[PATCH 5.4.y 0/2] 5.4.y missing upstream commits 7beb691f and 51f644b4, causing: WARNING in vkms_vblank_simulate
During Syzkaller reproducer testing on 5.4.y (5.4.121-rc1) the following warning occurred:
WARNING in vkms_vblank_simulate https://syzkaller.appspot.com//bug?id=0ba17d70d062b2595e1f061231474800f076c7...
These 2 upstream commits are needed to fix the warning: 7beb691f drm: Initialize struct drm_crtc_state.no_vblank from device settings 51f644b4 drm/atomic-helper: reset vblank on crtc reset
51f644b4 has conflicts (which were resolved).
[ 101.335429] ------------[ cut here ]------------ [ 101.336576] WARNING: CPU: 1 PID: 0 at drivers/gpu/drm/vkms/vkms_crtc.c:91 vkms_get_vblank_timestamp+0x10a/0x140 [ 101.338952] Modules linked in: [ 101.339701] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.121-rc1-syzk #1 [ 101.344331] RIP: 0010:vkms_get_vblank_timestamp+0x10a/0x140 [ 101.345660] Code: 03 80 3c 02 00 75 4f 4d 2b b5 80 10 00 00 4d 89 34 24 e8 d9 4e a7 fc b8 01 00 00 00 5b 41 5c 41 5d 41 5e 5d c3 e8 c6 4e a7 fc <0f> 0b eb e4 e8 3d a0 e6 fc e9 27 ff ff ff e8 33 a0 e6 fc eb 91 4c [ 101.351293] RAX: ffff888107a65d00 RBX: 000000179647991a RCX: ffffffff84cde2af [ 101.352976] RDX: 0000000000000100 RSI: ffffffff84cde2fa RDI: 0000000000000006 [ 101.354662] RBP: ffff88810b289ba8 R08: ffff888107a65d00 R09: ffffed1021651398 [ 101.356361] R10: ffffed1021651398 R11: 0000000000000003 R12: ffff88810b289cb0 [ 101.358037] R13: ffff88810a89c000 R14: 000000179647991a R15: 0000000000004e20 [ 101.359718] FS: 0000000000000000(0000) GS:ffff88810b280000(0000) knlGS:0000000000000000 [ 101.361627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.362992] CR2: 00007f82b0154000 CR3: 0000000109460000 CR4: 00000000000006e0 [ 101.364684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.366369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.368043] Call Trace: [ 101.368652] <IRQ> [ 101.369159] ? vkms_crtc_atomic_flush+0x2d0/0x2d0 [ 101.370296] drm_get_last_vbltimestamp+0x106/0x1b0 [ 101.371446] ? drm_crtc_set_max_vblank_count+0x1a0/0x1a0 [ 101.372715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.374001] drm_update_vblank_count+0x17a/0x800 [ 101.375107] ? store_vblank+0x1d0/0x1d0 [ 101.376038] ? __kasan_check_write+0x14/0x20 [ 101.377071] drm_vblank_disable_and_save+0x13a/0x3d0 [ 101.378265] ? vblank_disable_fn+0x101/0x180 [ 101.379296] vblank_disable_fn+0x14b/0x180 [ 101.380282] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.381508] call_timer_fn+0x50/0x310 [ 101.382393] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.383621] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.384849] run_timer_softirq+0x76f/0x13e0 [ 101.385857] ? del_timer_sync+0xb0/0xb0 [ 101.386792] ? irq_work_interrupt+0xf/0x20 [ 101.387776] ? irq_work_interrupt+0xa/0x20 [ 101.388761] __do_softirq+0x18d/0x623 [ 101.389647] irq_exit+0x1fc/0x220 [ 101.390454] smp_apic_timer_interrupt+0xf0/0x380 [ 101.391565] apic_timer_interrupt+0xf/0x20 [ 101.392547] </IRQ> [ 101.393073] RIP: 0010:native_safe_halt+0x12/0x20 [ 101.394178] Code: 96 fe ff ff 48 89 df e8 ac c1 fc f3 eb 92 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 10 ee 50 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 [ 101.398541] RSP: 0018:ffff888107aafd48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 101.400326] RAX: ffffffff8db7b830 RBX: ffff888107a65d00 RCX: ffffffff8db7c532 [ 101.402004] RDX: 1ffff11020f4cba0 RSI: 0000000000000008 RDI: ffff888107a65d00 [ 101.403680] RBP: ffff888107aafd48 R08: ffffed1020f4cba1 R09: ffffed1020f4cba1 [ 101.405361] R10: ffffed1020f4cba0 R11: ffff888107a65d07 R12: 0000000000000001 [ 101.407041] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 101.408729] ? __cpuidle_text_start+0x8/0x8 [ 101.409735] ? default_idle_call+0x32/0x70 [ 101.410722] default_idle+0x24/0x2c0 [ 101.411589] arch_cpu_idle+0x15/0x20 [ 101.412459] default_idle_call+0x5f/0x70 [ 101.413405] do_idle+0x30f/0x3d0 [ 101.414185] ? arch_cpu_idle_exit+0x40/0x40 [ 101.415188] ? complete+0x67/0x80 [ 101.415992] cpu_startup_entry+0x1d/0x20 [ 101.416937] start_secondary+0x2ec/0x3d0 [ 101.417879] ? set_cpu_sibling_map+0x2620/0x2620 [ 101.418986] secondary_startup_64+0xb6/0xc0 [ 101.420001] ---[ end trace 6143b67a4d795a3a ]---
Daniel Vetter (1): drm/atomic-helper: reset vblank on crtc reset
Thomas Zimmermann (1): drm: Initialize struct drm_crtc_state.no_vblank from device settings
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++--- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++--- drivers/gpu/drm/drm_atomic_helper.c | 10 ++++++- drivers/gpu/drm/drm_atomic_state_helper.c | 4 +++ drivers/gpu/drm/drm_vblank.c | 28 +++++++++++++++++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +---- drivers/gpu/drm/tegra/dc.c | 1 - include/drm/drm_crtc.h | 34 +++++++++++++++++++----- include/drm/drm_simple_kms_helper.h | 7 +++-- include/drm/drm_vblank.h | 1 + 14 files changed, 84 insertions(+), 36 deletions(-)
From: Thomas Zimmermann tzimmermann@suse.de
At the end of a commit, atomic helpers can generate a fake VBLANK event automatically. Originally implemented for writeback connectors, the functionality can be used by any driver and/or hardware without proper VBLANK interrupt.
The patch updates the documentation to make this behaviour official: settings struct drm_crtc_state.no_vblank to true enables automatic generation of fake VBLANK events.
The new interface drm_dev_has_vblank() returns true if vblanking has been initialized for a device, or false otherwise. Atomic helpers use this function when initializing no_vblank in the CRTC state in drm_atomic_helper_check_modeset(). If vblanking has been initialized for a device, no_blank is disabled. Otherwise it's enabled. Hence, atomic helpers will automatically send out fake VBLANK events with any driver that did not initialize vblanking.
v5: * more precise documentation and commit message v4: * replace drm_crtc_has_vblank() with drm_dev_has_vblank() * add drm_dev_has_vblank() in this patch * move driver changes into separate patches v3: * squash all related changes patches into this patch
Signed-off-by: Thomas Zimmermann tzimmermann@suse.de Acked-by: Gerd Hoffmann kraxel@redhat.com Reviewed-by: Daniel Vetter daniel.vetter@ffwll.ch Link: https://patchwork.freedesktop.org/patch/msgid/20200129120531.6891-2-tzimmerm... (cherry picked from commit 7beb691f1e6f349c9df3384a85e7a53c5601aaaf) Signed-off-by: George Kennedy george.kennedy@oracle.com --- drivers/gpu/drm/drm_atomic_helper.c | 10 +++++++++- drivers/gpu/drm/drm_vblank.c | 28 ++++++++++++++++++++++++++++ include/drm/drm_crtc.h | 34 +++++++++++++++++++++++++++------- include/drm/drm_simple_kms_helper.h | 7 +++++-- include/drm/drm_vblank.h | 1 + 5 files changed, 70 insertions(+), 10 deletions(-)
diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c index 5e906ea..9a5eb76 100644 --- a/drivers/gpu/drm/drm_atomic_helper.c +++ b/drivers/gpu/drm/drm_atomic_helper.c @@ -588,6 +588,7 @@ static enum drm_mode_status mode_valid_path(struct drm_connector *connector, * &drm_crtc_state.connectors_changed is set when a connector is added or * removed from the crtc. &drm_crtc_state.active_changed is set when * &drm_crtc_state.active changes, which is used for DPMS. + * &drm_crtc_state.no_vblank is set from the result of drm_dev_has_vblank(). * See also: drm_atomic_crtc_needs_modeset() * * IMPORTANT: @@ -654,6 +655,11 @@ static enum drm_mode_status mode_valid_path(struct drm_connector *connector,
return -EINVAL; } + + if (drm_dev_has_vblank(dev)) + new_crtc_state->no_vblank = false; + else + new_crtc_state->no_vblank = true; }
ret = handle_conflicting_encoders(state, false); @@ -2202,7 +2208,9 @@ void drm_atomic_helper_wait_for_dependencies(struct drm_atomic_state *old_state) * when a job is queued, and any change to the pipeline that does not touch the * connector is leading to timeouts when calling * drm_atomic_helper_wait_for_vblanks() or - * drm_atomic_helper_wait_for_flip_done(). + * drm_atomic_helper_wait_for_flip_done(). In addition to writeback + * connectors, this function can also fake VBLANK events for CRTCs without + * VBLANK interrupt. * * This is part of the atomic helper support for nonblocking commits, see * drm_atomic_helper_setup_commit() for an overview. diff --git a/drivers/gpu/drm/drm_vblank.c b/drivers/gpu/drm/drm_vblank.c index 552ec82..c98ed814 100644 --- a/drivers/gpu/drm/drm_vblank.c +++ b/drivers/gpu/drm/drm_vblank.c @@ -69,6 +69,12 @@ * &drm_driver.max_vblank_count. In that case the vblank core only disables the * vblanks after a timer has expired, which can be configured through the * ``vblankoffdelay`` module parameter. + * + * Drivers for hardware without support for vertical-blanking interrupts + * must not call drm_vblank_init(). For such drivers, atomic helpers will + * automatically generate fake vblank events as part of the display update. + * This functionality also can be controlled by the driver by enabling and + * disabling struct drm_crtc_state.no_vblank. */
/* Retry timestamp calculation up to 3 times to satisfy @@ -489,6 +495,28 @@ int drm_vblank_init(struct drm_device *dev, unsigned int num_crtcs) EXPORT_SYMBOL(drm_vblank_init);
/** + * drm_dev_has_vblank - test if vblanking has been initialized for + * a device + * @dev: the device + * + * Drivers may call this function to test if vblank support is + * initialized for a device. For most hardware this means that vblanking + * can also be enabled. + * + * Atomic helpers use this function to initialize + * &drm_crtc_state.no_vblank. See also drm_atomic_helper_check_modeset(). + * + * Returns: + * True if vblanking has been initialized for the given device, false + * otherwise. + */ +bool drm_dev_has_vblank(const struct drm_device *dev) +{ + return dev->num_crtcs != 0; +} +EXPORT_SYMBOL(drm_dev_has_vblank); + +/** * drm_crtc_vblank_waitqueue - get vblank waitqueue for the CRTC * @crtc: which CRTC's vblank waitqueue to retrieve * diff --git a/include/drm/drm_crtc.h b/include/drm/drm_crtc.h index 408b6f4..ebcce95 100644 --- a/include/drm/drm_crtc.h +++ b/include/drm/drm_crtc.h @@ -175,12 +175,25 @@ struct drm_crtc_state { * @no_vblank: * * Reflects the ability of a CRTC to send VBLANK events. This state - * usually depends on the pipeline configuration, and the main usuage - * is CRTCs feeding a writeback connector operating in oneshot mode. - * In this case the VBLANK event is only generated when a job is queued - * to the writeback connector, and we want the core to fake VBLANK - * events when this part of the pipeline hasn't changed but others had - * or when the CRTC and connectors are being disabled. + * usually depends on the pipeline configuration. If set to true, DRM + * atomic helpers will send out a fake VBLANK event during display + * updates after all hardware changes have been committed. This is + * implemented in drm_atomic_helper_fake_vblank(). + * + * One usage is for drivers and/or hardware without support for VBLANK + * interrupts. Such drivers typically do not initialize vblanking + * (i.e., call drm_vblank_init() with the number of CRTCs). For CRTCs + * without initialized vblanking, this field is set to true in + * drm_atomic_helper_check_modeset(), and a fake VBLANK event will be + * send out on each update of the display pipeline by + * drm_atomic_helper_fake_vblank(). + * + * Another usage is CRTCs feeding a writeback connector operating in + * oneshot mode. In this case the fake VBLANK event is only generated + * when a job is queued to the writeback connector, and we want the + * core to fake VBLANK events when this part of the pipeline hasn't + * changed but others had or when the CRTC and connectors are being + * disabled. * * __drm_atomic_helper_crtc_duplicate_state() will not reset the value * from the current state, the CRTC driver is then responsible for @@ -336,7 +349,14 @@ struct drm_crtc_state { * - Events for disabled CRTCs are not allowed, and drivers can ignore * that case. * - * This can be handled by the drm_crtc_send_vblank_event() function, + * For very simple hardware without VBLANK interrupt, enabling + * &struct drm_crtc_state.no_vblank makes DRM's atomic commit helpers + * send a fake VBLANK event at the end of the display update after all + * hardware changes have been applied. See + * drm_atomic_helper_fake_vblank(). + * + * For more complex hardware this + * can be handled by the drm_crtc_send_vblank_event() function, * which the driver should call on the provided event upon completion of * the atomic commit. Note that if the driver supports vblank signalling * and timestamping the vblank counters and timestamps must agree with diff --git a/include/drm/drm_simple_kms_helper.h b/include/drm/drm_simple_kms_helper.h index 4d89cd0..df615eb 100644 --- a/include/drm/drm_simple_kms_helper.h +++ b/include/drm/drm_simple_kms_helper.h @@ -100,8 +100,11 @@ struct drm_simple_display_pipe_funcs { * This is the function drivers should submit the * &drm_pending_vblank_event from. Using either * drm_crtc_arm_vblank_event(), when the driver supports vblank - * interrupt handling, or drm_crtc_send_vblank_event() directly in case - * the hardware lacks vblank support entirely. + * interrupt handling, or drm_crtc_send_vblank_event() for more + * complex case. In case the hardware lacks vblank support entirely, + * drivers can set &struct drm_crtc_state.no_vblank in + * &struct drm_simple_display_pipe_funcs.check and let DRM's + * atomic helper fake a vblank event. */ void (*update)(struct drm_simple_display_pipe *pipe, struct drm_plane_state *old_plane_state); diff --git a/include/drm/drm_vblank.h b/include/drm/drm_vblank.h index 9fe4ba8..2559fb9 100644 --- a/include/drm/drm_vblank.h +++ b/include/drm/drm_vblank.h @@ -195,6 +195,7 @@ struct drm_vblank_crtc { };
int drm_vblank_init(struct drm_device *dev, unsigned int num_crtcs); +bool drm_dev_has_vblank(const struct drm_device *dev); u64 drm_crtc_vblank_count(struct drm_crtc *crtc); u64 drm_crtc_vblank_count_and_time(struct drm_crtc *crtc, ktime_t *vblanktime);
From: Daniel Vetter daniel.vetter@ffwll.ch
Only when vblanks are supported ofc.
Some drivers do this already, but most unfortunately missed it. This opens up bugs after driver load, before the crtc is enabled for the first time. syzbot spotted this when loading vkms as a secondary output. Given how many drivers are buggy it's best to solve this once and for all in shared helper code.
Aside from moving the few existing calls to drm_crtc_vblank_reset into helpers (i915 doesn't use helpers, so keeps its own) I think the regression risk is minimal: atomic helpers already rely on drivers calling drm_crtc_vblank_on/off correctly in their hooks when they support vblanks. And driver that's failing to handle vblanks after this is missing those calls already, and vblanks could only work by accident when enabling a CRTC for the first time right after boot.
Big thanks to Tetsuo for helping track down what's going wrong here.
There's only a few drivers which already had the necessary call and needed some updating: - komeda, atmel and tidss also needed to be changed to call __drm_atomic_helper_crtc_reset() intead of open coding it - tegra and msm even had it in the same place already, just code motion, and malidp already uses __drm_atomic_helper_crtc_reset(). - Laurent noticed that rcar-du and omap open-code their crtc reset and hence would actually be broken by this patch now. So fix them up by reusing the helpers, which brings the drm_crtc_vblank_reset() back.
Only call left is in i915, which doesn't use drm_mode_config_reset, but has its own fastboot infrastructure. So that's the only case where we actually want this in the driver still.
I've also reviewed all other drivers which set up vblank support with drm_vblank_init. After the previous patch fixing mxsfb all atomic drivers do call drm_crtc_vblank_on/off as they should, the remaining drivers are either legacy kms or legacy dri1 drivers, so not affected by this change to atomic helpers.
v2: Use the drm_dev_has_vblank() helper.
v3: Laurent pointed out that omap and rcar-du used drm_crtc_vblank_off instead of drm_crtc_vblank_reset. Adjust them too.
v4: Laurent noticed that rcar-du and omap open-code their crtc reset and hence would actually be broken by this patch now. So fix them up by reusing the helpers, which brings the drm_crtc_vblank_reset() back.
v5: also mention rcar-du and ompadrm in the proper commit message above (Laurent).
Reviewed-by: Laurent Pinchart laurent.pinchart@ideasonboard.com Acked-by: Maxime Ripard mripard@kernel.org Cc: Laurent Pinchart laurent.pinchart@ideasonboard.com Reviewed-by: Boris Brezillon boris.brezillon@collabora.com Acked-by: Liviu Dudau liviu.dudau@arm.com Acked-by: Thierry Reding treding@nvidia.com Link: https://syzkaller.appspot.com/bug?id=0ba17d70d062b2595e1f061231474800f076c7c... Reported-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Reported-by: syzbot+0871b14ca2e2fb64f6e3@syzkaller.appspotmail.com Cc: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Cc: "James (Qian) Wang" james.qian.wang@arm.com Cc: Liviu Dudau liviu.dudau@arm.com Cc: Mihail Atanassov mihail.atanassov@arm.com Cc: Brian Starkey brian.starkey@arm.com Cc: Sam Ravnborg sam@ravnborg.org Cc: Boris Brezillon bbrezillon@kernel.org Cc: Nicolas Ferre nicolas.ferre@microchip.com Cc: Alexandre Belloni alexandre.belloni@bootlin.com Cc: Ludovic Desroches ludovic.desroches@microchip.com Cc: Maarten Lankhorst maarten.lankhorst@linux.intel.com Cc: Maxime Ripard mripard@kernel.org Cc: Thomas Zimmermann tzimmermann@suse.de Cc: David Airlie airlied@linux.ie Cc: Daniel Vetter daniel@ffwll.ch Cc: Thierry Reding thierry.reding@gmail.com Cc: Jonathan Hunter jonathanh@nvidia.com Cc: Jyri Sarha jsarha@ti.com Cc: Tomi Valkeinen tomi.valkeinen@ti.com Cc: Rob Clark robdclark@gmail.com Cc: Sean Paul seanpaul@chromium.org Cc: Brian Masney masneyb@onstation.org Cc: Emil Velikov emil.velikov@collabora.com Cc: zhengbin zhengbin13@huawei.com Cc: Thomas Gleixner tglx@linutronix.de Cc: linux-tegra@vger.kernel.org Cc: Kieran Bingham kieran.bingham+renesas@ideasonboard.com Cc: linux-arm-kernel@lists.infradead.org Cc: linux-renesas-soc@vger.kernel.org Signed-off-by: Daniel Vetter daniel.vetter@intel.com Link: https://patchwork.freedesktop.org/patch/msgid/20200612160056.2082681-1-danie... (cherry picked from commit 51f644b40b4b794b28b982fdd5d0dd8ee63f9272) Signed-off-by: George Kennedy george.kennedy@oracle.com
Conflicts: drivers/gpu/drm/tidss/tidss_crtc.c drivers/gpu/drm/tidss/tidss_kms.c --- drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++----- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++----- drivers/gpu/drm/drm_atomic_state_helper.c | 4 ++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 ---- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +----- drivers/gpu/drm/tegra/dc.c | 1 - 9 files changed, 14 insertions(+), 26 deletions(-)
diff --git a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c index 52c4256..d301e55 100644 --- a/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c +++ b/drivers/gpu/drm/arm/display/komeda/komeda_crtc.c @@ -440,10 +440,8 @@ static void komeda_crtc_reset(struct drm_crtc *crtc) crtc->state = NULL;
state = kzalloc(sizeof(*state), GFP_KERNEL); - if (state) { - crtc->state = &state->base; - crtc->state->crtc = crtc; - } + if (state) + __drm_atomic_helper_crtc_reset(crtc, &state->base); }
static struct drm_crtc_state * @@ -564,7 +562,6 @@ static int komeda_crtc_add(struct komeda_kms_dev *kms, return err;
drm_crtc_helper_add(crtc, &komeda_crtc_helper_funcs); - drm_crtc_vblank_reset(crtc);
crtc->port = kcrtc->master->of_output_port;
diff --git a/drivers/gpu/drm/arm/malidp_drv.c b/drivers/gpu/drm/arm/malidp_drv.c index 333b88a..566b183 100644 --- a/drivers/gpu/drm/arm/malidp_drv.c +++ b/drivers/gpu/drm/arm/malidp_drv.c @@ -865,7 +865,6 @@ static int malidp_bind(struct device *dev) drm->irq_enabled = true;
ret = drm_vblank_init(drm, drm->mode_config.num_crtc); - drm_crtc_vblank_reset(&malidp->crtc); if (ret < 0) { DRM_ERROR("failed to initialise vblank\n"); goto vblank_fail; diff --git a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c index 1098513..ce246b9 100644 --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c @@ -411,10 +411,8 @@ static void atmel_hlcdc_crtc_reset(struct drm_crtc *crtc) }
state = kzalloc(sizeof(*state), GFP_KERNEL); - if (state) { - crtc->state = &state->base; - crtc->state->crtc = crtc; - } + if (state) + __drm_atomic_helper_crtc_reset(crtc, &state->base); }
static struct drm_crtc_state * @@ -528,7 +526,6 @@ int atmel_hlcdc_crtc_create(struct drm_device *dev) }
drm_crtc_helper_add(&crtc->base, &lcdc_crtc_helper_funcs); - drm_crtc_vblank_reset(&crtc->base);
drm_mode_crtc_set_gamma_size(&crtc->base, ATMEL_HLCDC_CLUT_SIZE); drm_crtc_enable_color_mgmt(&crtc->base, 0, false, diff --git a/drivers/gpu/drm/drm_atomic_state_helper.c b/drivers/gpu/drm/drm_atomic_state_helper.c index d0a937f..9c16936 100644 --- a/drivers/gpu/drm/drm_atomic_state_helper.c +++ b/drivers/gpu/drm/drm_atomic_state_helper.c @@ -31,6 +31,7 @@ #include <drm/drm_device.h> #include <drm/drm_plane.h> #include <drm/drm_print.h> +#include <drm/drm_vblank.h> #include <drm/drm_writeback.h>
#include <linux/slab.h> @@ -76,6 +77,9 @@ if (crtc_state) crtc_state->crtc = crtc;
+ if (drm_dev_has_vblank(crtc->dev)) + drm_crtc_vblank_reset(crtc); + crtc->state = crtc_state; } EXPORT_SYMBOL(__drm_atomic_helper_crtc_reset); diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c index 3951468..dbfd113 100644 --- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c +++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c @@ -1043,8 +1043,6 @@ static void mdp5_crtc_reset(struct drm_crtc *crtc) mdp5_crtc_destroy_state(crtc, crtc->state);
__drm_atomic_helper_crtc_reset(crtc, &mdp5_cstate->base); - - drm_crtc_vblank_reset(crtc); }
static const struct drm_crtc_funcs mdp5_crtc_funcs = { diff --git a/drivers/gpu/drm/omapdrm/omap_crtc.c b/drivers/gpu/drm/omapdrm/omap_crtc.c index f5e1880..cfeb424 100644 --- a/drivers/gpu/drm/omapdrm/omap_crtc.c +++ b/drivers/gpu/drm/omapdrm/omap_crtc.c @@ -698,14 +698,16 @@ static int omap_crtc_atomic_get_property(struct drm_crtc *crtc,
static void omap_crtc_reset(struct drm_crtc *crtc) { + struct omap_crtc_state *state; + if (crtc->state) __drm_atomic_helper_crtc_destroy_state(crtc->state);
kfree(crtc->state); - crtc->state = kzalloc(sizeof(struct omap_crtc_state), GFP_KERNEL);
- if (crtc->state) - crtc->state->crtc = crtc; + state = kzalloc(sizeof(*state), GFP_KERNEL); + if (state) + __drm_atomic_helper_crtc_reset(crtc, &state->base); }
static struct drm_crtc_state * diff --git a/drivers/gpu/drm/omapdrm/omap_drv.c b/drivers/gpu/drm/omapdrm/omap_drv.c index 2983c00..672b0d3 100644 --- a/drivers/gpu/drm/omapdrm/omap_drv.c +++ b/drivers/gpu/drm/omapdrm/omap_drv.c @@ -557,7 +557,6 @@ static int omapdrm_init(struct omap_drm_private *priv, struct device *dev) { const struct soc_device_attribute *soc; struct drm_device *ddev; - unsigned int i; int ret;
DBG("%s", dev_name(dev)); @@ -604,9 +603,6 @@ static int omapdrm_init(struct omap_drm_private *priv, struct device *dev) goto err_cleanup_modeset; }
- for (i = 0; i < priv->num_pipes; i++) - drm_crtc_vblank_off(priv->pipes[i].crtc); - omap_fbdev_init(ddev);
drm_kms_helper_poll_init(ddev); diff --git a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c index 2da46e3..6d0280c 100644 --- a/drivers/gpu/drm/rcar-du/rcar_du_crtc.c +++ b/drivers/gpu/drm/rcar-du/rcar_du_crtc.c @@ -910,8 +910,7 @@ static void rcar_du_crtc_reset(struct drm_crtc *crtc) state->crc.source = VSP1_DU_CRC_NONE; state->crc.index = 0;
- crtc->state = &state->state; - crtc->state->crtc = crtc; + __drm_atomic_helper_crtc_reset(crtc, &state->state); }
static int rcar_du_crtc_enable_vblank(struct drm_crtc *crtc) @@ -1196,9 +1195,6 @@ int rcar_du_crtc_create(struct rcar_du_group *rgrp, unsigned int swindex,
drm_crtc_helper_add(crtc, &crtc_helper_funcs);
- /* Start with vertical blanking interrupt reporting disabled. */ - drm_crtc_vblank_off(crtc); - /* Register the interrupt handler. */ if (rcar_du_has(rcdu, RCAR_DU_FEATURE_CRTC_IRQ_CLOCK)) { /* The IRQ's are associated with the CRTC (sw)index. */ diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 617cbe4..75c7068 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -1166,7 +1166,6 @@ static void tegra_crtc_reset(struct drm_crtc *crtc) tegra_crtc_atomic_destroy_state(crtc, crtc->state);
__drm_atomic_helper_crtc_reset(crtc, &state->base); - drm_crtc_vblank_reset(crtc); }
static struct drm_crtc_state *
On Fri, May 21, 2021 at 03:53:18PM -0500, George Kennedy wrote:
During Syzkaller reproducer testing on 5.4.y (5.4.121-rc1) the following warning occurred:
WARNING in vkms_vblank_simulate https://syzkaller.appspot.com//bug?id=0ba17d70d062b2595e1f061231474800f076c7...
These 2 upstream commits are needed to fix the warning: 7beb691f drm: Initialize struct drm_crtc_state.no_vblank from device settings 51f644b4 drm/atomic-helper: reset vblank on crtc reset
51f644b4 has conflicts (which were resolved).
[ 101.335429] ------------[ cut here ]------------ [ 101.336576] WARNING: CPU: 1 PID: 0 at drivers/gpu/drm/vkms/vkms_crtc.c:91 vkms_get_vblank_timestamp+0x10a/0x140 [ 101.338952] Modules linked in: [ 101.339701] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.121-rc1-syzk #1 [ 101.344331] RIP: 0010:vkms_get_vblank_timestamp+0x10a/0x140 [ 101.345660] Code: 03 80 3c 02 00 75 4f 4d 2b b5 80 10 00 00 4d 89 34 24 e8 d9 4e a7 fc b8 01 00 00 00 5b 41 5c 41 5d 41 5e 5d c3 e8 c6 4e a7 fc <0f> 0b eb e4 e8 3d a0 e6 fc e9 27 ff ff ff e8 33 a0 e6 fc eb 91 4c [ 101.351293] RAX: ffff888107a65d00 RBX: 000000179647991a RCX: ffffffff84cde2af [ 101.352976] RDX: 0000000000000100 RSI: ffffffff84cde2fa RDI: 0000000000000006 [ 101.354662] RBP: ffff88810b289ba8 R08: ffff888107a65d00 R09: ffffed1021651398 [ 101.356361] R10: ffffed1021651398 R11: 0000000000000003 R12: ffff88810b289cb0 [ 101.358037] R13: ffff88810a89c000 R14: 000000179647991a R15: 0000000000004e20 [ 101.359718] FS: 0000000000000000(0000) GS:ffff88810b280000(0000) knlGS:0000000000000000 [ 101.361627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.362992] CR2: 00007f82b0154000 CR3: 0000000109460000 CR4: 00000000000006e0 [ 101.364684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.366369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.368043] Call Trace: [ 101.368652] <IRQ> [ 101.369159] ? vkms_crtc_atomic_flush+0x2d0/0x2d0 [ 101.370296] drm_get_last_vbltimestamp+0x106/0x1b0 [ 101.371446] ? drm_crtc_set_max_vblank_count+0x1a0/0x1a0 [ 101.372715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.374001] drm_update_vblank_count+0x17a/0x800 [ 101.375107] ? store_vblank+0x1d0/0x1d0 [ 101.376038] ? __kasan_check_write+0x14/0x20 [ 101.377071] drm_vblank_disable_and_save+0x13a/0x3d0 [ 101.378265] ? vblank_disable_fn+0x101/0x180 [ 101.379296] vblank_disable_fn+0x14b/0x180 [ 101.380282] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.381508] call_timer_fn+0x50/0x310 [ 101.382393] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.383621] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.384849] run_timer_softirq+0x76f/0x13e0 [ 101.385857] ? del_timer_sync+0xb0/0xb0 [ 101.386792] ? irq_work_interrupt+0xf/0x20 [ 101.387776] ? irq_work_interrupt+0xa/0x20 [ 101.388761] __do_softirq+0x18d/0x623 [ 101.389647] irq_exit+0x1fc/0x220 [ 101.390454] smp_apic_timer_interrupt+0xf0/0x380 [ 101.391565] apic_timer_interrupt+0xf/0x20 [ 101.392547] </IRQ> [ 101.393073] RIP: 0010:native_safe_halt+0x12/0x20 [ 101.394178] Code: 96 fe ff ff 48 89 df e8 ac c1 fc f3 eb 92 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 10 ee 50 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 [ 101.398541] RSP: 0018:ffff888107aafd48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 101.400326] RAX: ffffffff8db7b830 RBX: ffff888107a65d00 RCX: ffffffff8db7c532 [ 101.402004] RDX: 1ffff11020f4cba0 RSI: 0000000000000008 RDI: ffff888107a65d00 [ 101.403680] RBP: ffff888107aafd48 R08: ffffed1020f4cba1 R09: ffffed1020f4cba1 [ 101.405361] R10: ffffed1020f4cba0 R11: ffff888107a65d07 R12: 0000000000000001 [ 101.407041] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 101.408729] ? __cpuidle_text_start+0x8/0x8 [ 101.409735] ? default_idle_call+0x32/0x70 [ 101.410722] default_idle+0x24/0x2c0 [ 101.411589] arch_cpu_idle+0x15/0x20 [ 101.412459] default_idle_call+0x5f/0x70 [ 101.413405] do_idle+0x30f/0x3d0 [ 101.414185] ? arch_cpu_idle_exit+0x40/0x40 [ 101.415188] ? complete+0x67/0x80 [ 101.415992] cpu_startup_entry+0x1d/0x20 [ 101.416937] start_secondary+0x2ec/0x3d0 [ 101.417879] ? set_cpu_sibling_map+0x2620/0x2620 [ 101.418986] secondary_startup_64+0xb6/0xc0 [ 101.420001] ---[ end trace 6143b67a4d795a3a ]---
Daniel Vetter (1): drm/atomic-helper: reset vblank on crtc reset
Thomas Zimmermann (1): drm: Initialize struct drm_crtc_state.no_vblank from device settings
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++--- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++--- drivers/gpu/drm/drm_atomic_helper.c | 10 ++++++- drivers/gpu/drm/drm_atomic_state_helper.c | 4 +++ drivers/gpu/drm/drm_vblank.c | 28 +++++++++++++++++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +---- drivers/gpu/drm/tegra/dc.c | 1 - include/drm/drm_crtc.h | 34 +++++++++++++++++++----- include/drm/drm_simple_kms_helper.h | 7 +++-- include/drm/drm_vblank.h | 1 + 14 files changed, 84 insertions(+), 36 deletions(-)
-- 1.8.3.1
I need the drm developers/maintainers to ack these changes before I can take them into the stable tree... {hint}
On Mon, May 31, 2021 at 02:00:39PM +0200, Greg KH wrote:
On Fri, May 21, 2021 at 03:53:18PM -0500, George Kennedy wrote:
During Syzkaller reproducer testing on 5.4.y (5.4.121-rc1) the following warning occurred:
WARNING in vkms_vblank_simulate https://syzkaller.appspot.com//bug?id=0ba17d70d062b2595e1f061231474800f076c7...
These 2 upstream commits are needed to fix the warning: 7beb691f drm: Initialize struct drm_crtc_state.no_vblank from device settings 51f644b4 drm/atomic-helper: reset vblank on crtc reset
51f644b4 has conflicts (which were resolved).
[ 101.335429] ------------[ cut here ]------------ [ 101.336576] WARNING: CPU: 1 PID: 0 at drivers/gpu/drm/vkms/vkms_crtc.c:91 vkms_get_vblank_timestamp+0x10a/0x140 [ 101.338952] Modules linked in: [ 101.339701] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.121-rc1-syzk #1 [ 101.344331] RIP: 0010:vkms_get_vblank_timestamp+0x10a/0x140 [ 101.345660] Code: 03 80 3c 02 00 75 4f 4d 2b b5 80 10 00 00 4d 89 34 24 e8 d9 4e a7 fc b8 01 00 00 00 5b 41 5c 41 5d 41 5e 5d c3 e8 c6 4e a7 fc <0f> 0b eb e4 e8 3d a0 e6 fc e9 27 ff ff ff e8 33 a0 e6 fc eb 91 4c [ 101.351293] RAX: ffff888107a65d00 RBX: 000000179647991a RCX: ffffffff84cde2af [ 101.352976] RDX: 0000000000000100 RSI: ffffffff84cde2fa RDI: 0000000000000006 [ 101.354662] RBP: ffff88810b289ba8 R08: ffff888107a65d00 R09: ffffed1021651398 [ 101.356361] R10: ffffed1021651398 R11: 0000000000000003 R12: ffff88810b289cb0 [ 101.358037] R13: ffff88810a89c000 R14: 000000179647991a R15: 0000000000004e20 [ 101.359718] FS: 0000000000000000(0000) GS:ffff88810b280000(0000) knlGS:0000000000000000 [ 101.361627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.362992] CR2: 00007f82b0154000 CR3: 0000000109460000 CR4: 00000000000006e0 [ 101.364684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.366369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.368043] Call Trace: [ 101.368652] <IRQ> [ 101.369159] ? vkms_crtc_atomic_flush+0x2d0/0x2d0 [ 101.370296] drm_get_last_vbltimestamp+0x106/0x1b0 [ 101.371446] ? drm_crtc_set_max_vblank_count+0x1a0/0x1a0 [ 101.372715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.374001] drm_update_vblank_count+0x17a/0x800 [ 101.375107] ? store_vblank+0x1d0/0x1d0 [ 101.376038] ? __kasan_check_write+0x14/0x20 [ 101.377071] drm_vblank_disable_and_save+0x13a/0x3d0 [ 101.378265] ? vblank_disable_fn+0x101/0x180 [ 101.379296] vblank_disable_fn+0x14b/0x180 [ 101.380282] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.381508] call_timer_fn+0x50/0x310 [ 101.382393] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.383621] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.384849] run_timer_softirq+0x76f/0x13e0 [ 101.385857] ? del_timer_sync+0xb0/0xb0 [ 101.386792] ? irq_work_interrupt+0xf/0x20 [ 101.387776] ? irq_work_interrupt+0xa/0x20 [ 101.388761] __do_softirq+0x18d/0x623 [ 101.389647] irq_exit+0x1fc/0x220 [ 101.390454] smp_apic_timer_interrupt+0xf0/0x380 [ 101.391565] apic_timer_interrupt+0xf/0x20 [ 101.392547] </IRQ> [ 101.393073] RIP: 0010:native_safe_halt+0x12/0x20 [ 101.394178] Code: 96 fe ff ff 48 89 df e8 ac c1 fc f3 eb 92 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 10 ee 50 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 [ 101.398541] RSP: 0018:ffff888107aafd48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 101.400326] RAX: ffffffff8db7b830 RBX: ffff888107a65d00 RCX: ffffffff8db7c532 [ 101.402004] RDX: 1ffff11020f4cba0 RSI: 0000000000000008 RDI: ffff888107a65d00 [ 101.403680] RBP: ffff888107aafd48 R08: ffffed1020f4cba1 R09: ffffed1020f4cba1 [ 101.405361] R10: ffffed1020f4cba0 R11: ffff888107a65d07 R12: 0000000000000001 [ 101.407041] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 101.408729] ? __cpuidle_text_start+0x8/0x8 [ 101.409735] ? default_idle_call+0x32/0x70 [ 101.410722] default_idle+0x24/0x2c0 [ 101.411589] arch_cpu_idle+0x15/0x20 [ 101.412459] default_idle_call+0x5f/0x70 [ 101.413405] do_idle+0x30f/0x3d0 [ 101.414185] ? arch_cpu_idle_exit+0x40/0x40 [ 101.415188] ? complete+0x67/0x80 [ 101.415992] cpu_startup_entry+0x1d/0x20 [ 101.416937] start_secondary+0x2ec/0x3d0 [ 101.417879] ? set_cpu_sibling_map+0x2620/0x2620 [ 101.418986] secondary_startup_64+0xb6/0xc0 [ 101.420001] ---[ end trace 6143b67a4d795a3a ]---
Daniel Vetter (1): drm/atomic-helper: reset vblank on crtc reset
Thomas Zimmermann (1): drm: Initialize struct drm_crtc_state.no_vblank from device settings
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++--- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++--- drivers/gpu/drm/drm_atomic_helper.c | 10 ++++++- drivers/gpu/drm/drm_atomic_state_helper.c | 4 +++ drivers/gpu/drm/drm_vblank.c | 28 +++++++++++++++++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +---- drivers/gpu/drm/tegra/dc.c | 1 - include/drm/drm_crtc.h | 34 +++++++++++++++++++----- include/drm/drm_simple_kms_helper.h | 7 +++-- include/drm/drm_vblank.h | 1 + 14 files changed, 84 insertions(+), 36 deletions(-)
-- 1.8.3.1
I need the drm developers/maintainers to ack these changes before I can take them into the stable tree... {hint}
Now dropping from my "to review" queue as there was no response from the DRM maintainers. Please get them to ack this before resending it again.
thanks,
greg k-h
Hello Thomas,
I sent this backport request to stable@vger.kernel.org a while ago including the maintainers, but mistakenly did not CC you. Sorry about that.
Can you please review this backport request for 5.4.y? Greg is waiting to hear from the maintainers before accepting the backport request.
Thank you, George
On 5/31/2021 8:00 AM, Greg KH wrote:
On Fri, May 21, 2021 at 03:53:18PM -0500, George Kennedy wrote:
During Syzkaller reproducer testing on 5.4.y (5.4.121-rc1) the following warning occurred:
WARNING in vkms_vblank_simulate https://syzkaller.appspot.com//bug?id=0ba17d70d062b2595e1f061231474800f076c7...
These 2 upstream commits are needed to fix the warning: 7beb691f drm: Initialize struct drm_crtc_state.no_vblank from device settings 51f644b4 drm/atomic-helper: reset vblank on crtc reset
51f644b4 has conflicts (which were resolved).
[ 101.335429] ------------[ cut here ]------------ [ 101.336576] WARNING: CPU: 1 PID: 0 at drivers/gpu/drm/vkms/vkms_crtc.c:91 vkms_get_vblank_timestamp+0x10a/0x140 [ 101.338952] Modules linked in: [ 101.339701] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.121-rc1-syzk #1 [ 101.344331] RIP: 0010:vkms_get_vblank_timestamp+0x10a/0x140 [ 101.345660] Code: 03 80 3c 02 00 75 4f 4d 2b b5 80 10 00 00 4d 89 34 24 e8 d9 4e a7 fc b8 01 00 00 00 5b 41 5c 41 5d 41 5e 5d c3 e8 c6 4e a7 fc <0f> 0b eb e4 e8 3d a0 e6 fc e9 27 ff ff ff e8 33 a0 e6 fc eb 91 4c [ 101.351293] RAX: ffff888107a65d00 RBX: 000000179647991a RCX: ffffffff84cde2af [ 101.352976] RDX: 0000000000000100 RSI: ffffffff84cde2fa RDI: 0000000000000006 [ 101.354662] RBP: ffff88810b289ba8 R08: ffff888107a65d00 R09: ffffed1021651398 [ 101.356361] R10: ffffed1021651398 R11: 0000000000000003 R12: ffff88810b289cb0 [ 101.358037] R13: ffff88810a89c000 R14: 000000179647991a R15: 0000000000004e20 [ 101.359718] FS: 0000000000000000(0000) GS:ffff88810b280000(0000) knlGS:0000000000000000 [ 101.361627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.362992] CR2: 00007f82b0154000 CR3: 0000000109460000 CR4: 00000000000006e0 [ 101.364684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.366369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.368043] Call Trace: [ 101.368652] <IRQ> [ 101.369159] ? vkms_crtc_atomic_flush+0x2d0/0x2d0 [ 101.370296] drm_get_last_vbltimestamp+0x106/0x1b0 [ 101.371446] ? drm_crtc_set_max_vblank_count+0x1a0/0x1a0 [ 101.372715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.374001] drm_update_vblank_count+0x17a/0x800 [ 101.375107] ? store_vblank+0x1d0/0x1d0 [ 101.376038] ? __kasan_check_write+0x14/0x20 [ 101.377071] drm_vblank_disable_and_save+0x13a/0x3d0 [ 101.378265] ? vblank_disable_fn+0x101/0x180 [ 101.379296] vblank_disable_fn+0x14b/0x180 [ 101.380282] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.381508] call_timer_fn+0x50/0x310 [ 101.382393] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.383621] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.384849] run_timer_softirq+0x76f/0x13e0 [ 101.385857] ? del_timer_sync+0xb0/0xb0 [ 101.386792] ? irq_work_interrupt+0xf/0x20 [ 101.387776] ? irq_work_interrupt+0xa/0x20 [ 101.388761] __do_softirq+0x18d/0x623 [ 101.389647] irq_exit+0x1fc/0x220 [ 101.390454] smp_apic_timer_interrupt+0xf0/0x380 [ 101.391565] apic_timer_interrupt+0xf/0x20 [ 101.392547] </IRQ> [ 101.393073] RIP: 0010:native_safe_halt+0x12/0x20 [ 101.394178] Code: 96 fe ff ff 48 89 df e8 ac c1 fc f3 eb 92 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 10 ee 50 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 [ 101.398541] RSP: 0018:ffff888107aafd48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 101.400326] RAX: ffffffff8db7b830 RBX: ffff888107a65d00 RCX: ffffffff8db7c532 [ 101.402004] RDX: 1ffff11020f4cba0 RSI: 0000000000000008 RDI: ffff888107a65d00 [ 101.403680] RBP: ffff888107aafd48 R08: ffffed1020f4cba1 R09: ffffed1020f4cba1 [ 101.405361] R10: ffffed1020f4cba0 R11: ffff888107a65d07 R12: 0000000000000001 [ 101.407041] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 101.408729] ? __cpuidle_text_start+0x8/0x8 [ 101.409735] ? default_idle_call+0x32/0x70 [ 101.410722] default_idle+0x24/0x2c0 [ 101.411589] arch_cpu_idle+0x15/0x20 [ 101.412459] default_idle_call+0x5f/0x70 [ 101.413405] do_idle+0x30f/0x3d0 [ 101.414185] ? arch_cpu_idle_exit+0x40/0x40 [ 101.415188] ? complete+0x67/0x80 [ 101.415992] cpu_startup_entry+0x1d/0x20 [ 101.416937] start_secondary+0x2ec/0x3d0 [ 101.417879] ? set_cpu_sibling_map+0x2620/0x2620 [ 101.418986] secondary_startup_64+0xb6/0xc0 [ 101.420001] ---[ end trace 6143b67a4d795a3a ]---
Daniel Vetter (1): drm/atomic-helper: reset vblank on crtc reset
Thomas Zimmermann (1): drm: Initialize struct drm_crtc_state.no_vblank from device settings
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++--- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++--- drivers/gpu/drm/drm_atomic_helper.c | 10 ++++++- drivers/gpu/drm/drm_atomic_state_helper.c | 4 +++ drivers/gpu/drm/drm_vblank.c | 28 +++++++++++++++++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +---- drivers/gpu/drm/tegra/dc.c | 1 - include/drm/drm_crtc.h | 34 +++++++++++++++++++----- include/drm/drm_simple_kms_helper.h | 7 +++-- include/drm/drm_vblank.h | 1 + 14 files changed, 84 insertions(+), 36 deletions(-)
-- 1.8.3.1
I need the drm developers/maintainers to ack these changes before I can take them into the stable tree... {hint}
On Tue, Aug 17, 2021 at 09:37:00AM -0400, George Kennedy wrote:
Hello Thomas,
I sent this backport request to stable@vger.kernel.org a while ago including the maintainers, but mistakenly did not CC you. Sorry about that.
Can you please review this backport request for 5.4.y? Greg is waiting to hear from the maintainers before accepting the backport request.
Thank you, George
On 5/31/2021 8:00 AM, Greg KH wrote:
On Fri, May 21, 2021 at 03:53:18PM -0500, George Kennedy wrote:
During Syzkaller reproducer testing on 5.4.y (5.4.121-rc1) the following warning occurred:
WARNING in vkms_vblank_simulate https://syzkaller.appspot.com//bug?id=0ba17d70d062b2595e1f061231474800f076c7...
These 2 upstream commits are needed to fix the warning: 7beb691f drm: Initialize struct drm_crtc_state.no_vblank from device settings 51f644b4 drm/atomic-helper: reset vblank on crtc reset
We've done these two (and a bunch more iirc) because we were firmly fed up with drivers getting these details wrong. But the entire vblank handling area is also extremely fickle, so backporting these to fix vkms (which is purely for developers for testing) at the risk of maybe breaking some real driver, feels a bit silly.
Ofc syzkaller doesn't tests these. Note that the big drivers should all get this right, it's the fringe arm drivers that no one tests fully which get all these details wrong.
So unless someone hollers that this fixes a bug on their hw I'd let these be.
Upgrade to 5.10 LTS if you care about this stuff, it's been out for over half a year by now :-)
Cheers, Daniel
51f644b4 has conflicts (which were resolved).
[ 101.335429] ------------[ cut here ]------------ [ 101.336576] WARNING: CPU: 1 PID: 0 at drivers/gpu/drm/vkms/vkms_crtc.c:91 vkms_get_vblank_timestamp+0x10a/0x140 [ 101.338952] Modules linked in: [ 101.339701] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.4.121-rc1-syzk #1 [ 101.344331] RIP: 0010:vkms_get_vblank_timestamp+0x10a/0x140 [ 101.345660] Code: 03 80 3c 02 00 75 4f 4d 2b b5 80 10 00 00 4d 89 34 24 e8 d9 4e a7 fc b8 01 00 00 00 5b 41 5c 41 5d 41 5e 5d c3 e8 c6 4e a7 fc <0f> 0b eb e4 e8 3d a0 e6 fc e9 27 ff ff ff e8 33 a0 e6 fc eb 91 4c [ 101.351293] RAX: ffff888107a65d00 RBX: 000000179647991a RCX: ffffffff84cde2af [ 101.352976] RDX: 0000000000000100 RSI: ffffffff84cde2fa RDI: 0000000000000006 [ 101.354662] RBP: ffff88810b289ba8 R08: ffff888107a65d00 R09: ffffed1021651398 [ 101.356361] R10: ffffed1021651398 R11: 0000000000000003 R12: ffff88810b289cb0 [ 101.358037] R13: ffff88810a89c000 R14: 000000179647991a R15: 0000000000004e20 [ 101.359718] FS: 0000000000000000(0000) GS:ffff88810b280000(0000) knlGS:0000000000000000 [ 101.361627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.362992] CR2: 00007f82b0154000 CR3: 0000000109460000 CR4: 00000000000006e0 [ 101.364684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 101.366369] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 101.368043] Call Trace: [ 101.368652] <IRQ> [ 101.369159] ? vkms_crtc_atomic_flush+0x2d0/0x2d0 [ 101.370296] drm_get_last_vbltimestamp+0x106/0x1b0 [ 101.371446] ? drm_crtc_set_max_vblank_count+0x1a0/0x1a0 [ 101.372715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 101.374001] drm_update_vblank_count+0x17a/0x800 [ 101.375107] ? store_vblank+0x1d0/0x1d0 [ 101.376038] ? __kasan_check_write+0x14/0x20 [ 101.377071] drm_vblank_disable_and_save+0x13a/0x3d0 [ 101.378265] ? vblank_disable_fn+0x101/0x180 [ 101.379296] vblank_disable_fn+0x14b/0x180 [ 101.380282] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.381508] call_timer_fn+0x50/0x310 [ 101.382393] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.383621] ? drm_vblank_disable_and_save+0x3d0/0x3d0 [ 101.384849] run_timer_softirq+0x76f/0x13e0 [ 101.385857] ? del_timer_sync+0xb0/0xb0 [ 101.386792] ? irq_work_interrupt+0xf/0x20 [ 101.387776] ? irq_work_interrupt+0xa/0x20 [ 101.388761] __do_softirq+0x18d/0x623 [ 101.389647] irq_exit+0x1fc/0x220 [ 101.390454] smp_apic_timer_interrupt+0xf0/0x380 [ 101.391565] apic_timer_interrupt+0xf/0x20 [ 101.392547] </IRQ> [ 101.393073] RIP: 0010:native_safe_halt+0x12/0x20 [ 101.394178] Code: 96 fe ff ff 48 89 df e8 ac c1 fc f3 eb 92 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 e9 07 00 00 00 0f 00 2d 10 ee 50 00 fb f4 <5d> c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 e9 07 00 00 [ 101.398541] RSP: 0018:ffff888107aafd48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 101.400326] RAX: ffffffff8db7b830 RBX: ffff888107a65d00 RCX: ffffffff8db7c532 [ 101.402004] RDX: 1ffff11020f4cba0 RSI: 0000000000000008 RDI: ffff888107a65d00 [ 101.403680] RBP: ffff888107aafd48 R08: ffffed1020f4cba1 R09: ffffed1020f4cba1 [ 101.405361] R10: ffffed1020f4cba0 R11: ffff888107a65d07 R12: 0000000000000001 [ 101.407041] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 101.408729] ? __cpuidle_text_start+0x8/0x8 [ 101.409735] ? default_idle_call+0x32/0x70 [ 101.410722] default_idle+0x24/0x2c0 [ 101.411589] arch_cpu_idle+0x15/0x20 [ 101.412459] default_idle_call+0x5f/0x70 [ 101.413405] do_idle+0x30f/0x3d0 [ 101.414185] ? arch_cpu_idle_exit+0x40/0x40 [ 101.415188] ? complete+0x67/0x80 [ 101.415992] cpu_startup_entry+0x1d/0x20 [ 101.416937] start_secondary+0x2ec/0x3d0 [ 101.417879] ? set_cpu_sibling_map+0x2620/0x2620 [ 101.418986] secondary_startup_64+0xb6/0xc0 [ 101.420001] ---[ end trace 6143b67a4d795a3a ]---
Daniel Vetter (1): drm/atomic-helper: reset vblank on crtc reset
Thomas Zimmermann (1): drm: Initialize struct drm_crtc_state.no_vblank from device settings
drivers/gpu/drm/arm/display/komeda/komeda_crtc.c | 7 ++--- drivers/gpu/drm/arm/malidp_drv.c | 1 - drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_crtc.c | 7 ++--- drivers/gpu/drm/drm_atomic_helper.c | 10 ++++++- drivers/gpu/drm/drm_atomic_state_helper.c | 4 +++ drivers/gpu/drm/drm_vblank.c | 28 +++++++++++++++++++ drivers/gpu/drm/msm/disp/mdp5/mdp5_crtc.c | 2 -- drivers/gpu/drm/omapdrm/omap_crtc.c | 8 +++--- drivers/gpu/drm/omapdrm/omap_drv.c | 4 --- drivers/gpu/drm/rcar-du/rcar_du_crtc.c | 6 +---- drivers/gpu/drm/tegra/dc.c | 1 - include/drm/drm_crtc.h | 34 +++++++++++++++++++----- include/drm/drm_simple_kms_helper.h | 7 +++-- include/drm/drm_vblank.h | 1 + 14 files changed, 84 insertions(+), 36 deletions(-)
-- 1.8.3.1
I need the drm developers/maintainers to ack these changes before I can take them into the stable tree... {hint}
linux-stable-mirror@lists.linaro.org
-
Daniel Vetter -
George Kennedy -
Greg KH