microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers
История
Ville Syrjälä e794129444 drm/i915: Fix NULL plane->fb oops on SKL 
In this atomic age, we can't trust the plane->fb pointer anymore.
It might get update too late. Instead we are supposed to use the
plane_state->fb pointer instead. Let's do that in
intel_plane_obj_offset() and avoid problems from dereferencing the
potentially stale plane->fb pointer.

Paulo found this with 'kms_frontbuffer_tracking --show-hidden --run-subtest nop-1p-rte'
but it can be reproduced with just plain old kms_setplane.

I was too lazy to bisect this, so not sure exactly when it broke. The
most obvious candidate
commit ce7f172856 ("drm/i915: Fix i915_ggtt_view_equal to handle rotation correctly")
was actually still fine, so it must have broken some time after that.

Here's the resulting fireworks:
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffffa02d2d9a>] intel_fill_fb_ggtt_view+0x1b/0x15a [i915]
PGD 8a5f6067 PUD 8a5f5067 PMD 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in: i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm intel_gtt agpgart netconsole mousedev hid_generic psmouse usbhid atkbd libps2 coretemp hwmon efi_pstore intel_rapl iosf_mbi x86_pkg_temp_thermal efivars pcspkr e1000e sdhci_pci ptp pps_core sdhci i2c_i801 mmc_core i2c_hid hid i8042 serio evdev sch_fq_codel ip_tables x_tables ipv6 autofs4
CPU: 1 PID: 260 Comm: kms_plane Not tainted 4.4.0-skl+ #171
Hardware name: Intel Corporation Skylake Client platform/Skylake Y LPDDR3 RVP3, BIOS SKLSE2R1.R00.B104.B00.1511030553 11/03/2015
task: ffff88008bde2d80 ti: ffff88008a6ec000 task.ti: ffff88008a6ec000
RIP: 0010:[<ffffffffa02d2d9a>]  [<ffffffffa02d2d9a>] intel_fill_fb_ggtt_view+0x1b/0x15a [i915]
RSP: 0018:ffff88008a6efa10  EFLAGS: 00010086
RAX: 0000000000000001 RBX: ffff8801674f4240 RCX: 0000000000000014
RDX: ffff88008a7440c0 RSI: 0000000000000000 RDI: ffff88008a6efa40
RBP: ffff88008a6efa30 R08: ffff88008bde3598 R09: 0000000000000001
R10: ffff88008b782000 R11: 0000000000000000 R12: 0000000000000000
R13: ffff88008a7440c0 R14: 0000000000000000 R15: ffff88008a7449c0
FS:  00007fa0c07a28c0(0000) GS:ffff88016ec40000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000008a6ff000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 ffff8801674f4240 0000000000000000 ffff88008a7440c0 0000000000000000
 ffff88008a6efaa0 ffffffffa02daf25 ffffffff814ec80e 0000000000070298
 ffff8800850d0000 ffff88008a6efaa0 ffffffffa02c49c2 0000000000000002
Call Trace:
 [<ffffffffa02daf25>] intel_plane_obj_offset+0x2d/0xa9 [i915]
 [<ffffffff814ec80e>] ? _raw_spin_unlock_irqrestore+0x4b/0x60
 [<ffffffffa02c49c2>] ? gen9_write32+0x2e8/0x3b8 [i915]
 [<ffffffffa02eecfc>] skl_update_plane+0x203/0x4c5 [i915]
 [<ffffffffa02ca1ab>] intel_plane_atomic_update+0x53/0x6a [i915]
 [<ffffffffa02494a4>] drm_atomic_helper_commit_planes_on_crtc+0x142/0x1d5 [drm_kms_helper]
 [<ffffffffa02de44b>] intel_atomic_commit+0x1262/0x1350 [i915]
 [<ffffffffa024a0ee>] ? __drm_atomic_helper_crtc_duplicate_state+0x2f/0x41 [drm_kms_helper]
 [<ffffffffa01ef089>] ? drm_atomic_check_only+0x3e3/0x552 [drm]
 [<ffffffffa01ef245>] drm_atomic_commit+0x4d/0x52 [drm]
 [<ffffffffa024996b>] drm_atomic_helper_update_plane+0xcb/0x118 [drm_kms_helper]
 [<ffffffffa01e42e8>] __setplane_internal+0x1c8/0x224 [drm]
 [<ffffffffa01e477f>] drm_mode_setplane+0x14e/0x172 [drm]
 [<ffffffffa01d8117>] drm_ioctl+0x265/0x3ad [drm]
 [<ffffffffa01e4631>] ? drm_mode_cursor_common+0x158/0x158 [drm]
 [<ffffffff810d00ab>] ? current_kernel_time64+0x5e/0x98
 [<ffffffff810a76ea>] ? trace_hardirqs_on_caller+0x17a/0x196
 [<ffffffff8119880f>] do_vfs_ioctl+0x42b/0x4ea
 [<ffffffff811a2b72>] ? __fget_light+0x4d/0x71
 [<ffffffff81198911>] SyS_ioctl+0x43/0x61
 [<ffffffff814ed057>] entry_SYSCALL_64_fastpath+0x12/0x6f

Cc: drm-intel-fixes@lists.freedesktop.org
Cc: Paulo Zanoni <paulo.r.zanoni@intel.com>
Testcase: igt/kms_plane
Reported-by: Paulo Zanoni <paulo.r.zanoni@intel.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1453220597-28973-1-git-send-email-ville.syrjala@linux.intel.com
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
 		2016-01-20 15:55:01 +02:00
..
accessibility
acpi nfit: acpi_nfit_notify(): Do not leave device locked 2015-12-11 14:24:26 -08:00
amba
android
ata ata/sata_fsl.c: add ATA_FLAG_NO_LOG_PAGE to blacklist the controller for log page reads 2015-12-07 10:25:57 -05:00
atm
auxdisplay
base Merge branches 'powercap', 'pm-cpufreq' and 'pm-domains' 2015-12-14 22:58:57 +01:00
bcma
block Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2015-12-22 16:00:25 -08:00
bluetooth
bus
cdrom
char ipmi: move timer init to before irq is setup 2015-12-09 13:13:06 -06:00
clk ARM: SoC fixes for 4.4-rc 2015-12-12 16:43:44 -08:00
clocksource clocksource: Mmio: remove artificial 32bit limitation 2015-12-10 19:37:18 +01:00
connector
cpufreq Merge branches 'powercap', 'pm-cpufreq' and 'pm-domains' 2015-12-14 22:58:57 +01:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-12-05 10:46:44 -08:00
dca
devfreq
dio
dma dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy() 2015-12-10 09:48:01 +05:30
dma-buf
edac
eisa
extcon
firewire
firmware
fmc
fpga fpga manager: Fix firmware resource leak on error 2015-11-24 15:25:46 -08:00
gpio gpio: revert get() to non-errorprogating behaviour 2015-12-17 15:48:29 +01:00
gpu drm/i915: Fix NULL plane->fb oops on SKL 2016-01-20 15:55:01 +02:00
hid USB fixes for 4.4-rc5 2015-12-13 11:58:18 -08:00
hsi
hv
hwmon hwmon: (sht15) Select CONFIG_BITREVERSE 2015-12-18 08:19:52 -08:00
hwspinlock
hwtracing Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
i2c i2c: rcar: disable runtime PM correctly in slave mode 2015-12-19 12:00:37 +01:00
ide
idle
iio iio: adc: spmi-vadc: add missing of_node_put 2015-11-21 18:24:44 +00:00
infiniband IB/mlx5: Postpone remove_keys under knowledge of coming preemption 2015-12-08 16:55:31 -05:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-12-19 09:51:11 -08:00
iommu IOMMU Fixes for Linux v4.4-rc5 2015-12-18 12:38:35 -08:00
ipack
irqchip irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB 2015-12-01 22:50:16 +01:00
isdn ser_gigaset: remove unnecessary kfree() calls from release method 2015-12-15 13:24:21 -05:00
leds
lguest
lightnvm lightnvm: do not compile in debugging by default 2015-12-07 09:14:20 -07:00
macintosh
mailbox
mcb
md Fix remove_and_add_spares removes drive added as spare in slot_store 2015-12-18 15:19:16 +11:00
media media fixes for v4.4-rc6 2015-12-18 15:41:35 -08:00
memory
memstick
message
mfd
misc cxl: Set endianess of kernel contexts 2015-12-08 16:57:01 +11:00
mmc
mtd doc: dt: mtd: partitions: add compatible property to "partitions" node 2015-12-08 17:10:20 -08:00
net xen: bug fixes for 4.4-rc5 2015-12-18 12:24:52 -08:00
nfc
ntb
nubus
nvdimm
nvme NVMe: IO ending fixes on surprise removal 2015-12-22 10:12:04 -07:00
nvmem
of of/irq: Export of_irq_find_parent again 2015-12-09 09:08:36 -06:00
oprofile
parisc parisc iommu: fix panic due to trying to allocate too large region 2015-12-12 16:07:25 +01:00
parport
pci Backmerge drm-fixes merge into Linus's tree into drm-next. 2015-12-24 08:08:47 +10:00
pcmcia
perf
phy phy: core: Get a refcount to phy in devm_of_phy_get_by_index() 2015-12-07 18:44:02 +05:30
pinctrl pinctrl: bcm2835: Fix initial value for direction_output 2015-12-14 11:31:20 +01:00
platform apple-gmux: Add initial documentation 2016-01-11 15:56:23 +01:00
pnp
power
powercap powercap / RAPL: fix BIOS lock check 2015-12-12 02:31:11 +01:00
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc remoteproc: fix memory leak of remoteproc ida cache layers 2015-11-26 17:44:28 +02:00
reset
rpmsg
rtc rtc: da9063: fix access ordering error during RTC interrupt at system power on 2015-12-20 13:39:29 +01:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-12-22 15:43:18 -08:00
sbus
scsi Merge remote-tracking branch 'mkp-scsi/4.4/scsi-fixes' into fixes 2015-12-17 07:32:08 -08:00
sfi
sh drivers: sh: Get rid of CONFIG_ARCH_SHMOBILE_MULTI 2015-11-17 02:12:46 +09:00
sn
soc Few Keystone fixes for 4.4-rcx 2015-11-25 23:48:12 +01:00
spi Merge remote-tracking branches 'spi/fix/dspi' and 'spi/fix/spidev' into spi-linus 2015-12-16 13:28:32 +00:00
spmi
ssb
staging Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm 2015-12-17 11:20:13 -08:00
target target/stat: print full t10_wwn.model buffer 2015-11-28 21:23:13 -08:00
tc
thermal imx: thermal: use CPU temperature grade info for thresholds 2015-11-23 16:38:40 -08:00
thunderbolt
tty tty: Fix GPF in flush_to_ldisc() 2015-12-12 23:05:28 -08:00
uio
usb USB: fix invalid memory access in hub_activate() 2015-12-18 09:30:34 -08:00
uwb
vfio Revert: "vfio: Include No-IOMMU mode" 2015-12-04 08:38:42 -07:00
vhost vhost: replace % with & on data path 2015-12-07 17:28:10 +02:00
video OMAPDSS: fix timings for VENC to match what omapdrm expects 2015-12-09 12:57:13 +02:00
virt
virtio virtio_ring: shadow available ring flags & index 2015-12-07 17:28:11 +02:00
vlynq
vme
w1
watchdog watchdog: mtk_wdt: Use MODE_KEY when stopping the watchdog 2015-11-23 09:00:09 +01:00
xen xen: bug fixes for 4.4-rc5 2015-12-18 12:24:52 -08:00
zorro
Kconfig
Makefile null_blk: register as a LightNVM device 2015-11-16 15:22:28 -07:00