[Bug 101791] [BAT][SKL][GVT-d] igt at drv_module_reload@basic-reload-inject produces a general protection fault

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jul 14 15:54:57 UTC 2017 

https://bugs.freedesktop.org/show_bug.cgi?id=101791

--- Comment #1 from Chris Wilson <chris at chris-wilson.co.uk> ---
It's a use after free (kasan where are you!) in the async fbdev paths.

CI_DRM_2726 was:

mmit 346fb4e0b9660e2fe888f870608d287e1980f665
Author: Daniel Vetter <daniel.vetter at ffwll.ch>
Date:   Thu Jul 6 15:00:20 2017 +0200

    drm/i915: Protect against deferred fbdev setup

    We could probably hit this already with our current async fbdev init,
    but it's much easier to hit this with the new deferred fbdev setup
    that I'm working on polishing.

    Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
    Reported-by: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
    Reviewed-by: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
    Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
    Link:
http://patchwork.freedesktop.org/patch/msgid/20170706130023.28417-2-daniel.vetter@ffwll.ch

commit 88be58be886f1215cc73dc8c273c985eecd7385c
Author: Daniel Vetter <daniel.vetter at ffwll.ch>
Date:   Thu Jul 6 15:00:19 2017 +0200

    drm/i915/fbdev: Always forward hotplug events

    With deferred fbdev setup we always need to forward hotplug events,
    even if fbdev isn't fully set up yet. Otherwise the deferred setup
    will neer happen.

    Originally this check was added in

    commit c45eb4fed12d278d3619f1904885bd0d7bcbf036 (tag:
drm-intel-next-fixes-2016-08-05)
    Author: Chris Wilson <chris at chris-wilson.co.uk>
    Date:   Wed Jul 13 18:34:45 2016 +0100

        drm/i915/fbdev: Check for the framebuffer before use

    But the specific case of the hotplug function blowing up was fixed in

    commit 50c3dc970a09b3b60422a58934cc27a413288bab
    Author: Daniel Vetter <daniel.vetter at ffwll.ch>
    Date:   Fri Jun 27 17:19:22 2014 +0200

        drm/fb-helper: Fix hpd vs. initial config races

    Cc: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
    Cc: Mika Kuoppala <mika.kuoppala at intel.com>
    Cc: Chris Wilson <chris at chris-wilson.co.uk>
    Reviewed-by: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
    Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
    Link:
http://patchwork.freedesktop.org/patch/msgid/20170706130023.28417-1-daniel.vetter@ffwll.ch

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20170714/986392bc/attachment-0001.html>

More information about the intel-gfx-bugs mailing list