lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMwc25q6dXVidvhXBQzGY0BjNqs13ceDUFuoFv8vSB9pEP6ecg@mail.gmail.com>
Date:   Fri, 18 Dec 2020 04:50:02 +1000
From:   David Airlie <airlied@...hat.com>
To:     Christian König <christian.koenig@....com>
Cc:     Mike Galbraith <efault@....de>,
        LKML <linux-kernel@...r.kernel.org>,
        virtualization <virtualization@...ts.linux-foundation.org>
Subject: Re: [bisected] Re: drm, qxl: post 5.11 merge warning+explosion

Yes this looks correct, please add my rb and get into a fixes queue somewhere.

Dave.

On Fri, Dec 18, 2020 at 2:39 AM Christian König
<christian.koenig@....com> wrote:
>
> Am 17.12.20 um 17:26 schrieb Mike Galbraith:
> > On Thu, 2020-12-17 at 17:24 +0100, Christian König wrote:
> >> Hi Mike,
> >>
> >> what exactly is the warning from qxl you are seeing?
> > [    1.815561] WARNING: CPU: 7 PID: 355 at drivers/gpu/drm/ttm/ttm_pool.c:365 ttm_pool_alloc+0x41b/0x540 [ttm]
>
> Yeah, that is an expected result.
>
> Looks like qxl does something quite odd here, it allocates an
> dma_address array but doesn't have a device to fill them.
>
> On the other hand I don't see qxl using the allocated dma_addresses.
> Dave do you have an idea why qxl is doing that?
>
> Mike can you test the attached patch?
>
> Thanks in advance,
> Christian.
>
> > [    1.815561] Modules linked in: ext4(E) crc16(E) mbcache(E) jbd2(E) ata_generic(E) ata_piix(E) virtio_console(E) virtio_rng(E) virtio_blk(E) qxl(E) drm_ttm_helper(E) ttm(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) ahci(E) fb_sys_fops(E) cec(E) libahci(E) uhci_hcd(E) ehci_pci(E) rc_core(E) ehci_hcd(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) 8139cp(E) virtio(E) libata(E) drm(E) usbcore(E) mii(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) autofs4(E)
> > [    1.815589] CPU: 7 PID: 355 Comm: kworker/7:2 Tainted: G            E     5.10.0.g489e9fe-master #26
> > [    1.815590] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
> > [    1.815614] Workqueue: events drm_fb_helper_dirty_work [drm_kms_helper]
> > [    1.815621] RIP: 0010:ttm_pool_alloc+0x41b/0x540 [ttm]
> > [    1.815623] Code: fc ff ff 89 ea 48 8d 04 d5 00 00 00 00 48 29 d0 48 8d 3c c5 00 1c 40 a0 e9 d7 fc ff ff 85 c0 0f 89 2f fc ff ff e9 28 fc ff ff <0f> 0b e9 35 fc ff ff 89 e9 49 8b 7d 00 b8 00 10 00 00 48 d3 e0 45
> > [    1.815623] RSP: 0018:ffff888105d3b818 EFLAGS: 00010246
> > [    1.815625] RAX: 0000000000000000 RBX: ffff888106978800 RCX: 0000000000000000
> > [    1.815626] RDX: ffff888105d3bc68 RSI: 0000000000000001 RDI: ffff888106238820
> > [    1.815626] RBP: ffff888106238758 R08: ffffc90000296000 R09: 800000000000016b
> > [    1.815627] R10: 0000000000000001 R11: ffffc90000296000 R12: 0000000000000000
> > [    1.815628] R13: ffff888106238820 R14: 0000000000000000 R15: ffff888106978800
> > [    1.815628] FS:  0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
> > [    1.815632] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [    1.815633] CR2: 00007eff52a0d5b8 CR3: 0000000002010003 CR4: 00000000001706e0
> > [    1.815633] Call Trace:
> > [    1.815644]  ttm_tt_populate+0xb1/0xc0 [ttm]
> > [    1.815647]  ttm_bo_move_memcpy+0x4a5/0x500 [ttm]
> > [    1.815652]  qxl_bo_move+0x230/0x2f0 [qxl]
> > [    1.815655]  ttm_bo_handle_move_mem+0x79/0x140 [ttm]
> > [    1.815657]  ttm_bo_evict+0x124/0x250 [ttm]
> > [    1.815693]  ? drm_mm_insert_node_in_range+0x55c/0x580 [drm]
> > [    1.815696]  ttm_mem_evict_first+0x110/0x3d0 [ttm]
> > [    1.815698]  ttm_bo_mem_space+0x261/0x270 [ttm]
> > [    1.815702]  ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
> > [    1.815705]  ttm_bo_validate+0x117/0x150 [ttm]
> > [    1.815756]  ttm_bo_init_reserved+0x2c8/0x3c0 [ttm]
> > [    1.815772]  qxl_bo_create+0x134/0x1d0 [qxl]
> > [    1.815775]  ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
> > [    1.815791]  qxl_alloc_bo_reserved+0x2c/0x90 [qxl]
> > [    1.815794]  qxl_image_alloc_objects+0xa3/0x120 [qxl]
> > [    1.815797]  qxl_draw_dirty_fb+0x155/0x450 [qxl]
> > [    1.815815]  ? _cond_resched+0x15/0x40
> > [    1.815819]  ? ww_mutex_lock_interruptible+0x12/0x60
> > [    1.815822]  qxl_framebuffer_surface_dirty+0x14f/0x1a0 [qxl]
> > [    1.815841]  drm_fb_helper_dirty_work+0x11d/0x180 [drm_kms_helper]
> > [    1.815853]  process_one_work+0x1f5/0x3c0
> > [    1.815866]  ? process_one_work+0x3c0/0x3c0
> > [    1.815867]  worker_thread+0x2d/0x3d0
> > [    1.815868]  ? process_one_work+0x3c0/0x3c0
> > [    1.815872]  kthread+0x117/0x130
> > [    1.815876]  ? kthread_park+0x90/0x90
> > [    1.815880]  ret_from_fork+0x1f/0x30
> > [    1.815886] ---[ end trace 51e464c1e89a1728 ]---
> > [    1.815894] BUG: kernel NULL pointer dereference, address: 0000000000000230
> > [    1.815895] #PF: supervisor read access in kernel mode
> > [    1.815895] #PF: error_code(0x0000) - not-present page
> > [    1.815896] PGD 0 P4D 0
> > [    1.815898] Oops: 0000 [#1] SMP NOPTI
> > [    1.815900] CPU: 7 PID: 355 Comm: kworker/7:2 Tainted: G        W   E     5.10.0.g489e9fe-master #26
> > [    1.815901] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba527-rebuilt.opensuse.org 04/01/2014
> > [    1.815916] Workqueue: events drm_fb_helper_dirty_work [drm_kms_helper]
> > [    1.815921] RIP: 0010:dma_map_page_attrs+0xf/0x1c0
> > [    1.815922] Code: 1f 17 5b 01 48 85 c0 75 e3 31 c0 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 41 55 41 54 55 53 48 83 ec 08 <48> 8b 87 30 02 00 00 48 85 c0 48 0f 44 05 e7 16 5b 01 41 83 f8 02
> > [    1.815923] RSP: 0018:ffff888105d3b7e8 EFLAGS: 00010296
> > [    1.815924] RAX: 0000000000001000 RBX: 0000000000000001 RCX: 0000000000001000
> > [    1.815924] RDX: 0000000000000000 RSI: ffffea0004171e40 RDI: 0000000000000000
> > [    1.815925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
> > [    1.815925] R10: ffffea0004171e40 R11: ffffc90000296000 R12: 0000000000000001
> > [    1.815926] R13: ffff888106238820 R14: ffff888105d07100 R15: ffff888106978800
> > [    1.815926] FS:  0000000000000000(0000) GS:ffff888237dc0000(0000) knlGS:0000000000000000
> > [    1.815928] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [    1.815929] CR2: 0000000000000230 CR3: 0000000002010003 CR4: 00000000001706e0
> > [    1.815929] Call Trace:
> > [    1.815937]  ttm_pool_alloc+0x448/0x540 [ttm]
> > [    1.815940]  ttm_tt_populate+0xb1/0xc0 [ttm]
> > [    1.815942]  ttm_bo_move_memcpy+0x4a5/0x500 [ttm]
> > [    1.815945]  qxl_bo_move+0x230/0x2f0 [qxl]
> > [    1.815947]  ttm_bo_handle_move_mem+0x79/0x140 [ttm]
> > [    1.815949]  ttm_bo_evict+0x124/0x250 [ttm]
> > [    1.815982]  ? drm_mm_insert_node_in_range+0x55c/0x580 [drm]
> > [    1.815984]  ttm_mem_evict_first+0x110/0x3d0 [ttm]
> > [    1.815988]  ttm_bo_mem_space+0x261/0x270 [ttm]
> > [    1.890133]  ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
> > [    1.890138]  ttm_bo_validate+0x117/0x150 [ttm]
> > [    1.891740]  ttm_bo_init_reserved+0x2c8/0x3c0 [ttm]
> > [    1.891744]  qxl_bo_create+0x134/0x1d0 [qxl]
> > [    1.893398]  ? qxl_ttm_debugfs_init+0xb0/0xb0 [qxl]
> > [    1.893400]  qxl_alloc_bo_reserved+0x2c/0x90 [qxl]
> > [    1.893402]  qxl_image_alloc_objects+0xa3/0x120 [qxl]
> > [    1.893405]  qxl_draw_dirty_fb+0x155/0x450 [qxl]
> > [    1.896515]  ? _cond_resched+0x15/0x40
> > [    1.896517]  ? ww_mutex_lock_interruptible+0x12/0x60
> > [    1.896520]  qxl_framebuffer_surface_dirty+0x14f/0x1a0 [qxl]
> > [    1.896533]  drm_fb_helper_dirty_work+0x11d/0x180 [drm_kms_helper]
> > [    1.896537]  process_one_work+0x1f5/0x3c0
> > [    1.900535]  ? process_one_work+0x3c0/0x3c0
> > [    1.900536]  worker_thread+0x2d/0x3d0
> > [    1.900538]  ? process_one_work+0x3c0/0x3c0
> > [    1.902704]  kthread+0x117/0x130
> > [    1.902706]  ? kthread_park+0x90/0x90
> > [    1.902709]  ret_from_fork+0x1f/0x30
> > [    1.902711] Modules linked in: ext4(E) crc16(E) mbcache(E) jbd2(E) ata_generic(E) ata_piix(E) virtio_console(E) virtio_rng(E) virtio_blk(E) qxl(E) drm_ttm_helper(E) ttm(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) ahci(E) fb_sys_fops(E) cec(E) libahci(E) uhci_hcd(E) ehci_pci(E) rc_core(E) ehci_hcd(E) crc32c_intel(E) serio_raw(E) virtio_pci(E) virtio_ring(E) 8139cp(E) virtio(E) libata(E) drm(E) usbcore(E) mii(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) autofs4(E)
> > [    1.904797] Dumping ftrace buffer:
> > [    1.911038]    (ftrace buffer empty)
> > [    1.911041] CR2: 0000000000000230
> >
> >
> >
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ