fb_cma_helper.c drm/fb-cma-helper: Remove unused functions 2017-10-01 17:05:39 +02:00
drm_fb_helper.c drm/fb: add support for not enabling fbcon on non-desktop displays [v2] 2017-11-23 12:45:30 +10:00
drm_file.c
drm_flip_work.c
drm_fourcc.c
drm_framebuffer.c drm/mode_object: fix documentation for object lookups. 2017-11-10 13:50:47 +10:00
drm_gem_cma_helper.c drm/gem-cma-helper: Change the level of the allocation failure message 2017-10-16 15:19:57 +02:00
drm_gem_framebuffer_helper.c drm/gem-fb-helper: Improve documentation 2017-10-08 15:02:51 +02:00
drm_gem.c drm: fix typo in drm_gem_get_pages() comment 2017-10-04 18:04:28 +02:00
drm_global.c
drm_hashtab.c
drm_info.c
drm_internal.h drm: Add CRTC_GET_SEQUENCE and CRTC_QUEUE_SEQUENCE ioctls [v3] 2017-10-23 11:15:03 +10:00
drm_ioc32.c
drm_ioctl.c drm: Add four ioctls for managing drm mode object leases [v7] 2017-10-25 16:31:30 +10:00
drm_irq.c
drm_kms_helper_common.c drm: add backwards compatibility support for drm_kms_helper.edid_firmware 2017-09-19 18:11:45 +03:00
drm_lease.c drm: Add four ioctls for managing drm mode object leases [v7] 2017-10-25 16:31:30 +10:00
drm_legacy.h
drm_lock.c
drm_memory.c
drm_mipi_dsi.c
drm_mm.c lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
drm_mode_config.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_mode_object.c drm/mode_object: fix documentation for object lookups. 2017-11-10 13:50:47 +10:00
drm_modes.c
drm_modeset_helper.c
drm_modeset_lock.c drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all 2017-10-31 17:36:46 +01:00
drm_of.c drm/drm_of: Move drm_of_panel_bridge_remove_function into header. 2017-10-13 16:59:36 +02:00
drm_panel.c
drm_pci.c drm/core: clean up references to drm_dev_unref() 2017-09-27 10:53:12 +02:00
drm_plane_helper.c drm: Replace kzalloc with kcalloc 2017-10-13 15:49:03 -04:00
drm_plane.c drm: Check mode object lease status in all master ioctl paths [v4] 2017-10-25 16:31:30 +10:00
drm_prime.c drm/core: clean up references to drm_dev_unref() 2017-09-27 10:53:12 +02:00
drm_print.c
drm_probe_helper.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_property.c drm: Pass struct drm_file * to __drm_mode_object_find [v2] 2017-10-12 10:03:04 +10:00
drm_rect.c
drm_scatter.c
drm_scdc_helper.c Merge tag 'drm-misc-next-2017-09-20' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-09-28 05:46:15 +10:00
drm_simple_kms_helper.c
drm_syncobj.c Merge tag 'drm-misc-next-2017-10-16' of git://anongit.freedesktop.org/drm/drm-misc into drm-next 2017-10-17 10:10:17 +10:00
drm_sysfs.c
drm_trace_points.c
drm_trace.h main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
drm_vblank.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
drm_vm.c Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-09-04 12:21:28 -07:00
drm_vma_manager.c lib/interval_tree: fast overlap detection 2017-09-08 18:26:49 -07:00
Kconfig Merge branch 'drm-next-4.15' of git://people.freedesktop.org/~agd5f/linux into drm-next 2017-09-28 08:37:02 +10:00
Makefile main drm pull request for v4.15 2017-11-15 20:42:10 -08:00