[Intel-gfx] [PATCH 09/16] drm/vgem: Stop calling drm_drv_set_unique

Daniel Vetter daniel at ffwll.ch
Mon Jun 20 12:51:20 UTC 2016


On Mon, Jun 20, 2016 at 12:42:55PM +0100, Chris Wilson wrote:
> On Fri, Jun 17, 2016 at 09:33:27AM +0200, Daniel Vetter wrote:
> > With the previous patch this is now redudant, the core always
> > sets a reasonable dev->unique string.
> > 
> > Cc: Sean Paul <seanpaul at chromium.org>
> > Signed-off-by: Daniel Vetter <daniel.vetter at intel.com>
> 
> Will this fix:

Oh the hilarity. No, this will unfortunately not fix this. And the bug has
been there since forever, since if you use the drmOpenByName (which
doesn't call SET_VERSION which hence might result with master->unique
still NULL).

I think the right fix for this would be to insert another

	else if (dev->unique)

case in drm_name_info. I'll try to type that one.
-Daniel

> 
> [ 4442.886507] ==================================================================
> [ 4442.886854] BUG: KASAN: null-ptr-deref on address 0000000000000050
> [ 4442.887116] Read of size 8 by task cat/1376
> [ 4442.887369] CPU: 1 PID: 1376 Comm: cat Not tainted 4.7.0-rc4+ #356
> [ 4442.887692] Hardware name:                  /NUC5CPYB, BIOS PYBSWCEL.86A.0027.2015.0507.1758 05/07/2015
> [ 4442.888169]  0000000000000000 ffff88022f057a50 ffffffff8145ebab ffff88022f057ae0
> [ 4442.889531]  ffff880234672900 ffff88022f057ad0 ffffffff812509f8 ffff880234672900
> [ 4442.890551]  ffffffff8124c214 0000000000000292 ffff88022f057ab0 ffffffff81114554
> [ 4442.891561] Call Trace:
> [ 4442.891832]  [<ffffffff8145ebab>] dump_stack+0x68/0x9d
> [ 4442.892119]  [<ffffffff812509f8>] kasan_report_error+0x438/0x530
> [ 4442.892416]  [<ffffffff8124c214>] ? __slab_alloc.constprop.66+0x44/0x70
> [ 4442.892710]  [<ffffffff81114554>] ? __lock_is_held+0x84/0xc0
> [ 4442.893003]  [<ffffffff81250ee9>] kasan_report+0x39/0x3b
> [ 4442.893290]  [<ffffffff8124c300>] ? __kmalloc+0xc0/0x2b0
> [ 4442.893578]  [<ffffffff815e2963>] ? drm_name_info+0xf3/0x150
> [ 4442.893864]  [<ffffffff8124fa3e>] __asan_load8+0x5e/0x70
> [ 4442.894148]  [<ffffffff815e2963>] drm_name_info+0xf3/0x150
> [ 4442.894436]  [<ffffffff81294085>] seq_read+0x1f5/0x820
> [ 4442.894727]  [<ffffffff81293e90>] ? seq_hlist_next_percpu+0x120/0x120
> [ 4442.895019]  [<ffffffff811f2630>] ? warn_alloc_failed+0x1e0/0x1e0
> [ 4442.895314]  [<ffffffff813d7ec5>] ? full_proxy_read+0x5/0xf0
> [ 4442.895604]  [<ffffffff813d7f70>] full_proxy_read+0xb0/0xf0
> [ 4442.895892]  [<ffffffff813d7ec5>] ? full_proxy_read+0x5/0xf0
> [ 4442.896182]  [<ffffffff81254ad7>] __vfs_read+0xd7/0x320
> [ 4442.896469]  [<ffffffff81254a00>] ? do_loop_readv_writev+0x120/0x120
> [ 4442.896760]  [<ffffffff811185c0>] ? debug_check_no_locks_freed+0x1a0/0x1a0
> [ 4442.897063]  [<ffffffff81226c60>] ? copy_page_range+0xc20/0xc20
> [ 4442.897352]  [<ffffffff811368aa>] ? debug_lockdep_rcu_enabled.part.4+0x1a/0x30
> [ 4442.897694]  [<ffffffff811368f5>] ? debug_lockdep_rcu_enabled+0x35/0x40
> [ 4442.897987]  [<ffffffff81256735>] ? rw_verify_area+0x65/0x140
> [ 4442.898276]  [<ffffffff812568cc>] vfs_read+0xbc/0x170
> [ 4442.898564]  [<ffffffff812586bb>] SyS_read+0xab/0x130
> [ 4442.898850]  [<ffffffff81258610>] ? vfs_copy_file_range+0x2f0/0x2f0
> [ 4442.899139]  [<ffffffff81118072>] ? trace_hardirqs_on_caller+0x182/0x280
> [ 4442.899433]  [<ffffffff8100179a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
> [ 4442.899728]  [<ffffffff8181b165>] entry_SYSCALL_64_fastpath+0x18/0xa8
> [ 4442.900018]  [<ffffffff81113b20>] ? trace_hardirqs_off_caller+0xc0/0x110
> [ 4442.900301] ==================================================================
> [ 4442.900603] Disabling lock debugging due to kernel taint
> [ 4442.901031] BUG: unable to handle kernel NULL pointer dereference at 0000000000000050
> [ 4442.906576] IP: [<ffffffff815e2963>] drm_name_info+0xf3/0x150
> [ 4442.906877] PGD 23472f067 PUD 2350f8067 PMD 0 
> [ 4442.907418] Oops: 0000 [#1] SMP KASAN
> [ 4442.907592] Modules linked in: vgem i915 intel_gtt
> [ 4442.908279] CPU: 1 PID: 1376 Comm: cat Tainted: G    B           4.7.0-rc4+ #356
> [ 4442.908500] Hardware name:                  /NUC5CPYB, BIOS PYBSWCEL.86A.0027.2015.0507.1758 05/07/2015
> [ 4442.908732] task: ffff880234672900 ti: ffff88022f050000 task.ti: ffff88022f050000
> [ 4442.908952] RIP: 0010:[<ffffffff815e2963>]  [<ffffffff815e2963>] drm_name_info+0xf3/0x150
> [ 4442.909310] RSP: 0018:ffff88022f057b28  EFLAGS: 00010282
> [ 4442.909492] RAX: ffff880234672900 RBX: 0000000000000000 RCX: ffffffff81117f06
> [ 4442.909680] RDX: 0000000000000004 RSI: 0000000000000003 RDI: ffffffff82181b20
> [ 4442.909868] RBP: ffff88022f057b50 R08: 0000000000000003 R09: 0000000000000000
> [ 4442.910054] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8802346c55f0
> [ 4442.910240] R13: ffff880235a6a000 R14: 0000000000000000 R15: ffff880231f1c7e0
> [ 4442.910428] FS:  00007f9349817700(0000) GS:ffff880237700000(0000) knlGS:0000000000000000
> [ 4442.910652] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 4442.910834] CR2: 0000000000000050 CR3: 00000002350f6000 CR4: 00000000001006e0
> [ 4442.911016] Stack:
> [ 4442.911185]  ffff880235a6a000 0000000000000001 ffff880235a6a0c0 0000000000000000
> [ 4442.911906]  ffff880231f1c7e0 ffff88022f057ca0 ffffffff81294085 ffff880234673028
> [ 4442.912627]  ffff880234672fd8 00007f93497f5000 ffff880235a6a030 ffff88022f057ee0
> [ 4442.913349] Call Trace:
> [ 4442.913534]  [<ffffffff81294085>] seq_read+0x1f5/0x820
> [ 4442.913735]  [<ffffffff81293e90>] ? seq_hlist_next_percpu+0x120/0x120
> [ 4442.919906]  [<ffffffff811f2630>] ? warn_alloc_failed+0x1e0/0x1e0
> [ 4442.920111]  [<ffffffff813d7ec5>] ? full_proxy_read+0x5/0xf0
> [ 4442.920314]  [<ffffffff813d7f70>] full_proxy_read+0xb0/0xf0
> [ 4442.920514]  [<ffffffff813d7ec5>] ? full_proxy_read+0x5/0xf0
> [ 4442.920715]  [<ffffffff81254ad7>] __vfs_read+0xd7/0x320
> [ 4442.920916]  [<ffffffff81254a00>] ? do_loop_readv_writev+0x120/0x120
> [ 4442.921119]  [<ffffffff811185c0>] ? debug_check_no_locks_freed+0x1a0/0x1a0
> [ 4442.921322]  [<ffffffff81226c60>] ? copy_page_range+0xc20/0xc20
> [ 4442.921522]  [<ffffffff811368aa>] ? debug_lockdep_rcu_enabled.part.4+0x1a/0x30
> [ 4442.921757]  [<ffffffff811368f5>] ? debug_lockdep_rcu_enabled+0x35/0x40
> [ 4442.921961]  [<ffffffff81256735>] ? rw_verify_area+0x65/0x140
> [ 4442.922162]  [<ffffffff812568cc>] vfs_read+0xbc/0x170
> [ 4442.922360]  [<ffffffff812586bb>] SyS_read+0xab/0x130
> [ 4442.922558]  [<ffffffff81258610>] ? vfs_copy_file_range+0x2f0/0x2f0
> [ 4442.922758]  [<ffffffff81118072>] ? trace_hardirqs_on_caller+0x182/0x280
> [ 4442.922962]  [<ffffffff8100179a>] ? trace_hardirqs_on_thunk+0x1a/0x1c
> [ 4442.923163]  [<ffffffff8181b165>] entry_SYSCALL_64_fastpath+0x18/0xa8
> [ 4442.923365]  [<ffffffff81113b20>] ? trace_hardirqs_off_caller+0xc0/0x110
> [ 4442.923561] Code: 5c 41 5d 41 5e 41 5f 5d c3 48 8d 7b 10 e8 96 d0 c6 ff 4c 8b 7b 10 eb ad e8 8b d0 c6 ff 49 8b 5c 24 18 48 8d 7b 50 e8 7d d0 c6 ff <4c> 8b 73 50 4d 85 f6 74 41 49 8d 7c 24 20 e8 6a d0 c6 ff 49 8b 
> [ 4442.937003] RIP  [<ffffffff815e2963>] drm_name_info+0xf3/0x150
> [ 4442.937306]  RSP <ffff88022f057b28>
> [ 4442.937476] CR2: 0000000000000050
> [ 4442.941304] ---[ end trace 7b3b90baf4ed1a85 ]---
> 
> -- 
> Chris Wilson, Intel Open Source Technology Centre

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch


More information about the Intel-gfx mailing list