AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
cb593e5d2b
linux_dsm_epyc7002/drivers/gpu/drm
History
Chris Wilson cb593e5d2b drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() 
While the ggtt vma are protected by their object lifetime, the list
continues until it hits a non-ggtt vma, and that vma is not protected
and may be freed as we inspect it. Hence, we require the obj->vma.lock
to protect the list as we iterate.

An example of forgetting to hold the obj->vma.lock is

[1642834.464973] general protection fault, probably for non-canonical address 0xdead000000000122: 0000 [#1] SMP PTI
[1642834.464977] CPU: 3 PID: 1954 Comm: Xorg Not tainted 5.6.0-300.fc32.x86_64 #1
[1642834.464979] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET94WW (2.44 ) 09/14/2017
[1642834.465021] RIP: 0010:i915_gem_object_set_tiling+0x2c0/0x3e0 [i915]
[1642834.465024] Code: 8b 84 24 18 01 00 00 f6 c4 80 74 59 49 8b 94 24 a0 00 00 00 49 8b 84 24 e0 00 00 00 49 8b 74 24 10 48 8b 92 30 01 00 00 89 c7 <80> ba 0a 06 00 00 03 0f 87 86 00 00 00 ba 00 00 08 00 b9 00 00 10
[1642834.465025] RSP: 0018:ffffa98780c77d60 EFLAGS: 00010282
[1642834.465028] RAX: ffff8d232bfb2578 RBX: 0000000000000002 RCX: ffff8d25873a0000
[1642834.465029] RDX: dead000000000122 RSI: fffff0af8ac6e408 RDI: 000000002bfb2578
[1642834.465030] RBP: ffff8d25873a0000 R08: ffff8d252bfb5638 R09: 0000000000000000
[1642834.465031] R10: 0000000000000000 R11: ffff8d252bfb5640 R12: ffffa987801cb8f8
[1642834.465032] R13: 0000000000001000 R14: ffff8d233e972e50 R15: ffff8d233e972d00
[1642834.465034] FS:  00007f6a3d327f00(0000) GS:ffff8d25926c0000(0000) knlGS:0000000000000000
[1642834.465036] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1642834.465037] CR2: 00007f6a2064d000 CR3: 00000002fb57c001 CR4: 00000000001606e0
[1642834.465038] Call Trace:
[1642834.465083]  i915_gem_set_tiling_ioctl+0x122/0x230 [i915]
[1642834.465121]  ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465151]  drm_ioctl_kernel+0x86/0xd0 [drm]
[1642834.465156]  ? avc_has_perm+0x3b/0x160
[1642834.465178]  drm_ioctl+0x206/0x390 [drm]
[1642834.465216]  ? i915_gem_object_set_tiling+0x3e0/0x3e0 [i915]
[1642834.465221]  ? selinux_file_ioctl+0x122/0x1c0
[1642834.465226]  ? __do_munmap+0x24b/0x4d0
[1642834.465231]  ksys_ioctl+0x82/0xc0
[1642834.465235]  __x64_sys_ioctl+0x16/0x20
[1642834.465238]  do_syscall_64+0x5b/0xf0
[1642834.465243]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1642834.465245] RIP: 0033:0x7f6a3d7b047b
[1642834.465247] Code: 0f 1e fa 48 8b 05 1d aa 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed a9 0c 00 f7 d8 64 89 01 48
[1642834.465249] RSP: 002b:00007ffe71adba28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[1642834.465251] RAX: ffffffffffffffda RBX: 000055f99048fa40 RCX: 00007f6a3d7b047b
[1642834.465253] RDX: 00007ffe71adba30 RSI: 00000000c0106461 RDI: 000000000000000e
[1642834.465254] RBP: 0000000000000002 R08: 000055f98f3f1798 R09: 0000000000000002
[1642834.465255] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000080
[1642834.465257] R13: 000055f98f3f1690 R14: 00000000c0106461 R15: 00007ffe71adba30

Now to take the spinlock during the list iteration, we need to break it
down into two phases. In the first phase under the lock, we cannot sleep
and so must defer the actual work to a second list, protected by the
ggtt->mutex.

We also need to hold the spinlock during creation of a new vma to
serialise with updates of the tiling on the object.

Reported-by: Dave Airlie <airlied@redhat.com>
Fixes: 2850748ef8 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: <stable@vger.kernel.org> # v5.5+
Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200422072805.17340-1-chris@chris-wilson.co.uk
2020-04-22 15:43:56 +01:00
..
amd Topic pull request for topic/phy-compliance: 2020-04-16 14:52:59 +03:00
arc drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
arm drm/komeda: mark PM functions as __maybe_unused 2020-03-06 11:25:58 +08:00
armada drm: Remove drm_fb_helper add, add all and remove connector calls 2020-03-06 14:19:58 +01:00
aspeed
ast drm/ast: Use simple encoder 2020-03-02 09:22:43 +01:00
atmel-hlcdc drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
bochs Linux 5.6 2020-03-31 15:15:47 +10:00
bridge drm/bridge: analogix_dp: Split bind() into probe() and real bind() 2020-04-09 10:29:35 +02:00
cirrus drm/cirrus: add drm_driver.release callback. 2020-02-12 10:24:08 +01:00
etnaviv drm/etnaviv: fix TS cache flushing on GPUs with BLT engine 2020-03-20 18:40:44 +01:00
exynos drm/bridge: analogix_dp: Split bind() into probe() and real bind() 2020-04-09 10:29:35 +02:00
fsl-dcu drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
gma500 drm: Remove drm_fb_helper add, add all and remove connector calls 2020-03-06 14:19:58 +01:00
hisilicon Linux 5.6-rc5 2020-03-11 07:27:21 +10:00
i2c drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
i810
i915 drm/i915/gem: Hold obj->vma.lock over for_each_ggtt_vma() 2020-04-22 15:43:56 +01:00
imx drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
ingenic drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
lib
lima drm-misc-next for 5.7: 2020-02-21 05:44:40 +10:00
mcde drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
mediatek sound updates for 5.7-rc1 2020-04-02 15:50:04 -07:00
meson drm/meson: Add YUV420 output support 2020-03-10 10:51:24 +01:00
mga
mgag200 drm/mgag200: Use simple encoder 2020-03-02 09:22:49 +01:00
msm IOMMU Updates for Linux v5.7 2020-04-08 11:00:00 -07:00
mxsfb
nouveau drm fixes for 5.7-rc1 2020-04-07 20:24:34 -07:00
omapdrm ARM: driver updates 2020-04-03 15:05:35 -07:00
panel drm/panel-simple: drop use of data-mapping property 2020-03-25 21:59:22 +01:00
panfrost drm-misc-next for 5.7: 2020-03-12 12:42:56 +10:00
pl111 drm/pl111: Support Integrator IM-PD1 module 2020-02-16 14:31:30 +01:00
qxl drm/qxl: Use simple encoder 2020-03-02 09:22:56 +01:00
r128
radeon pci-v5.7-changes 2020-04-03 14:25:02 -07:00
rcar-du drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
rockchip drm/bridge: analogix_dp: Split bind() into probe() and real bind() 2020-04-09 10:29:35 +02:00
savage
scheduler drm/scheduler: fix rare NULL ptr race 2020-03-26 10:22:36 -04:00
selftests drm/modes: Make sure to parse valid rotation value from cmdline 2020-02-12 18:32:54 +01:00
shmobile
sis
sti drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
stm drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
sun4i Linux 5.6-rc5 2020-03-11 07:27:21 +10:00
tdfx
tegra drm/tegra: Changes for v5.7-rc1 2020-03-19 10:11:09 +10:00
tidss drm/tidss: Drop pointless static qualifier in dispc_find_csc() 2020-02-28 14:48:58 +02:00
tilcdc drm/bridge: Extend bridge API to disable connector creation 2020-02-26 13:31:23 +02:00
tiny drm/tiny: fix sparse warning: incorrect type in assignment (different base types) 2020-03-14 08:31:30 +01:00
ttm drm fixes for 5.7-rc1 (part two) 2020-04-10 12:38:28 -07:00
tve200
udl drm/udl: Clear struct drm_connector_funcs.dpms 2020-02-10 09:24:09 +01:00
v3d drm/v3d: Replace wait_for macros to remove use of msleep 2020-03-04 22:15:34 -08:00
vboxvideo drm/vboxvideo: Add missing remove_conflicting_pci_framebuffers call, v2 2020-03-26 17:03:03 +01:00
vc4 drm/vc4: Fix HDMI mode validation 2020-03-27 13:38:47 +01:00
vgem drm/vgem: Close use-after-free race in vgem_gem_create 2020-02-06 19:04:41 +01:00
via Merge branch 'akpm' (patches from Andrew) 2020-01-31 12:16:36 -08:00
virtio drm/virtio: fix OOB in virtio_gpu_object_create 2020-04-06 15:10:37 +02:00
vkms drm/vkms: Convert to CRTC VBLANK callbacks 2020-02-13 13:10:10 +01:00
vmwgfx Merge branch 'ttm-transhuge' of git://people.freedesktop.org/~thomash/linux into drm-next 2020-04-03 09:07:49 +10:00
xen drm/xen: fix passing zero to 'PTR_ERR' warning 2020-03-31 17:14:51 +02:00
zte
drm_agpsupport.c
drm_atomic_helper.c drm/bridge: Add the necessary bits to support bus format negotiation 2020-01-31 16:39:53 +01:00
drm_atomic_state_helper.c drm/atomic-helper: fix kerneldoc 2020-02-15 13:21:22 +01:00
drm_atomic_uapi.c
drm_atomic.c drm/bridge: Fix the bridge kernel doc 2020-02-18 16:50:45 +01:00
drm_auth.c
drm_blend.c
drm_bridge_connector.c drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00
drm_bridge.c drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00
drm_bufs.c drm: bufs: Clean up documentation 2020-03-16 09:26:18 +01:00
drm_cache.c
drm_client_modeset.c Linux 5.6-rc5 2020-03-11 07:27:21 +10:00
drm_client.c drm/client: Dual licence the file in GPL-2 and MIT 2020-02-29 00:16:12 +01:00
drm_color_mgmt.c
drm_connector.c drm/connector: Add helper to get a connector type name 2020-02-26 13:31:18 +02:00
drm_context.c drm: context: Clean up documentation 2020-03-16 09:23:55 +01:00
drm_crtc_helper_internal.h
drm_crtc_helper.c drm: drop unused drm_crtc callback 2020-02-15 21:15:17 +01:00
drm_crtc_internal.h
drm_crtc.c
drm_damage_helper.c
drm_debugfs_crc.c
drm_debugfs.c
drm_dma.c
drm_dp_aux_dev.c
drm_dp_cec.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c Topic pull request for topic/phy-compliance: 2020-04-16 14:52:59 +03:00
drm_dp_mst_topology_internal.h
drm_dp_mst_topology.c Linux 5.6 2020-03-31 15:15:47 +10:00
drm_drv.c drm: Nerf drm_global_mutex BKL for good drivers 2020-02-11 15:03:09 +01:00
drm_dsc.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c drm/edid: Distribute switch variables for initialization 2020-03-16 10:54:08 +01:00
drm_encoder_slave.c
drm_encoder.c
drm_fb_cma_helper.c
drm_fb_helper.c drm: Remove unused arg from drm_fb_helper_init 2020-03-06 14:19:57 +01:00
drm_file.c drm/vmwgfx: Hook up the helpers to align buffer objects 2020-03-24 18:50:35 +01:00
drm_flip_work.c
drm_format_helper.c drm/format_helper: Dual licence the file in GPL 2 and MIT 2020-02-17 10:27:13 +01:00
drm_fourcc.c
drm_framebuffer.c
drm_gem_cma_helper.c
drm_gem_framebuffer_helper.c
drm_gem_shmem_helper.c drm/shmem: drop pgprot_decrypted() 2020-03-02 07:13:19 +01:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c drm/vram: Add helpers to validate a display mode's memory requirements 2020-02-06 10:32:54 +01:00
drm_gem.c drm: Mark up racy check of drm_gem_object.handle_count 2020-03-16 10:31:35 +00:00
drm_hashtab.c
drm_hdcp.c drm/hdcp: optimizing the srm handling 2020-03-04 06:33:00 +05:30
drm_internal.h drm/hdcp: optimizing the srm handling 2020-03-04 06:33:00 +05:30
drm_ioc32.c
drm_ioctl.c
drm_irq.c drm/irq: remove check on dev->dev_private 2020-02-11 18:39:47 +02:00
drm_kms_helper_common.c
drm_lease.c drm/lease: fix WARNING in idr_destroy 2020-03-18 14:42:18 +01:00
drm_legacy_misc.c
drm_legacy.h
drm_lock.c drm: lock: Clean up documentation 2020-03-16 09:27:09 +01:00
drm_memory.c
drm_mipi_dbi.c
drm_mipi_dsi.c
drm_mm.c drm/mm: revert "Break long searches in fragmented address spaces" 2020-03-31 17:35:56 +02:00
drm_mode_config.c
drm_mode_object.c
drm_modes.c drm/modes: Make sure to parse valid rotation value from cmdline 2020-02-12 18:32:54 +01:00
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_panel_orientation_quirks.c
drm_panel.c
drm_pci.c drm: Make drm_pci_agp_init legacy 2020-03-09 09:22:50 +00:00
drm_plane_helper.c
drm_plane.c
drm_prime.c drm/prime: fix extracting of the DMA addresses from a scatterlist 2020-04-05 10:44:12 -04:00
drm_print.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_scatter.c drm: prevent a harmless integer overflow in drm_legacy_sg_alloc() 2020-02-29 00:16:12 +01:00
drm_scdc_helper.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c drm/simple-kms: Fix documentation for drm_simple_encoder_init() 2020-03-06 09:24:29 +01:00
drm_syncobj.c
drm_sysfs.c drm: sysfs: Use scnprintf() for avoiding potential buffer overflow 2020-03-11 14:54:09 +01:00
drm_trace_points.c
drm_trace.h
drm_vblank.c drm/vblank: Fix documentation of VBLANK timestamp helper 2020-03-06 09:24:54 +01:00
drm_vm.c drm: vm: Clean up documentation 2020-03-16 09:25:22 +01:00
drm_vma_manager.c
drm_vram_helper_common.c
drm_writeback.c
Kconfig drm: unbreak the DRM menu, broken by DRM_EXPORT_FOR_TESTS 2020-03-06 11:15:43 +00:00
Makefile drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00