lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACvgo511Cb0_vT1vR+q-3d3zU2PmHmi-r-aH8uZHQXDj8V4byg@mail.gmail.com>
Date:   Mon, 31 Jul 2017 12:57:25 +0100
From:   Emil Velikov <emil.l.velikov@...il.com>
To:     Mark Yao <mark.yao@...k-chips.com>
Cc:     David Airlie <airlied@...ux.ie>, Heiko Stuebner <heiko@...ech.de>,
        linux-rockchip <linux-rockchip@...ts.infradead.org>,
        LAKML <linux-arm-kernel@...ts.infradead.org>,
        ML dri-devel <dri-devel@...ts.freedesktop.org>,
        "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 6/6] drm/rockchip: fix race with kms hotplug and fbdev

On 31 July 2017 at 10:50, Mark Yao <mark.yao@...k-chips.com> wrote:
> Since fb_helper is not a pointer on rockchip_drm_private, it's no
> need to check pointer.
>
> Kms hotplug event may race into fbdev helper initial, and fb_helper->dev
> may be NULL pointer, that would cause the bug:
>
> [    0.735411] [00000200] *pgd=00000000f6ffe003, *pud=00000000f6ffe003, *pmd=0000000000000000
> [    0.736156] Internal error: Oops: 96000005 [#1] PREEMPT SMP
> [    0.736648] Modules linked in:
> [    0.736930] CPU: 2 PID: 20 Comm: kworker/2:0 Not tainted 4.4.41 #20
> [    0.737480] Hardware name: Rockchip RK3399 Board rev2 (BOX) (DT)
> [    0.738020] Workqueue: events cdn_dp_pd_event_work
> [    0.738447] task: ffffffc0f21f3100 ti: ffffffc0f2218000 task.ti: ffffffc0f2218000
> [    0.739109] PC is at mutex_lock+0x14/0x44
> [    0.739469] LR is at drm_fb_helper_hotplug_event+0x30/0x114
> [    0.756253] [<ffffff8008a344f4>] mutex_lock+0x14/0x44
> [    0.756260] [<ffffff8008445708>] drm_fb_helper_hotplug_event+0x30/0x114
> [    0.756271] [<ffffff8008473c84>] rockchip_drm_output_poll_changed+0x18/0x20
> [    0.756280] [<ffffff8008439fcc>] drm_kms_helper_hotplug_event+0x28/0x34
> [    0.756286] [<ffffff800846c444>] cdn_dp_pd_event_work+0x394/0x3c4
> [    0.756295] [<ffffff80080b2b38>] process_one_work+0x218/0x3e0
> [    0.756302] [<ffffff80080b3538>] worker_thread+0x2e8/0x404
> [    0.756308] [<ffffff80080b7e70>] kthread+0xe8/0xf0
> [    0.756316] [<ffffff8008082690>] ret_from_fork+0x10/0x40
>
> Signed-off-by: Mark Yao <mark.yao@...k-chips.com>
> ---
>  drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_fb.c b/drivers/gpu/drm/rockchip/rockchip_drm_fb.c
> index 81f9548..e6bd0f4 100644
> --- a/drivers/gpu/drm/rockchip/rockchip_drm_fb.c
> +++ b/drivers/gpu/drm/rockchip/rockchip_drm_fb.c
> @@ -170,7 +170,7 @@ static void rockchip_drm_output_poll_changed(struct drm_device *dev)
>         struct rockchip_drm_private *private = dev->dev_private;
>         struct drm_fb_helper *fb_helper = &private->fbdev_helper;
>
> -       if (fb_helper)
> +       if (fb_helper->dev)
>                 drm_fb_helper_hotplug_event(fb_helper);
Food for thought:

Quick grep shows that no other drivers have such a ->dev check. Does
this mean that either the issue is rockchip specific?
If not, one could look into resolving the problem directly in drm core.

Or at least update the other users, so they don't stumble upon the problem?

HTH
Emil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ