lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1cdb7832-f400-8a11-210a-0cf33be76039@baylibre.com>
Date:   Tue, 17 Nov 2020 09:51:52 +0100
From:   Neil Armstrong <narmstrong@...libre.com>
To:     Marc Zyngier <maz@...nel.org>, Kevin Hilman <khilman@...libre.com>
Cc:     Jerome Brunet <jbrunet@...libre.com>,
        Martin Blumenstingl <martin.blumenstingl@...glemail.com>,
        kernel-team@...roid.com, dri-devel@...ts.freedesktop.org,
        linux-amlogic@...ts.infradead.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] drm/meson: Free RDMA resources after tearing down DRM

On 16/11/2020 21:07, Marc Zyngier wrote:
> Removing the meson DRM module results in the following splat:
> 
> [ 2179.451346] Hardware name:  , BIOS 2021.01-rc2-00012-gde865f7ee1 11/16/2020
> [ 2179.458316] Workqueue: events drm_mode_rmfb_work_fn [drm]
> [ 2179.463597] pstate: 80c00009 (Nzcv daif +PAN +UAO -TCO BTYPE=--)
> [ 2179.469558] pc : meson_rdma_writel_sync+0x44/0xb0 [meson_drm]
> [ 2179.475243] lr : meson_g12a_afbcd_reset+0x34/0x60 [meson_drm]
> [ 2179.480930] sp : ffffffc01212bb70
> [ 2179.484207] x29: ffffffc01212bb70 x28: ffffff8044f66f00
> [ 2179.489469] x27: ffffff8045b13800 x26: 0000000000000001
> [ 2179.494730] x25: 0000000000000000 x24: 0000000000000001
> [ 2179.499991] x23: 0000000000000000 x22: 0000000000000000
> [ 2179.505252] x21: 0000000000280000 x20: 0000000000001a01
> [ 2179.510513] x19: ffffff8046029480 x18: 0000000000000000
> [ 2179.515775] x17: 0000000000000000 x16: 0000000000000000
> [ 2179.521036] x15: 0000000000000000 x14: 0000000000000000
> [ 2179.526297] x13: 0040000000000326 x12: 0309030303260300
> [ 2179.531558] x11: 03000000054004a0 x10: 0418054004000400
> [ 2179.536820] x9 : ffffffc008fe4914 x8 : ffffff8040a1adc0
> [ 2179.542081] x7 : 0000000000000000 x6 : ffffff8042aa0080
> [ 2179.547342] x5 : ffffff8044f66f00 x4 : ffffffc008fe5bc8
> [ 2179.552603] x3 : 0000000000010101 x2 : 0000000000000001
> [ 2179.557865] x1 : 0000000000000000 x0 : 0000000000000000
> [ 2179.563127] Call trace:
> [ 2179.565548]  meson_rdma_writel_sync+0x44/0xb0 [meson_drm]
> [ 2179.570894]  meson_g12a_afbcd_reset+0x34/0x60 [meson_drm]
> [ 2179.576241]  meson_plane_atomic_disable+0x38/0xb0 [meson_drm]
> [ 2179.581966]  drm_atomic_helper_commit_planes+0x1e0/0x21c [drm_kms_helper]
> [ 2179.588684]  drm_atomic_helper_commit_tail_rpm+0x68/0xb0 [drm_kms_helper]
> [ 2179.595410]  commit_tail+0xac/0x190 [drm_kms_helper]
> [ 2179.600326]  drm_atomic_helper_commit+0x16c/0x390 [drm_kms_helper]
> [ 2179.606484]  drm_atomic_commit+0x58/0x70 [drm]
> [ 2179.610880]  drm_framebuffer_remove+0x398/0x434 [drm]
> [ 2179.615881]  drm_mode_rmfb_work_fn+0x68/0x8c [drm]
> [ 2179.620575]  process_one_work+0x1cc/0x49c
> [ 2179.624538]  worker_thread+0x200/0x444
> [ 2179.628246]  kthread+0x14c/0x160
> [ 2179.631439]  ret_from_fork+0x10/0x38
> 
> caused by the fact that the RDMA buffer has already been freed,
> resulting in meson_rdma_writel_sync() getting a NULL pointer.
> 
> Move the afbcd reset and meson_rdma_free calls after the DRM
> unregistration is complete so that the teardown can safely complete.
> 
> Signed-off-by: Marc Zyngier <maz@...nel.org>

Fixes: d1b5e41e13a7 ("drm/meson: Add AFBCD module driver")

> ---
>  drivers/gpu/drm/meson/meson_drv.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
> index 8b9c8dd788c4..324fa489f1c4 100644
> --- a/drivers/gpu/drm/meson/meson_drv.c
> +++ b/drivers/gpu/drm/meson/meson_drv.c
> @@ -389,15 +389,15 @@ static void meson_drv_unbind(struct device *dev)
>  		meson_canvas_free(priv->canvas, priv->canvas_id_vd1_2);
>  	}
>  
> -	if (priv->afbcd.ops) {
> -		priv->afbcd.ops->reset(priv);
> -		meson_rdma_free(priv);
> -	}
> -
>  	drm_dev_unregister(drm);
>  	drm_irq_uninstall(drm);
>  	drm_kms_helper_poll_fini(drm);
>  	drm_dev_put(drm);
> +
> +	if (priv->afbcd.ops) {
> +		priv->afbcd.ops->reset(priv);
> +		meson_rdma_free(priv);
> +	}
>  }
>  
>  static const struct component_master_ops meson_drv_master_ops = {
> 

Acked-by: Neil Armstrong <narmstrong@...libre.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ