Hi Daniel, Thank you for the patch. May I remind you about the -v option to git-format-patch ? :-) Seriously speaking, it really helps review. On Tue, Jun 02, 2020 at 11:51:38AM +0200, Daniel Vetter wrote: > Only when vblanks are supported ofc. > > Some drivers do this already, but most unfortunately missed it. This > opens up bugs after driver load, before the crtc is enabled for the > first time. syzbot spotted this when loading vkms as a secondary > output. Given how many drivers are buggy it's best to solve this once > and for all in shared helper code. > > Aside from moving the few existing calls to drm_crtc_vblank_reset into > helpers (i915 doesn't use helpers, so keeps its own) I think the > regression risk is minimal: atomic helpers already rely on drivers > calling drm_crtc_vblank_on/off correctly in their hooks when they > support vblanks. And driver that's failing to handle vblanks after > this is missing those calls already, and vblanks could only work by > accident when enabling a CRTC for the first time right after boot. > > Big thanks to Tetsuo for helping track down what's going wrong here. > > There's only a few drivers which already had the necessary call and > needed some updating: > - komeda, atmel and tidss also needed to be changed to call > __drm_atomic_helper_crtc_reset() intead of open coding it > - tegra and msm even had it in the same place already, just code > motion, and malidp already uses __drm_atomic_helper_crtc_reset(). > > Only call left is in i915, which doesn't use drm_mode_config_reset, > but has its own fastboot infrastructure. So that's the only case where > we actually want this in the driver still. > > I've also reviewed all other drivers which set up vblank support with > drm_vblank_init. After the previous patch fixing mxsfb all atomic > drivers do call drm_crtc_vblank_on/off as they should, the remaining > drivers are either legacy kms or legacy dri1 drivers, so not affected > by this change to atomic helpers. > > v2: Use the drm_dev_has_vblank() helper. > > v3: Laurent pointed out that omap and rcar-du used drm_crtc_vblank_off > instead of drm_crtc_vblank_reset. Adjust them too. > > Cc: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> > Reviewed-by: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx> > Reviewed-by: Boris Brezillon <boris.brezillon@xxxxxxxxxxxxx> > Acked-by: Liviu Dudau <liviu.dudau@xxxxxxx> > Acked-by: Thierry Reding <treding@xxxxxxxxxx> > Link: https://syzkaller.appspot.com/bug?id=0ba17d70d062b2595e1f061231474800f076c7cb > Reported-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Reported-by: syzbot+0871b14ca2e2fb64f6e3@xxxxxxxxxxxxxxxxxxxxxxxxx > Cc: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> > Cc: "James (Qian) Wang" <james.qian.wang@xxxxxxx> > Cc: Liviu Dudau <liviu.dudau@xxxxxxx> > Cc: Mihail Atanassov <mihail.atanassov@xxxxxxx> > Cc: Brian Starkey <brian.starkey@xxxxxxx> > Cc: Sam Ravnborg <sam@xxxxxxxxxxxx> > Cc: Boris Brezillon <bbrezillon@xxxxxxxxxx> > Cc: Nicolas Ferre <nicolas.ferre@xxxxxxxxxxxxx> > Cc: Alexandre Belloni <alexandre.belloni@xxxxxxxxxxx> > Cc: Ludovic Desroches <ludovic.desroches@xxxxxxxxxxxxx> > Cc: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx> > Cc: Maxime Ripard <mripard@xxxxxxxxxx> > Cc: Thomas Zimmermann <tzimmermann@xxxxxxx> > Cc: David Airlie <airlied@xxxxxxxx> > Cc: Daniel Vetter <daniel@xxxxxxxx> > Cc: Thierry Reding <thierry.reding@xxxxxxxxx> > Cc: Jonathan Hunter <jonathanh@xxxxxxxxxx> > Cc: Jyri Sarha <jsarha@xxxxxx> > Cc: Tomi Valkeinen <tomi.valkeinen@xxxxxx> > Cc: Rob Clark <robdclark@xxxxxxxxx> > Cc: Sean Paul <seanpaul@xxxxxxxxxxxx> > Cc: Brian Masney <masneyb@xxxxxxxxxxxxx> > Cc: Emil Velikov <emil.velikov@xxxxxxxxxxxxx> > Cc: zhengbin <zhengbin13@xxxxxxxxxx> > Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Cc: linux-tegra@xxxxxxxxxxxxxxx > Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxxx> > --- > drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++----- > drivers/gpu/drm/arm/malidp_drv.c | 1 - > drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++----- > drivers/gpu/drm/drm_atomic_state_helper.c | 4 ++++ > drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- > drivers/gpu/drm/omapdrm/omap_drv.c | 3 --- > drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 3 --- > drivers/gpu/drm/tegra/dc.c | 1 - > drivers/gpu/drm/tidss/tidss_crtc.c | 3 +-- > drivers/gpu/drm/tidss/tidss_kms.c | 4 ---- > 10 files changed, 9 insertions(+), 26 deletions(-) > > diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c > index 56bd938961ee..f33418d6e1a0 100644 > --- a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c > +++ b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c > @@ -492,10 +492,8 @@ static void komeda_crtc_reset(struct drm_crtc *crtc) > crtc->state = NULL; > > state = kzalloc(sizeof(*state), GFP_KERNEL); > - if (state) { > - crtc->state = &state->base; > - crtc->state->crtc = crtc; > - } > + if (state) > + __drm_atomic_helper_crtc_reset(crtc, &state->base); > } > > static struct drm_crtc_state * > @@ -616,7 +614,6 @@ static int komeda_crtc_add(struct komeda_kms_dev *kms, > return err; > > drm_crtc_helper_add(crtc, &komeda_crtc_helper_funcs); > - drm_crtc_vblank_reset(crtc); > > crtc->port = kcrtc->master->of_output_port; > > diff --git a/drivers/gpu/drm/arm/malidp_drv.c b/drivers/gpu/drm/arm/malidp_drv.c > index c2507b7d8512..02904392e370 100644 > --- a/drivers/gpu/drm/arm/malidp_drv.c > +++ b/drivers/gpu/drm/arm/malidp_drv.c > @@ -870,7 +870,6 @@ static int malidp_bind(struct device *dev) > drm->irq_enabled = true; > > ret = drm_vblank_init(drm, drm->mode_config.num_crtc); > - drm_crtc_vblank_reset(&malidp->crtc); > if (ret < 0) { > DRM_ERROR("failed to initialise vblank\n"); > goto vblank_fail; > diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c > index 10985134ce0b..ce246b96330b 100644 > --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c > +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c > @@ -411,10 +411,8 @@ static void atmel_hlcdc_crtc_reset(struct drm_crtc *crtc) > } > > state = kzalloc(sizeof(*state), GFP_KERNEL); > - if (state) { > - crtc->state = &state->base; > - crtc->state->crtc = crtc; > - } > + if (state) > + __drm_atomic_helper_crtc_reset(crtc, &state->base); > } > > static struct drm_crtc_state * > @@ -528,7 +526,6 @@ int atmel_hlcdc_crtc_create(struct drm_device *dev) > } > > drm_crtc_helper_add(&crtc->base, &lcdc_crtc_helper_funcs); > - drm_crtc_vblank_reset(&crtc->base); > > drm_mode_crtc_set_gamma_size(&crtc->base, ATMEL_HLCDC_CLUT_SIZE); > drm_crtc_enable_color_mgmt(&crtc->base, 0, false, > diff --git a/drivers/gpu/drm/drm_atomic_state_helper.c b/drivers/gpu/drm/drm_atomic_state_helper.c > index 8fce6a115dfe..9ad74045158e 100644 > --- a/drivers/gpu/drm/drm_atomic_state_helper.c > +++ b/drivers/gpu/drm/drm_atomic_state_helper.c > @@ -32,6 +32,7 @@ > #include <drm/drm_device.h> > #include <drm/drm_plane.h> > #include <drm/drm_print.h> > +#include <drm/drm_vblank.h> > #include <drm/drm_writeback.h> > > #include <linux/slab.h> > @@ -93,6 +94,9 @@ __drm_atomic_helper_crtc_reset(struct drm_crtc *crtc, > if (crtc_state) > __drm_atomic_helper_crtc_state_reset(crtc_state, crtc); > > + if (drm_dev_has_vblank(crtc->dev)) > + drm_crtc_vblank_reset(crtc); > + > crtc->state = crtc_state; > } > EXPORT_SYMBOL(__drm_atomic_helper_crtc_reset); > diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c > index ca3368c828d0..9606185c284b 100644 > --- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c > +++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c > @@ -1117,8 +1117,6 @@ static void mdp5_crtc_reset(struct drm_crtc *crtc) > mdp5_crtc_destroy_state(crtc, crtc->state); > > __drm_atomic_helper_crtc_reset(crtc, &mdp5_cstate->base); > - > - drm_crtc_vblank_reset(crtc); > } > > static const struct drm_crtc_funcs mdp5_crtc_funcs = { > diff --git a/drivers/gpu/drm/omapdrm/omap_drv.c b/drivers/gpu/drm/omapdrm/omap_drv.c > index 242d28281784..7a7066cded79 100644 > --- a/drivers/gpu/drm/omapdrm/omap_drv.c > +++ b/drivers/gpu/drm/omapdrm/omap_drv.c > @@ -642,9 +642,6 @@ static int omapdrm_init(struct omap_drm_private *priv, struct device *dev) > goto err_cleanup_modeset; > } > > - for (i = 0; i < priv->num_pipes; i++) > - drm_crtc_vblank_off(priv->pipes[i].crtc); > - > omap_fbdev_init(ddev); > > drm_kms_helper_poll_init(ddev); > diff --git a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c > index d73e88ddecd0..e2959e32fd19 100644 > --- a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c > +++ b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c > @@ -1271,9 +1271,6 @@ int rcar_du_crtc_create(struct rcar_du_group *rgrp, unsigned int swindex, > > drm_crtc_helper_add(crtc, &crtc_helper_funcs); > > - /* Start with vertical blanking interrupt reporting disabled. */ > - drm_crtc_vblank_off(crtc); > - I'm sure I've added this code for a good reason, I would have sworn that vblank would be either broken or would complain very loudly without this call. I've however tested this patch, and haven't noticed any regression. Has something changed since I've added the call to drm_crtc_vblank_off() in the rcar-du driver ? It can't be __drm_atomic_helper_crtc_reset() handling it, as the rcar-du driver has a custom CRTC reset handler that doesn't call __drm_atomic_helper_crtc_reset(). If it works without calling drm_crtc_vblank_off() or drm_crtc_vblank_reset(), what's the purpose of drm_crtc_vblank_reset() ? /me is very puzzled > /* Register the interrupt handler. */ > if (rcar_du_has(rcdu, RCAR_DU_FEATURE_CRTC_IRQ_CLOCK)) { > /* The IRQ's are associated with the CRTC (sw)index. */ > diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c > index 83f31c6e891c..9b308b572eac 100644 > --- a/drivers/gpu/drm/tegra/dc.c > +++ b/drivers/gpu/drm/tegra/dc.c > @@ -1168,7 +1168,6 @@ static void tegra_crtc_reset(struct drm_crtc *crtc) > tegra_crtc_atomic_destroy_state(crtc, crtc->state); > > __drm_atomic_helper_crtc_reset(crtc, &state->base); > - drm_crtc_vblank_reset(crtc); > } > > static struct drm_crtc_state * > diff --git a/drivers/gpu/drm/tidss/tidss_crtc.c b/drivers/gpu/drm/tidss/tidss_crtc.c > index 89a226912de8..4d01c4af61cd 100644 > --- a/drivers/gpu/drm/tidss/tidss_crtc.c > +++ b/drivers/gpu/drm/tidss/tidss_crtc.c > @@ -352,8 +352,7 @@ static void tidss_crtc_reset(struct drm_crtc *crtc) > return; > } > > - crtc->state = &tcrtc->base; > - crtc->state->crtc = crtc; > + __drm_atomic_helper_crtc_reset(crtc, &tcrtc->base); > } > > static struct drm_crtc_state *tidss_crtc_duplicate_state(struct drm_crtc *crtc) > diff --git a/drivers/gpu/drm/tidss/tidss_kms.c b/drivers/gpu/drm/tidss/tidss_kms.c > index 4b99e9fa84a5..e6ab59eed259 100644 > --- a/drivers/gpu/drm/tidss/tidss_kms.c > +++ b/drivers/gpu/drm/tidss/tidss_kms.c > @@ -278,10 +278,6 @@ int tidss_modeset_init(struct tidss_device *tidss) > if (ret) > return ret; > > - /* Start with vertical blanking interrupt reporting disabled. */ > - for (i = 0; i < tidss->num_crtcs; ++i) > - drm_crtc_vblank_reset(tidss->crtcs[i]); > - > drm_mode_config_reset(ddev); > > dev_dbg(tidss->dev, "%s done\n", __func__); -- Regards, Laurent Pinchart _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel