mainlining shenanigans
Go to file
Hans Verkuil 79687057c2 drm/msm: NULL pointer dereference in drivers/gpu/drm/msm/msm_gem_vma.c
While I was testing the upcoming adv7533 CEC support with my Dragonboard c410
I encountered this NULL pointer dereference:

[   17.912822] Unable to handle kernel NULL pointer dereference at virtual address 000000e8
[   17.917191] user pgtable: 4k pages, 48-bit VAs, pgd = ffff800030e9f000
[   17.925249] [00000000000000e8] *pgd=00000000b0daf003, *pud=0000000000000000
[   17.931650] Internal error: Oops: 96000005 [#1] PREEMPT SMP
[   17.938395] Modules linked in: btqcomsmd btqca arc4 wcn36xx mac80211 bluetooth cfg80211 ecdh_generic r8152 snd_soc_hdmi_codec adv7511 cec
qcom_wcnss_pil msm mdt_loader drm_kms_helper msm_rng rng_core drm
[   17.943967] CPU: 0 PID: 1684 Comm: Xorg Tainted: G        W       4.13.0-rc1-dragonboard #111
[   17.962005] Hardware name: Qualcomm Technologies, Inc. APQ 8016 SBC (DT)
[   17.970685] task: ffff800031236c00 task.stack: ffff800033fbc000
[   17.977582] PC is at msm_gem_unmap_vma+0x20/0x80 [msm]
[   17.983213] LR is at put_iova+0x60/0xb8 [msm]
[   17.988303] pc : [<ffff000000ac2d58>] lr : [<ffff000000ac07c8>] pstate: 20000145
[   17.992733] sp : ffff800033fbfb30
[   18.000193] x29: ffff800033fbfb30 x28: ffff800030b5f000
[   18.003407] x27: 00000000000000b4 x26: ffff0000009f8cd8
[   18.008789] x25: 0000000000000004 x24: dead000000000100
[   18.014085] x23: dead000000000200 x22: ffff800030b5fd40
[   18.019379] x21: ffff800030b5fc00 x20: 0000000000000000
[   18.024675] x19: ffff80003082bf00 x18: 0000000000000000
[   18.029970] x17: 0000ffffb3347e70 x16: ffff000008207638
[   18.035265] x15: 0000000000000053 x14: 0000000000000000
[   18.040560] x13: 0000000000000038 x12: 0101010101010101
[   18.045855] x11: 7f7f7f7f7f7f7f7f x10: 0000000000000040
[   18.051150] x9 : ffff800030b5f038 x8 : ffff800031657b50
[   18.056446] x7 : ffff800031657b78 x6 : 0000000000000000
[   18.061740] x5 : 0000000000000000 x4 : 00000000b5c01000
[   18.067036] x3 : 0000000000000000 x2 : ffff8000337bf300
[   18.072330] x1 : ffff80003082bf00 x0 : 0000000000000000
[   18.077629] Process Xorg (pid: 1684, stack limit = 0xffff800033fbc000)
[   18.082925] Stack: (0xffff800033fbfb30 to 0xffff800033fc0000)
[   18.089262] fb20:                                   ffff800033fbfb60 ffff000000ac07c8
[   18.095081] fb40: ffff80003082bf00 ffff800030b5fc90 ffff800030b5fc00 ffff000000abf4a0
[   18.102893] fb60: ffff800033fbfba0 ffff000000ac16b0 ffff800030b5fc00 ffff8000338ff870
[   18.110706] fb80: ffff8000338ff800 ffff800030b5fc00 ffff800030b5fda8 ffff800033fbfd80
[   18.118518] fba0: ffff800033fbfbe0 ffff0000009d4244 ffff800030b5fc00 ffff800030b5f038
[   18.126332] fbc0: ffff800033fbfbd0 ffff800030b5fc00 ffff800030b5f038 ffff0000009d4840
[   18.134144] fbe0: ffff800033fbfbf0 ffff0000009d4858 ffff800033fbfc10 ffff0000009d48e4
[   18.141955] fc00: ffff800030b5fc00 ffff8000338ffd98 ffff800033fbfc30 ffff0000009d49a4
[   18.149768] fc20: ffff800030b5fc00 ffff800030b5f000 ffff800033fbfc60 ffff0000009d4a4c
[   18.157581] fc40: ffff800030b5f050 ffff800030b5f000 0000000000000001 ffff800030b5fc00
[   18.165394] fc60: ffff800033fbfca0 ffff0000009d4ab0 0000000000000018 ffff800030b5f000
[   18.173206] fc80: ffff0000009efd28 ffff800033fbfd80 ffff8000338ff800 ffff0000009d56a8
[   18.181019] fca0: ffff800033fbfcb0 ffff0000009efd54 ffff800033fbfcc0 ffff0000009d56c8
[   18.188831] fcc0: ffff800033fbfd00 ffff0000009d58e0 ffff0000009fa6e0 00000000c00464b4
[   18.196643] fce0: 0000000000000004 ffff80003082b400 0000ffffea1f0e00 0000000000000000
[   18.204456] fd00: ffff800033fbfe00 ffff000008206f0c ffff80000335caf8 ffff80003082b400
[   18.212269] fd20: 0000ffffea1f0e00 ffff80003082b400 00000000c00464b4 0000ffffea1f0e00
[   18.220081] fd40: 0000000000000124 000000000000001d ffff0000089d2000 ffff800031236c00
[   18.227894] fd60: ffff800033fbfd80 0000000000000004 ffff0000009efd28 ffff800033fbfd80
[   18.235706] fd80: 0000000100000001 0000008000000001 0000001800000020 0000000000000001
[   18.243518] fda0: 0000000100000000 0000000100000001 0000ffff00000000 0000ffff00000000
[   18.251331] fdc0: 0000000000000124 0000000000000038 ffff0000089d2000 ffff800031236c00
[   18.259144] fde0: ffff800033fbfe40 ffff000008214124 ffff800033fbfe30 ffff000008203290
[   18.266956] fe00: ffff800033fbfe80 ffff0000082076b4 0000000000000000 ffff800030d8a000
[   18.274768] fe20: ffff80003082b400 0000000000000016 ffff800033fbfe50 ffff0000081f0488
[   18.282581] fe40: ffff800033fbfe80 ffff000008207678 0000000000000000 ffff80003082b400
[   18.290393] fe60: ffff800033fbfe70 ffff0000082138b0 ffff800033fbfe80 ffff000008207658
[   18.298207] fe80: 0000000000000000 ffff000008082f84 0000000000000000 0000800034a16000
[   18.306017] fea0: ffffffffffffffff 0000ffffb3347e7c 0000000000000000 0000000000000015
[   18.313832] fec0: 0000000000000016 00000000c00464b4 0000ffffea1f0e00 0000000000000001
[   18.321643] fee0: 0000000000000020 0000000000000080 0000000000000001 0000000000000000
[   18.329456] ff00: 000000000000001d 000000012692c5b0 0101010101010101 7f7f7f7f7f7f7f7f
[   18.337269] ff20: 0101010101010101 0000000000000038 0000000000000000 0000000000000053
[   18.345082] ff40: 0000ffffb368b2b8 0000ffffb3347e70 0000000000000000 0000ffffb3847000
[   18.352894] ff60: 0000ffffea1f0e00 00000000c00464b4 0000000000000016 0000ffffea1f0edc
[   18.360705] ff80: 000000012692ad20 0000000000000003 00000001214282e4 0000000121428388
[   18.368518] ffa0: 0000000000000000 0000ffffea1f0da0 0000ffffb367185c 0000ffffea1f0da0
[   18.376332] ffc0: 0000ffffb3347e7c 0000000000000000 0000000000000016 000000000000001d
[   18.384142] ffe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[   18.391953] Call trace:
[   18.399760] Exception stack(0xffff800033fbf950 to 0xffff800033fbfa80)
[   18.402023] f940:                                   ffff80003082bf00 0001000000000000
[   18.408622] f960: ffff800033fbfb30 ffff000000ac2d58 0000000020000145 ffff8000338ffa78
[   18.416435] f980: 0000000000000000 0000000000000000 ffff800033fbf9e0 ffff0000089afcf0
[   18.424248] f9a0: ffff80000348f230 ffff8000338ffa78 0000000000000000 0000000000000000
[   18.432060] f9c0: ffff8000338ffaa8 0000000000000001 ffff800033fbfb80 ffff0000009e8f38
[   18.439872] f9e0: ffff800033fbfa10 ffff0000089a9ff8 0000000000000027 ffff80003082b918
[   18.447684] fa00: 0000000000000000 ffff80003082bf00 ffff8000337bf300 0000000000000000
[   18.455497] fa20: 00000000b5c01000 0000000000000000 0000000000000000 ffff800031657b78
[   18.463310] fa40: ffff800031657b50 ffff800030b5f038 0000000000000040 7f7f7f7f7f7f7f7f
[   18.471122] fa60: 0101010101010101 0000000000000038 0000000000000000 0000000000000053
[   18.479062] [<ffff000000ac2d58>] msm_gem_unmap_vma+0x20/0x80 [msm]
[   18.486862] [<ffff000000ac07c8>] put_iova+0x60/0xb8 [msm]
[   18.492938] [<ffff000000ac16b0>] msm_gem_free_object+0x60/0x198 [msm]
[   18.498432] [<ffff0000009d4244>] drm_gem_object_free+0x1c/0x58 [drm]
[   18.504854] [<ffff0000009d4858>] drm_gem_object_put_unlocked+0x90/0xa0 [drm]
[   18.511273] [<ffff0000009d48e4>] drm_gem_object_handle_put_unlocked+0x64/0xd0 [drm]
[   18.518300] [<ffff0000009d49a4>] drm_gem_object_release_handle+0x54/0x98 [drm]
[   18.525679] [<ffff0000009d4a4c>] drm_gem_handle_delete+0x64/0xb8 [drm]
[   18.532968] [<ffff0000009d4ab0>] drm_gem_dumb_destroy+0x10/0x18 [drm]
[   18.539479] [<ffff0000009efd54>] drm_mode_destroy_dumb_ioctl+0x2c/0x40 [drm]
[   18.545992] [<ffff0000009d56c8>] drm_ioctl_kernel+0x68/0xe0 [drm]
[   18.553105] [<ffff0000009d58e0>] drm_ioctl+0x178/0x3b0 [drm]
[   18.558970] [<ffff000008206f0c>] do_vfs_ioctl+0xa4/0x7d0
[   18.564694] [<ffff0000082076b4>] SyS_ioctl+0x7c/0x98
[   18.569992] [<ffff000008082f84>] el0_svc_naked+0x38/0x3c
[   18.574941] Code: a90153f3 aa0003f4 f90013f5 aa0103f3 (f9407400)
[   18.580502] ---[ end trace b1ac6888ec40b0be ]---

It turns out that the aspace argument in msm_gem_unmap_vma() is NULL.

Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
[Note: this case gets hit with !IOMMU config]
Signed-off-by: Rob Clark <robdclark@gmail.com>
2017-08-01 18:41:16 -04:00
arch Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-07-30 12:19:35 -07:00
block blk-mq: map queues to all present CPUs 2017-07-24 10:01:31 -06:00
certs modsign: add markers to endif-statements in certs/Makefile 2017-07-14 11:01:37 +10:00
crypto crypto: authencesn - Fix digest_null crash 2017-07-18 17:01:11 +08:00
Documentation Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-07-28 12:31:49 -07:00
drivers drm/msm: NULL pointer dereference in drivers/gpu/drm/msm/msm_gem_vma.c 2017-08-01 18:41:16 -04:00
firmware firmware/Makefile: force recompilation if makefile changes 2017-05-08 17:15:10 -07:00
fs More NFS client bugfixes for 4.13 2017-07-28 14:44:56 -07:00
include Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-07-30 11:54:08 -07:00
init random: do not ignore early device randomness 2017-07-12 16:26:00 -07:00
ipc ipc/util.h: update documentation for ipc_getref() and ipc_putref() 2017-07-12 16:26:02 -07:00
kernel Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-07-30 11:54:08 -07:00
lib uuid: fix incorrect uuid_equal conversion in test_uuid_test 2017-07-21 09:38:30 +02:00
mm Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-15 12:00:42 -07:00
net NFS client bugfixes for 4.13 2017-07-21 16:26:01 -07:00
samples Merge branch 'akpm' (patches from Andrew) 2017-07-13 12:38:49 -07:00
scripts DeviceTree fixes for 4.13: 2017-07-28 17:21:41 -07:00
security Now that IPC and other changes have landed, enable manual markings for 2017-07-19 08:55:18 -07:00
sound sound fixes for 4.13-rc3 2017-07-27 10:44:28 -07:00
tools tools/kvm_stat: add '-f help' to get the available event list 2017-07-26 19:04:53 +02:00
usr ramfs: clarify help text that compression applies to ramfs as well as legacy ramdisk. 2017-07-06 16:24:30 -07:00
virt KVM: make pid available for uevents without debugfs 2017-07-26 18:57:44 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
COPYING
CREDITS avr32: remove support for AVR32 architecture 2017-05-01 09:27:15 +02:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig
MAINTAINERS Properly alphabetize MAINTAINERS file 2017-07-23 16:06:21 -07:00
Makefile Linux 4.13-rc3 2017-07-30 12:40:36 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.