[PATCH] drm/atomic-helper: reset vblank on crtc reset
Liviu Dudau
liviu.dudau at arm.com
Wed May 27 10:57:02 UTC 2020
Hi Daniel,
On Wed, May 27, 2020 at 11:53:32AM +0200, Daniel Vetter wrote:
> Only when vblanks are supported ofc.
>
> Some drivers do this already, but most unfortunately missed it. This
> opens up bugs after driver load, before the crtc is enabled for the
> first time. syzbot spotted this when loading vkms as a secondary
> output. Given how many drivers are buggy it's best to solve this once
> and for all in shared helper code.
>
> Aside from moving the few existing calls to drm_crtc_vblank_reset into
> helpers (i915 doesn't use helpers, so keeps its own) I think the
> regression risk is minimal: atomic helpers already rely on drivers
> calling drm_crtc_vblank_on/off correctly in their hooks when they
> support vblanks. And driver that's failing to handle vblanks after
> this is missing those calls already, and vblanks could only work by
> accident when enabling a CRTC for the first time right after boot.
>
> Big thanks to Tetsuo for helping track down what's going wrong here.
>
> There's only a few drivers which already had the necessary call and
> needed some updating:
> - komeda, atmel and tidss also needed to be changed to call
> __drm_atomic_helper_crtc_reset() intead of open coding it
> - tegra and msm even had it in the same place already, just code
> motion, and malidp already uses __drm_atomic_helper_crtc_reset().
>
> Only call left is in i915, which doesn't use drm_mode_config_reset,
> but has its own fastboot infrastructure. So that's the only case where
> we actually want this in the driver still.
>
> I've also reviewed all other drivers which set up vblank support with
> drm_vblank_init. After the previous patch fixing mxsfb all atomic
> drivers do call drm_crtc_vblank_on/off as they should, the remaining
> drivers are either legacy kms or legacy dri1 drivers, so not affected
> by this change to atomic helpers.
>
> v2: Use the drm_dev_has_vblank() helper.
>
> Link: https://syzkaller.appspot.com/bug?id=0ba17d70d062b2595e1f061231474800f076c7cb
> Reported-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> Reported-by: syzbot+0871b14ca2e2fb64f6e3 at syzkaller.appspotmail.com
> Cc: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> Cc: "James (Qian) Wang" <james.qian.wang at arm.com>
> Cc: Liviu Dudau <liviu.dudau at arm.com>
> Cc: Mihail Atanassov <mihail.atanassov at arm.com>
> Cc: Brian Starkey <brian.starkey at arm.com>
> Cc: Sam Ravnborg <sam at ravnborg.org>
> Cc: Boris Brezillon <bbrezillon at kernel.org>
> Cc: Nicolas Ferre <nicolas.ferre at microchip.com>
> Cc: Alexandre Belloni <alexandre.belloni at bootlin.com>
> Cc: Ludovic Desroches <ludovic.desroches at microchip.com>
> Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
> Cc: Maxime Ripard <mripard at kernel.org>
> Cc: Thomas Zimmermann <tzimmermann at suse.de>
> Cc: David Airlie <airlied at linux.ie>
> Cc: Daniel Vetter <daniel at ffwll.ch>
> Cc: Thierry Reding <thierry.reding at gmail.com>
> Cc: Jonathan Hunter <jonathanh at nvidia.com>
> Cc: Jyri Sarha <jsarha at ti.com>
> Cc: Tomi Valkeinen <tomi.valkeinen at ti.com>
> Cc: Rob Clark <robdclark at gmail.com>
> Cc: Sean Paul <seanpaul at chromium.org>
> Cc: Brian Masney <masneyb at onstation.org>
> Cc: Emil Velikov <emil.velikov at collabora.com>
> Cc: zhengbin <zhengbin13 at huawei.com>
> Cc: Thomas Gleixner <tglx at linutronix.de>
> Cc: linux-tegra at vger.kernel.org
> Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
> ---
> drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++-----
> drivers/gpu/drm/arm/malidp_drv.c | 1 -
> drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++-----
> drivers/gpu/drm/drm_atomic_state_helper.c | 4 ++++
> drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 --
> drivers/gpu/drm/tegra/dc.c | 1 -
> drivers/gpu/drm/tidss/tidss_crtc.c | 3 +--
> drivers/gpu/drm/tidss/tidss_kms.c | 4 ----
> 8 files changed, 9 insertions(+), 20 deletions(-)
>
> diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
> index 56bd938961ee..f33418d6e1a0 100644
> --- a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
> +++ b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c
> @@ -492,10 +492,8 @@ static void komeda_crtc_reset(struct drm_crtc *crtc)
> crtc->state = NULL;
>
> state = kzalloc(sizeof(*state), GFP_KERNEL);
> - if (state) {
> - crtc->state = &state->base;
> - crtc->state->crtc = crtc;
> - }
> + if (state)
> + __drm_atomic_helper_crtc_reset(crtc, &state->base);
> }
>
> static struct drm_crtc_state *
> @@ -616,7 +614,6 @@ static int komeda_crtc_add(struct komeda_kms_dev *kms,
> return err;
>
> drm_crtc_helper_add(crtc, &komeda_crtc_helper_funcs);
> - drm_crtc_vblank_reset(crtc);
>
> crtc->port = kcrtc->master->of_output_port;
>
> diff --git a/drivers/gpu/drm/arm/malidp_drv.c b/drivers/gpu/drm/arm/malidp_drv.c
> index c2507b7d8512..02904392e370 100644
> --- a/drivers/gpu/drm/arm/malidp_drv.c
> +++ b/drivers/gpu/drm/arm/malidp_drv.c
> @@ -870,7 +870,6 @@ static int malidp_bind(struct device *dev)
> drm->irq_enabled = true;
>
> ret = drm_vblank_init(drm, drm->mode_config.num_crtc);
> - drm_crtc_vblank_reset(&malidp->crtc);
It was a couple of years ago but I remember Alexandru-Cosmin tracking an issue around
this. The reason for reseting the vblank so early after calling drm_vblank_init was that
you could have userspace calling drm_wait_vblank() before crtc activation and in our
case it will trigger some warnings in the driver (details are fuzzy right now). The
relevant commit was cabce6343fd ("drm: mali-dp: Call drm_crtc_vblank_reset on device
init").
Have you done any testing with that scenario on any of the drivers?
Best regards,
Liviu
> if (ret < 0) {
> DRM_ERROR("failed to initialise vblank\n");
> goto vblank_fail;
> diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> index 10985134ce0b..ce246b96330b 100644
> --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c
> @@ -411,10 +411,8 @@ static void atmel_hlcdc_crtc_reset(struct drm_crtc *crtc)
> }
>
> state = kzalloc(sizeof(*state), GFP_KERNEL);
> - if (state) {
> - crtc->state = &state->base;
> - crtc->state->crtc = crtc;
> - }
> + if (state)
> + __drm_atomic_helper_crtc_reset(crtc, &state->base);
> }
>
> static struct drm_crtc_state *
> @@ -528,7 +526,6 @@ int atmel_hlcdc_crtc_create(struct drm_device *dev)
> }
>
> drm_crtc_helper_add(&crtc->base, &lcdc_crtc_helper_funcs);
> - drm_crtc_vblank_reset(&crtc->base);
>
> drm_mode_crtc_set_gamma_size(&crtc->base, ATMEL_HLCDC_CLUT_SIZE);
> drm_crtc_enable_color_mgmt(&crtc->base, 0, false,
> diff --git a/drivers/gpu/drm/drm_atomic_state_helper.c b/drivers/gpu/drm/drm_atomic_state_helper.c
> index 8fce6a115dfe..9ad74045158e 100644
> --- a/drivers/gpu/drm/drm_atomic_state_helper.c
> +++ b/drivers/gpu/drm/drm_atomic_state_helper.c
> @@ -32,6 +32,7 @@
> #include <drm/drm_device.h>
> #include <drm/drm_plane.h>
> #include <drm/drm_print.h>
> +#include <drm/drm_vblank.h>
> #include <drm/drm_writeback.h>
>
> #include <linux/slab.h>
> @@ -93,6 +94,9 @@ __drm_atomic_helper_crtc_reset(struct drm_crtc *crtc,
> if (crtc_state)
> __drm_atomic_helper_crtc_state_reset(crtc_state, crtc);
>
> + if (drm_dev_has_vblank(crtc->dev))
> + drm_crtc_vblank_reset(crtc);
> +
> crtc->state = crtc_state;
> }
> EXPORT_SYMBOL(__drm_atomic_helper_crtc_reset);
> diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
> index ca3368c828d0..9606185c284b 100644
> --- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
> +++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c
> @@ -1117,8 +1117,6 @@ static void mdp5_crtc_reset(struct drm_crtc *crtc)
> mdp5_crtc_destroy_state(crtc, crtc->state);
>
> __drm_atomic_helper_crtc_reset(crtc, &mdp5_cstate->base);
> -
> - drm_crtc_vblank_reset(crtc);
> }
>
> static const struct drm_crtc_funcs mdp5_crtc_funcs = {
> diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
> index 83f31c6e891c..9b308b572eac 100644
> --- a/drivers/gpu/drm/tegra/dc.c
> +++ b/drivers/gpu/drm/tegra/dc.c
> @@ -1168,7 +1168,6 @@ static void tegra_crtc_reset(struct drm_crtc *crtc)
> tegra_crtc_atomic_destroy_state(crtc, crtc->state);
>
> __drm_atomic_helper_crtc_reset(crtc, &state->base);
> - drm_crtc_vblank_reset(crtc);
> }
>
> static struct drm_crtc_state *
> diff --git a/drivers/gpu/drm/tidss/tidss_crtc.c b/drivers/gpu/drm/tidss/tidss_crtc.c
> index 89a226912de8..4d01c4af61cd 100644
> --- a/drivers/gpu/drm/tidss/tidss_crtc.c
> +++ b/drivers/gpu/drm/tidss/tidss_crtc.c
> @@ -352,8 +352,7 @@ static void tidss_crtc_reset(struct drm_crtc *crtc)
> return;
> }
>
> - crtc->state = &tcrtc->base;
> - crtc->state->crtc = crtc;
> + __drm_atomic_helper_crtc_reset(crtc, &tcrtc->base);
> }
>
> static struct drm_crtc_state *tidss_crtc_duplicate_state(struct drm_crtc *crtc)
> diff --git a/drivers/gpu/drm/tidss/tidss_kms.c b/drivers/gpu/drm/tidss/tidss_kms.c
> index 4b99e9fa84a5..e6ab59eed259 100644
> --- a/drivers/gpu/drm/tidss/tidss_kms.c
> +++ b/drivers/gpu/drm/tidss/tidss_kms.c
> @@ -278,10 +278,6 @@ int tidss_modeset_init(struct tidss_device *tidss)
> if (ret)
> return ret;
>
> - /* Start with vertical blanking interrupt reporting disabled. */
> - for (i = 0; i < tidss->num_crtcs; ++i)
> - drm_crtc_vblank_reset(tidss->crtcs[i]);
> -
> drm_mode_config_reset(ddev);
>
> dev_dbg(tidss->dev, "%s done\n", __func__);
> --
> 2.26.2
>
--
====================
| I would like to |
| fix the world, |
| but they're not |
| giving me the |
\ source code! /
---------------
¯\_(ツ)_/¯
More information about the dri-devel
mailing list