RE: [v1] drm/msm: add null checks for drm device to avoid crash during probe defer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: Dmitry Baryshkov <dmitry.baryshkov@xxxxxxxxxx>
> Sent: Friday, June 3, 2022 3:07 PM
> To: Vinod Polimera (QUIC) <quic_vpolimer@xxxxxxxxxxx>; dri-
> devel@xxxxxxxxxxxxxxxxxxxxx; linux-arm-msm@xxxxxxxxxxxxxxx;
> freedreno@xxxxxxxxxxxxxxxxxxxxx; devicetree@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx; robdclark@xxxxxxxxx;
> dianders@xxxxxxxxxxxx; vpolimer@xxxxxxxxxxx; swboyd@xxxxxxxxxxxx;
> kalyant@xxxxxxxxxxx
> Subject: Re: [v1] drm/msm: add null checks for drm device to avoid crash
> during probe defer
> 
> WARNING: This email originated from outside of Qualcomm. Please be wary
> of any links or attachments, and do not enable macros.
> 
> On 03/06/2022 12:22, Vinod Polimera wrote:
> > During probe defer, drm device is not initialized and an external
> > trigger to shutdown is trying to clean up drm device leading to crash.
> > Add checks to avoid drm device cleanup in such cases.
> >
> > BUG: unable to handle kernel NULL pointer dereference at virtual
> > address 00000000000000b8
> >
> > Call trace:
> >
> > drm_atomic_helper_shutdown+0x44/0x144
> > msm_pdev_shutdown+0x2c/0x38
> > platform_shutdown+0x2c/0x38
> > device_shutdown+0x158/0x210
> > kernel_restart_prepare+0x40/0x4c
> > kernel_restart+0x20/0x6c
> > __arm64_sys_reboot+0x194/0x23c
> > invoke_syscall+0x50/0x13c
> > el0_svc_common+0xa0/0x17c
> > do_el0_svc_compat+0x28/0x34
> > el0_svc_compat+0x20/0x70
> > el0t_32_sync_handler+0xa8/0xcc
> > el0t_32_sync+0x1a8/0x1ac
> >
> > Signed-off-by: Vinod Polimera <quic_vpolimer@xxxxxxxxxxx>
> 
> Fixes ?
- Added fixes tag in v2.
> 
> > ---
> >   drivers/gpu/drm/msm/msm_drv.c | 6 +++++-
> >   1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/msm/msm_drv.c
> b/drivers/gpu/drm/msm/msm_drv.c
> > index 4448536..d62ac66 100644
> > --- a/drivers/gpu/drm/msm/msm_drv.c
> > +++ b/drivers/gpu/drm/msm/msm_drv.c
> > @@ -142,6 +142,9 @@ static void msm_irq_uninstall(struct drm_device
> *dev)
> >       struct msm_drm_private *priv = dev->dev_private;
> >       struct msm_kms *kms = priv->kms;
> >
> > +     if (!irq_has_action(kms->irq))
> > +             return;
> > +
> 
> Is this part required with
> https://patchwork.freedesktop.org/patch/485422/?series=103702&rev=1?
Yes, I feel like this is a better approach than maintaining a new variable. I see a couple of drivers following similar approach to safeguard uninstall without being install called.
> 
> >       kms->funcs->irq_uninstall(kms);
> >       if (kms->irq_requested)
> >               free_irq(kms->irq, dev);
> > @@ -259,6 +262,7 @@ static int msm_drm_uninit(struct device *dev)
> >
> >       ddev->dev_private = NULL;
> >       drm_dev_put(ddev);
> > +     priv->dev = NULL;
> 
> What are you trying to protect here?
If we get a shutdown call after probe defer, there can be stale pointer in priv->dev which is invalid that needs to be cleared.
> 
> >
> >       destroy_workqueue(priv->wq);
> >
> > @@ -1167,7 +1171,7 @@ void msm_drv_shutdown(struct platform_device
> *pdev)
> >       struct msm_drm_private *priv = platform_get_drvdata(pdev);
> >       struct drm_device *drm = priv ? priv->dev : NULL;
> >
> > -     if (!priv || !priv->kms)
> > +     if (!priv || !priv->kms || !drm)
> >               return;
> >
> >       drm_atomic_helper_shutdown(drm);
> 
> 
> --
> With best wishes
> Dmitry




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux