github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
f6619ef750
linux/drivers
History
Wang, Rui Y f6619ef750 drm/mgag200: fix kernel hang in cursor code. 
The machine hang completely with the following message on the console:

[  487.777538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000060
[  487.777554] IP: [<ffffffff8158aaee>] _raw_spin_lock+0xe/0x30
[  487.777557] PGD 42e9f7067 PUD 42f2fa067 PMD 0
[  487.777560] Oops: 0002 [#1] SMP
...
[  487.777618] CPU: 21 PID: 3190 Comm: Xorg Tainted: G            E   4.4.0-rc1-3-default+ #6
[  487.777620] Hardware name: Intel Corporation BRICKLAND/BRICKLAND, BIOS BRHSXSD1.86B.0059.R00.1501081238 01/08/2015
[  487.777621] task: ffff880853ae4680 ti: ffff8808696d4000 task.ti: ffff8808696d4000
[  487.777625] RIP: 0010:[<ffffffff8158aaee>]  [<ffffffff8158aaee>] _raw_spin_lock+0xe/0x30
[  487.777627] RSP: 0018:ffff8808696d79c0  EFLAGS: 00010246
[  487.777628] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  487.777629] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000060
[  487.777630] RBP: ffff8808696d79e0 R08: 0000000000000000 R09: ffff88086924a780
[  487.777631] R10: 000000000001bb40 R11: 0000000000003246 R12: 0000000000000000
[  487.777632] R13: ffff880463a27360 R14: ffff88046ca50218 R15: 0000000000000080
[  487.777634] FS:  00007f3f81c5a8c0(0000) GS:ffff88086f060000(0000) knlGS:0000000000000000
[  487.777635] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  487.777636] CR2: 0000000000000060 CR3: 000000042e678000 CR4: 00000000001406e0
[  487.777638] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  487.777639] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  487.777639] Stack:
[  487.777642]  ffffffffa00eb5fa ffff8808696d7b60 ffff88086b87d800 0000000000000000
[  487.777644]  ffff8808696d7ac8 ffffffffa01694b6 ffff8808696d7ae8 ffffffff8109c8d5
[  487.777647]  ffff880469158740 ffff880463a27000 ffff88086b87d800 ffff88086b87d800
[  487.777647] Call Trace:
[  487.777674]  [<ffffffffa00eb5fa>] ? drm_gem_object_lookup+0x1a/0xa0 [drm]
[  487.777681]  [<ffffffffa01694b6>] mga_crtc_cursor_set+0xc6/0xb60 [mgag200]
[  487.777691]  [<ffffffff8109c8d5>] ? find_busiest_group+0x35/0x4a0
[  487.777696]  [<ffffffff81086294>] ? __might_sleep+0x44/0x80
[  487.777699]  [<ffffffff815888c2>] ? __ww_mutex_lock+0x22/0x9c
[  487.777722]  [<ffffffffa0104f64>] ? drm_modeset_lock+0x34/0xf0 [drm]
[  487.777733]  [<ffffffffa0148d9e>] restore_fbdev_mode+0xee/0x2a0 [drm_kms_helper]
[  487.777742]  [<ffffffffa014afce>] drm_fb_helper_restore_fbdev_mode_unlocked+0x2e/0x70 [drm_kms_helper]
[  487.777748]  [<ffffffffa014b037>] drm_fb_helper_set_par+0x27/0x50 [drm_kms_helper]
[  487.777752]  [<ffffffff8134560c>] fb_set_var+0x18c/0x3f0
[  487.777777]  [<ffffffffa02a9b0a>] ? __ext4_handle_dirty_metadata+0x8a/0x210 [ext4]
[  487.777783]  [<ffffffff8133cb97>] fbcon_blank+0x1b7/0x2b0
[  487.777790]  [<ffffffff813be2a3>] do_unblank_screen+0xb3/0x1c0
[  487.777795]  [<ffffffff813b5aba>] vt_ioctl+0x118a/0x1210
[  487.777801]  [<ffffffff813a8fe0>] tty_ioctl+0x3f0/0xc90
[  487.777808]  [<ffffffff81172018>] ? kzfree+0x28/0x30
[  487.777813]  [<ffffffff811e053f>] ? mntput+0x1f/0x30
[  487.777817]  [<ffffffff811d3f5d>] do_vfs_ioctl+0x30d/0x570
[  487.777822]  [<ffffffff8107ed3a>] ? task_work_run+0x8a/0xa0
[  487.777825]  [<ffffffff811d4234>] SyS_ioctl+0x74/0x80
[  487.777829]  [<ffffffff8158aeae>] entry_SYSCALL_64_fastpath+0x12/0x71
[  487.777851] Code: 65 ff 0d ce 02 a8 7e 5d c3 ba 01 00 00 00 f0 0f b1 17 85 c0 75 e8 b0 01 5d c3 0f 1f 00 65 ff 05 b1 02 a8 7e 31 c0 ba 01 00 00 00 <f0> 0f b1 17 85 c0 75 01 c3 55 89 c6 48 89 e5 e8 4e f5 b1 ff 5d
[  487.777854] RIP  [<ffffffff8158aaee>] _raw_spin_lock+0xe/0x30
[  487.777855]  RSP <ffff8808696d79c0>
[  487.777856] CR2: 0000000000000060
[  487.777860] ---[ end trace 672a2cd555e0ebd3 ]---

The cursor code may be entered with file_priv == NULL && handle == NULL.
The problem was introduced by:

"bf89209 drm/mga200g: Hold a proper reference for cursor_set"

which calls drm_gem_object_lookup(dev, file_priv...). Previously this wasn't
a problem because we checked the handle. Move the check early in the function
can fix the problem.

Signed-off-by: Rui Wang <rui.y.wang@intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2015-11-19 13:20:01 +10:00
..
accessibility
acpi More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
amba
android
ata SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
atm
auxdisplay
base More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2015-11-13 09:24:40 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
bus ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
cdrom
char Merge tag 'tpmdd-next-20151110' of https://github.com/jsakkine/linux-tpmdd into for-linus 2015-11-12 20:38:04 +11:00
clk h8300 update for v4.4 2015-11-12 15:26:39 -08:00
clocksource Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-11-15 09:10:53 -08:00
connector mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
cpufreq More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-11-17 09:40:05 -08:00
dca
devfreq
dio
dma dmaengine updates for 4.4-rc1 2015-11-10 10:05:17 -08:00
dma-buf dma-buf/fence: add fence_wait_any_timeout function v2 2015-10-30 01:16:16 -04:00
edac asm-generic cleanups 2015-11-06 14:22:15 -08:00
eisa
extcon
firewire IEEE 1394 subsystem patch: 2015-11-11 10:21:34 -08:00
firmware ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
fmc
fpga fpga: socfpga: Fix check of return value of devm_request_irq 2015-10-29 15:20:25 -07:00
gpio asm-generic cleanups 2015-11-06 14:22:15 -08:00
gpu drm/mgag200: fix kernel hang in cursor code. 2015-11-19 13:20:01 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2015-11-07 12:49:27 -08:00
hsi hsi: controllers:remove redundant code 2015-10-30 16:10:40 +01:00
hv drivers/hv: share Hyper-V SynIC constants with userspace 2015-11-04 16:24:33 +01:00
hwmon hwmon: (scpi) skip unsupported sensors properly 2015-11-16 09:59:50 -08:00
hwspinlock
hwtracing Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
i2c Merge branch 'i2c/for-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-11-10 11:58:25 -08:00
ide mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
idle
iio spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
infiniband SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-11-13 21:41:14 -08:00
iommu s390/pci_dma: handle dma table failures 2015-11-09 09:10:49 +01:00
ipack
irqchip Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-11-15 09:10:53 -08:00
isdn TTY/Serial driver patches for 4.4-rc1 2015-11-04 21:35:12 -08:00
leds spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
lguest
lightnvm block: change ->make_request_fn() and users to return a queue cookie 2015-11-07 10:40:46 -07:00
macintosh
mailbox mailbox: mailbox-test: avoid reading iomem twice 2015-11-04 14:03:04 +05:30
mcb mcb: Destroy IDA on module unload 2015-10-29 09:02:16 +09:00
md Merge branch 'for-4.4/io-poll' of git://git.kernel.dk/linux-block 2015-11-10 17:23:49 -08:00
media netup_unidvb: use pci_set_dma_mask insted of pci_dma_supported 2015-11-10 16:32:11 -08:00
memory ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
memstick
message SCSI queue for 4.4. 2015-11-12 07:06:18 -05:00
mfd asm-generic cleanups 2015-11-06 14:22:15 -08:00
misc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
mmc spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
mtd This pull request includes the following UBI/UBIFS changes: 2015-11-10 16:35:06 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-17 13:52:59 -08:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
ntb NTB: fix 32-bit compiler warning 2015-11-08 16:24:43 -05:00
nubus
nvdimm libnvdimm, pmem: fix size trim in pmem_direct_access() 2015-11-12 09:55:23 -08:00
nvme NVMe: add support for Apple NVMe controller 2015-11-11 09:36:57 -07:00
nvmem
of More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
oprofile
parisc pci: remove pci_dma_supported 2015-11-10 16:32:11 -08:00
parport
pci More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
pcmcia
perf arm64 updates for 4.4: 2015-11-04 14:47:13 -08:00
phy phy: qcom-ufs: fix build error when the component is built as a module 2015-11-09 17:44:24 -05:00
pinctrl This is the bulk of GPIO changes for v4.4: 2015-11-02 12:59:12 -08:00
platform platform/chrome: Branch for v4.4 2015-11-13 21:53:18 -08:00
pnp
power - New Device Support 2015-11-06 10:23:50 -08:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
rapidio
ras
regulator spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
remoteproc
reset
rpmsg
rtc RTC for 4.4 2015-11-10 10:01:21 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-11-18 08:59:29 -08:00
sbus
scsi SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
sfi
sh
sn
soc ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/ti-qspi' and 'spi/topic/txx9' into spi-next 2015-11-04 11:02:16 +00:00
spmi char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
ssb ssb: add Kconfig entry for compiling SoC related code 2015-10-28 21:05:21 +02:00
staging Merge branch 'for-4.4/io-poll' of git://git.kernel.dk/linux-block 2015-11-10 17:23:49 -08:00
target SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
tc
thermal thermal: rockchip: fix compile error 2015-11-11 19:52:39 -08:00
thunderbolt
tty asm-generic cleanups 2015-11-06 14:22:15 -08:00
uio
usb SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
uwb driver core update for 4.4-rc1 2015-11-04 21:50:37 -08:00
vfio VFIO updates for v4.4-rc1 2015-11-13 17:05:32 -08:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
video fbdev changes for 4.4 2015-11-10 10:00:09 -08:00
virt
virtio
vlynq
vme char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
w1 power supply and reset changes for the v4.4 series 2015-11-05 12:28:15 -08:00
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2015-11-10 10:11:12 -08:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
zorro
Kconfig char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
Makefile char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00