From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3432C48BD1 for ; Wed, 9 Jun 2021 20:00:15 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0AEC2613D2 for ; Wed, 9 Jun 2021 20:00:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0AEC2613D2 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=zary.sk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=nouveau-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 9ADCF6EA9F; Wed, 9 Jun 2021 20:00:14 +0000 (UTC) Received: from hosting.gsystem.sk (hosting.gsystem.sk [212.5.213.30]) by gabe.freedesktop.org (Postfix) with ESMTP id D92136EA94; Wed, 9 Jun 2021 20:00:12 +0000 (UTC) Received: from [192.168.0.2] (188-167-68-178.dynamic.chello.sk [188.167.68.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id B87917A025C; Wed, 9 Jun 2021 22:00:10 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Date: Wed, 9 Jun 2021 22:00:07 +0200 User-Agent: KMail/1.9.10 References: <202106052143.52488.linux@zary.sk> <202106090910.51188.linux@zary.sk> <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> In-Reply-To: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Disposition: inline Message-Id: <202106092200.08088.linux@zary.sk> Subject: Re: [Nouveau] nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device X-BeenThere: nouveau@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Nouveau development list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nouveau@lists.freedesktop.org, Ben Skeggs , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: nouveau-bounces@lists.freedesktop.org Sender: "Nouveau" T24gV2VkbmVzZGF5IDA5IEp1bmUgMjAyMSAxMToyMTowNSBDaHJpc3RpYW4gS8O2bmlnIHdyb3Rl Ogo+IEFtIDA5LjA2LjIxIHVtIDA5OjEwIHNjaHJpZWIgT25kcmVqIFphcnk6Cj4gPiBPbiBXZWRu ZXNkYXkgMDkgSnVuZSAyMDIxLCBDaHJpc3RpYW4gS8O2bmlnIHdyb3RlOgo+ID4+IEFtIDA5LjA2 LjIxIHVtIDA4OjU3IHNjaHJpZWIgT25kcmVqIFphcnk6Cj4gPj4+IFtTTklQXQo+ID4+Pj4gVGhh bmtzIGZvciB0aGUgaGVhZHMgdXAuIFNvIHRoZSBwcm9ibGVtIHdpdGggbXkgcGF0Y2ggaXMgYWxy ZWFkeSBmaXhlZCwKPiA+Pj4+IGlzbid0IGl0Pwo+ID4+PiBUaGUgTlVMTCBwb2ludGVyIGRlcmVm ZXJlbmNlIGluIG5vdXZlYXVfYm9fd3IxNiBpbnRyb2R1Y2VkIGluCj4gPj4+IDE0MWIxNWU1OTE3 NWFhMTc0Y2ExZjc1OTYxODhiZDE1YTdjYTE3YmEgd2FzIGZpeGVkIGJ5Cj4gPj4+IGFlYTY1NmIw ZDA1ZWM1YjhlZDViZWIyZjk0YzRkZDQyZWE4MzRlOWQuCj4gPj4+Cj4gPj4+IFRoYXQncyB0aGUg YnVnIEkgaGl0IHdoZW4gYmlzZWN0aW5nIHRoZSBvcmlnaW5hbCBwcm9ibGVtOgo+ID4+PiBOVUxM IHBvaW50ZXIgZGVyZWZlcmVuY2UgaW4gbm91dmVhdV9ib19zeW5jX2Zvcl9kZXZpY2UKPiA+Pj4g SXQncyBjYXVzZWQgYnk6Cj4gPj4+ICMgZmlyc3QgYmFkIGNvbW1pdDogW2UzNGI4ZmVlYWE0YjY1 NzI1YjI1ZjQ5YzliMDhhMGY4NzA3ZThlODZdIGRybS90dG06IG1lcmdlIHR0bV9kbWFfdHQgYmFj ayBpbnRvIHR0bV90dAo+ID4+IEdvb2QgdGhhdCBJJ3ZlIGFza2VkIDopCj4gPj4KPiA+PiBPayB0 aGF0J3MgYSBiaXQgc3RyYW5nZS4gZTM0YjhmZWVhYTRiNjU3MjViMjVmNDljOWIwOGEwZjg3MDdl OGU4NiB3YXMKPiA+PiBjcmVhdGVkIG1vc3RseSBhdXRvbWF0ZWQuCj4gPj4KPiA+PiBEbyB5b3Ug aGF2ZSB0aGUgb3JpZ2luYWwgYmFja3RyYWNlIG9mIHRoYXQgTlVMTCBwb2ludGVyIGRlcmVmIG9u Y2UgbW9yZT8KPiA+IFRoZSBvcmlnaW5hbCBiYWNrdHJhY2UgaXMgaGVyZTogaHR0cHM6Ly9uYW0x MS5zYWZlbGlua3MucHJvdGVjdGlvbi5vdXRsb29rLmNvbS8/dXJsPWh0dHBzJTNBJTJGJTJGbGtt bC5vcmclMkZsa21sJTJGMjAyMSUyRjYlMkY1JTJGMzUwJmFtcDtkYXRhPTA0JTdDMDElN0NjaHJp c3RpYW4ua29lbmlnJTQwYW1kLmNvbSU3Q2U5MDViNmJkMmFhODQyYWNlMTU1MDhkOTJiMTViOTZk JTdDM2RkODk2MWZlNDg4NGU2MDhlMTFhODJkOTk0ZTE4M2QlN0MwJTdDMCU3QzYzNzU4ODE5NTAw MDcyOTQ2MCU3Q1Vua25vd24lN0NUV0ZwYkdac2IzZDhleUpXSWpvaU1DNHdMakF3TURBaUxDSlFJ am9pVjJsdU16SWlMQ0pCVGlJNklrMWhhV3dpTENKWFZDSTZNbjAlM0QlN0MzMDAwJmFtcDtzZGF0 YT16RnFoZUJiSmNPSHRZZ3FHJTJGczYzQVQxZHd1azRSRW1VREpXSHZ6YUxBbGMlM0QmYW1wO3Jl c2VydmVkPTAKPiAKPiBBbmQgdGhlIHByb2JsZW0gaXMgdGhhdCB0dG1fZG1hLT5kbWFfYWRkcmVz cyBpcyBOVUxMLCByaWdodD8gTWhtLCBJIAo+IGRvbid0IHNlZSBob3cgdGhhdCBjYW4gaGFwcGVu IHNpbmNlIG5vdXZlYXUgaXMgdXNpbmcgdHRtX3NnX3R0X2luaXQoKS4KPiAKPiBBcGFydCBmcm9t IHRoYXQgd2hhdCBub3V2ZWF1IGRvZXMgaGVyZSBpcyByYXRoZXIgcXVlc3Rpb25hYmxlIHNpbmNl IHlvdSAKPiBuZWVkIGEgY29oZXJlbnQgYXJjaGl0ZWN0dXJlIGZvciBtb3N0IHRoaW5ncyBhbnl3 YXksIGJ1dCB0aGF0J3Mgbm90IHdoYXQgCj4gd2UgYXJlIHRyeWluZyB0byBmaXggaGVyZS4KPiAK PiBDYW4geW91IHRyeSB0byBuYXJyb3cgZG93biBpZiB0dG1fc2dfdHRfaW5pdCBpcyBjYWxsZWQg YmVmb3JlIGNhbGxpbmcgCj4gdGhpcyBmdW5jdGlvbiBmb3IgdGhlIHR0IG9iamVjdCBpbiBxdWVz dGlvbj8KCnR0bV9zZ190dF9pbml0IGlzIG5vdCBjYWxsZWQ6ClsgICAxMi4xNTAxMjRdIG5vdXZl YXUgMDAwMDowMTowMC4wOiBEUk06IFZSQU06IDMxIE1pQgpbICAgMTIuMTUwMTMzXSBub3V2ZWF1 IDAwMDA6MDE6MDAuMDogRFJNOiBHQVJUOiAxMjggTWlCClsgICAxMi4xNTAxNDNdIG5vdXZlYXUg MDAwMDowMTowMC4wOiBEUk06IEJNUCB2ZXJzaW9uIDUuNgpbICAgMTIuMTUwMTUxXSBub3V2ZWF1 IDAwMDA6MDE6MDAuMDogRFJNOiBObyBEQ0IgZGF0YSBmb3VuZCBpbiBWQklPUwpbICAgMTIuMTUx MzYyXSB0dG1fdHRfaW5pdApbICAgMTIuMTUxMzcwXSB0dG1fdHRfaW5pdF9maWVsZHMKWyAgIDEy LjE1MTM3NF0gdHRtX3R0X2FsbG9jX3BhZ2VfZGlyZWN0b3J5ClsgICAxMi4xNTE2MTVdIEJVRzog a2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSwgYWRkcmVzczogMDAwMDAwMDAKCgoKLS0g Ck9uZHJlaiBaYXJ5Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fCk5vdXZlYXUgbWFpbGluZyBsaXN0Ck5vdXZlYXVAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0 dHBzOi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vbm91dmVhdQo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F381DC48BDF for ; Wed, 9 Jun 2021 20:00:17 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B8ECB613D4 for ; Wed, 9 Jun 2021 20:00:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B8ECB613D4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=zary.sk Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=dri-devel-bounces@lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 870246EA94; Wed, 9 Jun 2021 20:00:14 +0000 (UTC) Received: from hosting.gsystem.sk (hosting.gsystem.sk [212.5.213.30]) by gabe.freedesktop.org (Postfix) with ESMTP id D92136EA94; Wed, 9 Jun 2021 20:00:12 +0000 (UTC) Received: from [192.168.0.2] (188-167-68-178.dynamic.chello.sk [188.167.68.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id B87917A025C; Wed, 9 Jun 2021 22:00:10 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device Date: Wed, 9 Jun 2021 22:00:07 +0200 User-Agent: KMail/1.9.10 References: <202106052143.52488.linux@zary.sk> <202106090910.51188.linux@zary.sk> <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> In-Reply-To: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <202106092200.08088.linux@zary.sk> X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nouveau@lists.freedesktop.org, Ben Skeggs , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" On Wednesday 09 June 2021 11:21:05 Christian K=C3=B6nig wrote: > Am 09.06.21 um 09:10 schrieb Ondrej Zary: > > On Wednesday 09 June 2021, Christian K=C3=B6nig wrote: > >> Am 09.06.21 um 08:57 schrieb Ondrej Zary: > >>> [SNIP] > >>>> Thanks for the heads up. So the problem with my patch is already fix= ed, > >>>> isn't it? > >>> The NULL pointer dereference in nouveau_bo_wr16 introduced in > >>> 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by > >>> aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d. > >>> > >>> That's the bug I hit when bisecting the original problem: > >>> NULL pointer dereference in nouveau_bo_sync_for_device > >>> It's caused by: > >>> # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/tt= m: merge ttm_dma_tt back into ttm_tt > >> Good that I've asked :) > >> > >> Ok that's a bit strange. e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 was > >> created mostly automated. > >> > >> Do you have the original backtrace of that NULL pointer deref once mor= e? > > The original backtrace is here: https://nam11.safelinks.protection.outl= ook.com/?url=3Dhttps%3A%2F%2Flkml.org%2Flkml%2F2021%2F6%2F5%2F350&data= =3D04%7C01%7Cchristian.koenig%40amd.com%7Ce905b6bd2aa842ace15508d92b15b96d%= 7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637588195000729460%7CUnknown%7= CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn= 0%3D%7C3000&sdata=3DzFqheBbJcOHtYgqG%2Fs63AT1dwuk4REmUDJWHvzaLAlc%3D&am= p;reserved=3D0 >=20 > And the problem is that ttm_dma->dma_address is NULL, right? Mhm, I=20 > don't see how that can happen since nouveau is using ttm_sg_tt_init(). >=20 > Apart from that what nouveau does here is rather questionable since you=20 > need a coherent architecture for most things anyway, but that's not what= =20 > we are trying to fix here. >=20 > Can you try to narrow down if ttm_sg_tt_init is called before calling=20 > this function for the tt object in question? ttm_sg_tt_init is not called: [ 12.150124] nouveau 0000:01:00.0: DRM: VRAM: 31 MiB [ 12.150133] nouveau 0000:01:00.0: DRM: GART: 128 MiB [ 12.150143] nouveau 0000:01:00.0: DRM: BMP version 5.6 [ 12.150151] nouveau 0000:01:00.0: DRM: No DCB data found in VBIOS [ 12.151362] ttm_tt_init [ 12.151370] ttm_tt_init_fields [ 12.151374] ttm_tt_alloc_page_directory [ 12.151615] BUG: kernel NULL pointer dereference, address: 00000000 =2D-=20 Ondrej Zary From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E899C48BCF for ; Wed, 9 Jun 2021 20:00:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6C5F7613BC for ; Wed, 9 Jun 2021 20:00:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229638AbhFIUCI convert rfc822-to-8bit (ORCPT ); Wed, 9 Jun 2021 16:02:08 -0400 Received: from hosting.gsystem.sk ([212.5.213.30]:42590 "EHLO hosting.gsystem.sk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229504AbhFIUCH (ORCPT ); Wed, 9 Jun 2021 16:02:07 -0400 Received: from [192.168.0.2] (188-167-68-178.dynamic.chello.sk [188.167.68.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by hosting.gsystem.sk (Postfix) with ESMTPSA id B87917A025C; Wed, 9 Jun 2021 22:00:10 +0200 (CEST) From: Ondrej Zary To: Christian =?utf-8?q?K=C3=B6nig?= Subject: Re: nouveau broken on Riva TNT2 in 5.13.0-rc4: NULL pointer dereference in nouveau_bo_sync_for_device Date: Wed, 9 Jun 2021 22:00:07 +0200 User-Agent: KMail/1.9.10 Cc: Ben Skeggs , dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org References: <202106052143.52488.linux@zary.sk> <202106090910.51188.linux@zary.sk> <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> In-Reply-To: <762c1044-6e3a-48fc-95e4-1730b6ef2a2e@amd.com> X-KMail-QuotePrefix: > MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 8BIT Content-Disposition: inline Message-Id: <202106092200.08088.linux@zary.sk> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wednesday 09 June 2021 11:21:05 Christian König wrote: > Am 09.06.21 um 09:10 schrieb Ondrej Zary: > > On Wednesday 09 June 2021, Christian König wrote: > >> Am 09.06.21 um 08:57 schrieb Ondrej Zary: > >>> [SNIP] > >>>> Thanks for the heads up. So the problem with my patch is already fixed, > >>>> isn't it? > >>> The NULL pointer dereference in nouveau_bo_wr16 introduced in > >>> 141b15e59175aa174ca1f7596188bd15a7ca17ba was fixed by > >>> aea656b0d05ec5b8ed5beb2f94c4dd42ea834e9d. > >>> > >>> That's the bug I hit when bisecting the original problem: > >>> NULL pointer dereference in nouveau_bo_sync_for_device > >>> It's caused by: > >>> # first bad commit: [e34b8feeaa4b65725b25f49c9b08a0f8707e8e86] drm/ttm: merge ttm_dma_tt back into ttm_tt > >> Good that I've asked :) > >> > >> Ok that's a bit strange. e34b8feeaa4b65725b25f49c9b08a0f8707e8e86 was > >> created mostly automated. > >> > >> Do you have the original backtrace of that NULL pointer deref once more? > > The original backtrace is here: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flkml.org%2Flkml%2F2021%2F6%2F5%2F350&data=04%7C01%7Cchristian.koenig%40amd.com%7Ce905b6bd2aa842ace15508d92b15b96d%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637588195000729460%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zFqheBbJcOHtYgqG%2Fs63AT1dwuk4REmUDJWHvzaLAlc%3D&reserved=0 > > And the problem is that ttm_dma->dma_address is NULL, right? Mhm, I > don't see how that can happen since nouveau is using ttm_sg_tt_init(). > > Apart from that what nouveau does here is rather questionable since you > need a coherent architecture for most things anyway, but that's not what > we are trying to fix here. > > Can you try to narrow down if ttm_sg_tt_init is called before calling > this function for the tt object in question? ttm_sg_tt_init is not called: [ 12.150124] nouveau 0000:01:00.0: DRM: VRAM: 31 MiB [ 12.150133] nouveau 0000:01:00.0: DRM: GART: 128 MiB [ 12.150143] nouveau 0000:01:00.0: DRM: BMP version 5.6 [ 12.150151] nouveau 0000:01:00.0: DRM: No DCB data found in VBIOS [ 12.151362] ttm_tt_init [ 12.151370] ttm_tt_init_fields [ 12.151374] ttm_tt_alloc_page_directory [ 12.151615] BUG: kernel NULL pointer dereference, address: 00000000 -- Ondrej Zary