kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/drivers
History
Chris Wilson b3bf99daae drm/i915/display: Defer initial modeset until after GGTT is initialised 
Prior to sanitizing the GGTT, the only operations allowed in
intel_display_init_nogem() are those to reserve the preallocated (and
active) regions in the GGTT leftover from the BIOS. Trying to allocate a
GGTT vma (such as intel_pin_and_fence_fb_obj during the initial modeset)
may then conflict with other preallocated regions that have not yet been
protected.

Move the initial modesetting from the end of init_nogem to the beginning
of init so that any vma pinning (either framebuffers or DSB, for example),
is after the GGTT is ready to handle it.

This will prevent the DSB object from being destroyed too early:

[   53.449241] BUG: KASAN: use-after-free in i915_init_ggtt+0x324/0x9e0 [i915]
[   53.449309] Read of size 8 at addr ffff88811b1e8070 by task systemd-udevd/345

[   53.449399] CPU: 1 PID: 345 Comm: systemd-udevd Tainted: G        W         5.10.0-rc5+ #12
[   53.449409] Call Trace:
[   53.449418]  dump_stack+0x9a/0xcc
[   53.449558]  ? i915_init_ggtt+0x324/0x9e0 [i915]
[   53.449565]  print_address_description.constprop.0+0x3e/0x60
[   53.449577]  ? _raw_spin_lock_irqsave+0x4e/0x50
[   53.449718]  ? i915_init_ggtt+0x324/0x9e0 [i915]
[   53.449849]  ? i915_init_ggtt+0x324/0x9e0 [i915]
[   53.449857]  kasan_report.cold+0x1f/0x37
[   53.449993]  ? i915_init_ggtt+0x324/0x9e0 [i915]
[   53.450130]  i915_init_ggtt+0x324/0x9e0 [i915]
[   53.450273]  ? i915_ggtt_suspend+0x1f0/0x1f0 [i915]
[   53.450281]  ? static_obj+0x69/0x80
[   53.450289]  ? lockdep_init_map_waits+0xa9/0x310
[   53.450431]  ? intel_wopcm_init+0x96/0x3d0 [i915]
[   53.450581]  ? i915_gem_init+0x75/0x2d0 [i915]
[   53.450720]  i915_gem_init+0x75/0x2d0 [i915]
[   53.450852]  i915_driver_probe+0x8c2/0x1210 [i915]
[   53.450993]  ? i915_pm_prepare+0x630/0x630 [i915]
[   53.451006]  ? check_chain_key+0x1e7/0x2e0
[   53.451025]  ? __pm_runtime_resume+0x58/0xb0
[   53.451157]  i915_pci_probe+0xa6/0x2b0 [i915]
[   53.451285]  ? i915_pci_remove+0x40/0x40 [i915]
[   53.451295]  ? lockdep_hardirqs_on_prepare+0x124/0x230
[   53.451302]  ? _raw_spin_unlock_irqrestore+0x42/0x50
[   53.451309]  ? lockdep_hardirqs_on+0xbf/0x130
[   53.451315]  ? preempt_count_sub+0xf/0xb0
[   53.451321]  ? _raw_spin_unlock_irqrestore+0x2f/0x50
[   53.451335]  pci_device_probe+0xf9/0x190
[   53.451350]  really_probe+0x17f/0x5b0
[   53.451365]  driver_probe_device+0x13a/0x1c0
[   53.451376]  device_driver_attach+0x82/0x90
[   53.451386]  ? device_driver_attach+0x90/0x90
[   53.451391]  __driver_attach+0xab/0x190
[   53.451401]  ? device_driver_attach+0x90/0x90
[   53.451407]  bus_for_each_dev+0xe4/0x140
[   53.451414]  ? subsys_dev_iter_exit+0x10/0x10
[   53.451423]  ? __list_add_valid+0x2b/0xa0
[   53.451440]  bus_add_driver+0x227/0x2e0
[   53.451454]  driver_register+0xd3/0x150
[   53.451585]  i915_init+0x92/0xac [i915]
[   53.451592]  ? 0xffffffffa0a20000
[   53.451598]  do_one_initcall+0xb6/0x3b0
[   53.451606]  ? trace_event_raw_event_initcall_finish+0x150/0x150
[   53.451614]  ? __kasan_kmalloc.constprop.0+0xc2/0xd0
[   53.451627]  ? kmem_cache_alloc_trace+0x4a4/0x8e0
[   53.451634]  ? kasan_unpoison_shadow+0x33/0x40
[   53.451649]  do_init_module+0xf8/0x350
[   53.451662]  load_module+0x43de/0x47f0
[   53.451716]  ? module_frob_arch_sections+0x20/0x20
[   53.451731]  ? rw_verify_area+0x5f/0x130
[   53.451780]  ? __do_sys_finit_module+0x10d/0x1a0
[   53.451785]  __do_sys_finit_module+0x10d/0x1a0
[   53.451792]  ? __ia32_sys_init_module+0x40/0x40
[   53.451800]  ? seccomp_do_user_notification.isra.0+0x5c0/0x5c0
[   53.451829]  ? rcu_read_lock_bh_held+0xb0/0xb0
[   53.451835]  ? mark_held_locks+0x24/0x90
[   53.451856]  do_syscall_64+0x33/0x80
[   53.451863]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[   53.451868] RIP: 0033:0x7fde09b4470d
[   53.451875] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 53 f7 0c 00 f7 d8 64 89 01 48
[   53.451880] RSP: 002b:00007ffd6abc1718 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   53.451890] RAX: ffffffffffffffda RBX: 000056444e528150 RCX: 00007fde09b4470d
[   53.451895] RDX: 0000000000000000 RSI: 00007fde09a21ded RDI: 000000000000000f
[   53.451899] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000000
[   53.451904] R10: 000000000000000f R11: 0000000000000246 R12: 00007fde09a21ded
[   53.451909] R13: 0000000000000000 R14: 000056444e329200 R15: 000056444e528150

[   53.451957] Allocated by task 345:
[   53.451995]  kasan_save_stack+0x1b/0x40
[   53.452001]  __kasan_kmalloc.constprop.0+0xc2/0xd0
[   53.452006]  kmem_cache_alloc+0x1cd/0x8d0
[   53.452146]  i915_vma_instance+0x126/0xb70 [i915]
[   53.452304]  i915_gem_object_ggtt_pin_ww+0x222/0x3f0 [i915]
[   53.452446]  intel_dsb_prepare+0x14f/0x230 [i915]
[   53.452588]  intel_atomic_commit+0x183/0x690 [i915]
[   53.452730]  intel_initial_commit+0x2bc/0x2f0 [i915]
[   53.452871]  intel_modeset_init_nogem+0xa02/0x2af0 [i915]
[   53.452995]  i915_driver_probe+0x8af/0x1210 [i915]
[   53.453120]  i915_pci_probe+0xa6/0x2b0 [i915]
[   53.453125]  pci_device_probe+0xf9/0x190
[   53.453131]  really_probe+0x17f/0x5b0
[   53.453136]  driver_probe_device+0x13a/0x1c0
[   53.453142]  device_driver_attach+0x82/0x90
[   53.453148]  __driver_attach+0xab/0x190
[   53.453153]  bus_for_each_dev+0xe4/0x140
[   53.453158]  bus_add_driver+0x227/0x2e0
[   53.453164]  driver_register+0xd3/0x150
[   53.453286]  i915_init+0x92/0xac [i915]
[   53.453292]  do_one_initcall+0xb6/0x3b0
[   53.453297]  do_init_module+0xf8/0x350
[   53.453302]  load_module+0x43de/0x47f0
[   53.453307]  __do_sys_finit_module+0x10d/0x1a0
[   53.453312]  do_syscall_64+0x33/0x80
[   53.453318]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

[   53.453345] Freed by task 82:
[   53.453379]  kasan_save_stack+0x1b/0x40
[   53.453384]  kasan_set_track+0x1c/0x30
[   53.453389]  kasan_set_free_info+0x1b/0x30
[   53.453394]  __kasan_slab_free+0x112/0x160
[   53.453399]  kmem_cache_free+0xb2/0x3f0
[   53.453536]  i915_gem_flush_free_objects+0x31a/0x3b0 [i915]
[   53.453542]  process_one_work+0x519/0x9f0
[   53.453547]  worker_thread+0x75/0x5c0
[   53.453552]  kthread+0x1da/0x230
[   53.453557]  ret_from_fork+0x22/0x30

[   53.453584] The buggy address belongs to the object at ffff88811b1e8040
                which belongs to the cache i915_vma of size 968
[   53.453692] The buggy address is located 48 bytes inside of
                968-byte region [ffff88811b1e8040, ffff88811b1e8408)
[   53.453792] The buggy address belongs to the page:
[   53.453842] page:00000000b35f7048 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88811b1ef940 pfn:0x11b1e8
[   53.453847] head:00000000b35f7048 order:3 compound_mapcount:0 compound_pincount:0
[   53.453853] flags: 0x8000000000010200(slab|head)
[   53.453860] raw: 8000000000010200 ffff888115596248 ffff888115596248 ffff8881155b6340
[   53.453866] raw: ffff88811b1ef940 0000000000170001 00000001ffffffff 0000000000000000
[   53.453870] page dumped because: kasan: bad access detected

[   53.453895] Memory state around the buggy address:
[   53.453944]  ffff88811b1e7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.454011]  ffff88811b1e7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.454079] >ffff88811b1e8000: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[   53.454146]                                                              ^
[   53.454211]  ffff88811b1e8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.454279]  ffff88811b1e8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   53.454347] ==================================================================
[   53.454414] Disabling lock debugging due to kernel taint
[   53.454434] general protection fault, probably for non-canonical address 0xdead0000000000d0: 0000 [#1] PREEMPT SMP KASAN PTI
[   53.454446] CPU: 1 PID: 345 Comm: systemd-udevd Tainted: G    B   W         5.10.0-rc5+ #12
[   53.454592] RIP: 0010:i915_init_ggtt+0x26f/0x9e0 [i915]
[   53.454602] Code: 89 8d 48 ff ff ff 4c 8d 60 d0 49 39 c7 0f 84 37 02 00 00 4c 89 b5 40 ff ff ff 4d 8d bc 24 90 00 00 00 4c 89 ff e8 c1 97 f8 e0 <49> 83 bc 24 90 00 00 00 00 0f 84 0f 02 00 00 49 8d 7c 24 08 e8 a8
[   53.454618] RSP: 0018:ffff88812247f430 EFLAGS: 00010286
[   53.454625] RAX: 0000000000000000 RBX: ffff888136440000 RCX: ffffffffa03fb78f
[   53.454633] RDX: 0000000000000000 RSI: 0000000000000008 RDI: dead000000000160
[   53.454641] RBP: ffff88812247f500 R08: ffffffff8113589f R09: 0000000000000000
[   53.454648] R10: ffffffff83063843 R11: fffffbfff060c708 R12: dead0000000000d0
[   53.454656] R13: ffff888136449ba0 R14: 0000000000002000 R15: dead000000000160
[   53.454664] FS:  00007fde095c4880(0000) GS:ffff88840c880000(0000) knlGS:0000000000000000
[   53.454672] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.454679] CR2: 00007fef132b4f28 CR3: 000000012245c002 CR4: 00000000003706e0
[   53.454686] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.454693] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.454700] Call Trace:
[   53.454833]  ? i915_ggtt_suspend+0x1f0/0x1f0 [i915]

Reported-by: Matthew Auld <matthew.auld@intel.com>
Fixes: afeda4f3b1 ("drm/i915/dsb: Pre allocate and late cleanup of cmd buffer")
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Matthew Auld <matthew.auld@intel.com>
Cc: Lucas De Marchi <lucas.demarchi@intel.com>
Tested-by: Matthew Auld <matthew.auld@intel.com>
Reviewed-by: Matthew Auld <matthew.auld@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20201125193032.29282-1-chris@chris-wilson.co.uk
2020-11-26 11:01:52 +00:00
..
accessibility
acpi Merge branches 'acpi-button' and 'acpi-dock' 2020-10-30 16:31:20 +01:00
amba
android task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
ata libata-5.10-2020-10-30 2020-10-30 14:51:01 -07:00
atm
auxdisplay
base device property: Don't clear secondary pointer for shared primary firmware node 2020-10-27 19:20:03 +01:00
bcma bcma: use semicolons rather than commas to separate statements 2020-10-01 16:23:50 +03:00
block xsysace: use platform_get_resource() and platform_get_irq_optional() 2020-10-29 08:22:33 -06:00
bluetooth Bluetooth: btintel: Replace zero-length array with flexible-array member 2020-10-30 16:57:41 -05:00
bus ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
cdrom
char random32: make prandom_u32() output unpredictable 2020-10-24 20:21:57 +02:00
clk treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
clocksource treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
connector
counter
cpufreq cpufreq: Introduce cpufreq_driver_test_flags() 2020-10-29 14:07:30 +01:00
cpuidle powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
crypto s390 updates for the 5.10 merge window 2020-10-16 12:36:38 -07:00
dax fuse update for 5.10 2020-10-19 14:28:30 -07:00
dca
devfreq
dio
dma misc: mic: remove the MIC drivers 2020-10-28 19:12:03 +01:00
dma-buf drm-misc-next for 5.11: 2020-11-04 11:49:10 +10:00
edac EFI changes for v5.10: 2020-10-12 13:26:49 -07:00
eisa
extcon
firewire
firmware ARM SCMI fixes for v5.10 2020-10-26 12:40:02 +01:00
fpga
fsi
gnss
gpio - New Drivers 2020-10-14 15:56:58 -07:00
gpu drm/i915/display: Defer initial modeset until after GGTT is initialised 2020-11-26 11:01:52 +00:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-10-23 16:16:31 -07:00
hsi
hv Merge branch 'akpm' (patches from Andrew) 2020-10-16 11:31:55 -07:00
hwmon ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
hwspinlock
hwtracing coresight: cti: Initialize dynamic sysfs attributes 2020-10-29 20:10:25 +01:00
i2c i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs 2020-10-25 13:33:54 +01:00
i3c * Fix DAA for the pre-reserved address case 2020-10-17 11:01:01 -07:00
ide block-5.10-2020-10-12 2020-10-13 12:12:44 -07:00
idle intel_idle: Fix max_cstate for processor models without C-state tables 2020-10-27 19:03:53 +01:00
iio chrome platform changes for 5.10 2020-10-23 10:54:13 -07:00
infiniband RDMA/qedr: Fix memory leak in iWARP CM 2020-10-28 09:45:25 -03:00
input Merge branch 'parisc-5.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux 2020-10-25 10:59:34 -07:00
interconnect interconnect: qcom: use icc_sync state for sm8[12]50 2020-10-27 16:01:22 +02:00
iommu IOMMU Fix for Linux v5.10: 2020-10-20 09:35:06 -07:00
ipack
irqchip treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
isdn
leds leds: pwm: Remove platform_data support 2020-10-07 12:02:58 +02:00
lightnvm lightnvm: fix out-of-bounds write to array devices->info[] 2020-10-16 09:28:45 -06:00
macintosh powerpc updates for 5.10 2020-10-16 12:21:15 -07:00
mailbox ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
mcb
md - Improve DM core's bio splitting to use blk_max_size_offset(). Also 2020-10-14 15:05:38 -07:00
media drm-misc-next for 5.11: 2020-11-04 11:49:10 +10:00
memory ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
memstick
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-10-26 16:57:18 -04:00
mfd - New Drivers 2020-10-14 15:56:58 -07:00
misc drm-misc-next for 5.11: 2020-11-04 11:49:10 +10:00
mmc MMC host: 2020-10-30 11:04:11 -07:00
most
mtd This pull request contains fixes for UBI and UBIFS 2020-10-18 09:56:50 -07:00
mux
net flexible-array member conversion patches for 5.10-rc2 2020-10-31 14:31:28 -07:00
nfc nfc: remove unneeded break 2020-10-20 10:36:41 -07:00
ntb Bug fixes for v5.10 2020-10-25 11:12:31 -07:00
nubus
nvdimm mm/memremap_pages: support multiple ranges per invocation 2020-10-13 18:38:28 -07:00
nvme block-5.10-2020-10-30 2020-10-30 15:02:49 -07:00
nvmem
of dma-mapping: fix 32-bit overflow with CONFIG_ARM_LPAE=n 2020-10-29 16:59:34 +01:00
opp Merge branch 'cpufreq/arm/linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/vireshk/pm 2020-10-06 12:26:45 +02:00
oprofile
parisc dma-mapping: split <linux/dma-mapping.h> 2020-10-06 07:07:03 +02:00
parport
pci VFIO updates for v5.10-rc1 2020-10-22 13:00:44 -07:00
pcmcia
perf perf: arm-cmn: Fix conversion specifiers for node type 2020-10-01 22:30:07 +01:00
phy pci-v5.10-changes 2020-10-22 12:41:00 -07:00
pinctrl Pin control bulk changes for the v5.10 kernel cycle 2020-10-14 15:25:04 -07:00
platform Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-10-23 16:16:31 -07:00
pnp PNP: fix kernel-doc markups 2020-10-27 19:23:04 +01:00
power ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
powercap powercap: Fix typo in Kconfig "Plance" -> "Plane" 2020-10-19 17:40:53 +02:00
pps
ps3
ptp
pwm ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
rapidio rapidio: fix the missed put_device() for rio_mport_add_riodev 2020-10-16 11:11:22 -07:00
ras
regulator Merge remote-tracking branch 'regulator/for-5.10' into regulator-next 2020-10-05 16:54:56 +01:00
remoteproc remoteproc updates for v5.10 2020-10-22 12:56:33 -07:00
reset ARM: SoC-related driver updates 2020-10-24 10:39:22 -07:00
rpmsg rpmsg updates for 5.10 2020-10-22 12:58:21 -07:00
rtc RTC for 5.10 2020-10-21 11:22:08 -07:00
s390 s390/ism: fix incorrect system EID 2020-10-26 16:29:14 -07:00
sbus
scsi SCSI fixes on 20201030 2020-10-31 12:21:04 -07:00
sfi
sh
siox
slimbus
soc soc: ti: ti_sci_pm_domains: check for proper args count in xlate 2020-10-29 22:13:38 +01:00
soundwire soundwire updates for 5.10-rc1 2020-10-01 22:59:55 +02:00
spi ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
spmi
ssb
staging staging: fieldbus: anybuss: jump to correct label in an error path 2020-10-27 13:24:51 +01:00
target scsi: target: tcmu: Replace zero-length array with flexible-array member 2020-10-29 17:22:59 -05:00
tc
tee Reenable kernel login method for kernel TEE client API 2020-10-26 10:55:56 +01:00
thermal treewide: Convert macro and uses of __section(foo) to __section("foo") 2020-10-25 14:51:49 -07:00
thunderbolt
tty vt_ioctl: fix GIO_UNIMAP regression 2020-10-28 13:41:17 +01:00
uio
usb 4 bug fixes for Cadence 3 driver. 2020-10-30 11:46:49 +01:00
vdpa vhost,vdpa: fixes 2020-10-31 14:41:48 -07:00
vfio VFIO updates for v5.10-rc1 2020-10-22 13:00:44 -07:00
vhost vdpa: handle irq bypass register failure case 2020-10-30 04:02:53 -04:00
video drm-misc-next for 5.11: 2020-11-04 11:49:10 +10:00
virt virt: vbox: simplify the return expression of vbg_input_open() 2020-10-02 11:36:13 +02:00
virtio vhost,vdpa,virtio: cleanups, fixes 2020-10-23 11:00:57 -07:00
visorbus
vlynq
vme
w1 w1: w1_therm: make w1_poll_completion static 2020-10-05 14:49:24 +02:00
watchdog ARM: SoC platform updates 2020-10-24 10:33:08 -07:00
xen xen: branch for v5.10-rc1c 2020-10-25 10:55:35 -07:00
zorro
Kconfig
Makefile