All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Ceraolo Spurio, Daniele" <daniele.ceraolospurio@intel.com>
To: intel-gfx@lists.freedesktop.org
Subject: NULL pointer dereference in trace_i915_context_free
Date: Thu, 09 Jul 2015 10:08:08 +0100	[thread overview]
Message-ID: <559E39F8.2090501@intel.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1288 bytes --]

Hi,

I'm hitting a NULL pointer dereference when I enable the 
i915_context_free tracepoint (call trace attached). This is caused by 
the fact that the trace tries to access ctx->file_priv, which however 
may have already been deleted (even if the pointer is != NULL). I've 
used that trace extensively back when I've submitted it a few months ago 
without ecountering this issue, but it doesn't seem that there ever was 
a guarantee that the file_priv would be valid at ctx free time, so I'll 
put the blame on my original commit that introduced the trace:

	commit 198c974d7e80a5135fc4a2e69a07ba3e64122f8a
	Author: Daniele Ceraolo Spurio <daniele.ceraolospurio@intel.com>
	Date:   Mon Nov 10 13:44:31 2014 +0000

     	drm/i915: Add tracepoints to track a vm during its lifetime

The trace doesn't specifically need the file_priv pointer, it just uses 
it to reach the drm_device pointer to get the device index. To fix the 
issue I've looked for another way to get the drm_device pointer from the 
ctx, but I couldn't find any that is valid for every GEN. Modifying the 
trace to add an extra parameter is out of the question for 2 reasons:
- The only variable available in i915_gem_context_free is the ctx ptr
- Modifying a tracepoint could break ABI

Ideas, anyone?

Thanks,
Daniele

[-- Attachment #2: BUG.dmsg --]
[-- Type: text/plain, Size: 4542 bytes --]

[   53.691790] BUG: unable to handle kernel paging request at ffffc9000124d000
[   53.698507] [drm:i915_gem_open] 
[   53.703445] IP: [<ffffffffa0260603>] ftrace_raw_event_i915_context+0x53/0x80 [i915]
[   53.712229] PGD 24688f067 PUD 2468a0067 PMD a9581067 PTE 0
[   53.718547] Oops: 0000 [#1] SMP 
[   53.722264] Modules linked in: binfmt_misc(E) cfg80211(E) nls_iso8859_1(E) snd_hda_codec_hdmi(E) asix(E) usbnet(E) mii(E) intel_rapl(E) snd_hda_intel(E) hid_generic(E) iosf_mbi(E) snd_hda_
codec(E) x86_pkg_temp_thermal(E) snd_hda_core(E) intel_powerclamp(E) snd_hwdep(E) coretemp(E) snd_pcm(E) kvm_intel(E) snd_seq_midi(E) kvm(E) snd_seq_midi_event(E) crct10dif_pclmul(E) snd_rawm
idi(E) crc32_pclmul(E) ghash_clmulni_intel(E) snd_seq(E) aesni_intel(E) snd_seq_device(E) snd_timer(E) aes_x86_64(E) i915(E) lrw(E) gf128mul(E) glue_helper(E) ablk_helper(E) cryptd(E) drm_kms
_helper(E) drm(E) serio_raw(E) i2c_algo_bit(E) snd(E) mei_me(E) mei(E) lpc_ich(E) soundcore(E) winbond_cir(E) rc_core(E) i2c_hid(E) dw_dmac(E) dw_dmac_core(E) video(E) 8250_dw(E) i2c_designwa
re_platform(E) i2c_designware_core(E) spi_pxa2xx_platform(E) acpi_pad(E) mac_hid(E) usbhid(E) hid(E) parport_pc(E) ppdev(E) lp(E) parport(E) autofs4(E) sdhci_acpi(E) ahci(E) libahci(E) sdhci(
E)
[   53.818335] CPU: 3 PID: 1487 Comm: compiz Tainted: G     U      E   4.1.0+ #3
[   53.826477] Hardware name: Intel Corporation Broadwell Client platform/WhiteTip Mountain 1, BIOS BDW-E1R1.86C.0080.R01.1406120446 06/12/2014
[   53.840824] task: ffff8800a998e440 ti: ffff880242214000 task.ti: ffff880242214000
[   53.849337] RIP: 0010:[<ffffffffa0260603>]  [<ffffffffa0260603>] ftrace_raw_event_i915_context+0x53/0x80 [i915]
[   53.860853] RSP: 0018:ffff880242217b98  EFLAGS: 00010282
[   53.866893] RAX: ffff88024573601c RBX: 0000000000000000 RCX: 0000000000000008
[   53.875009] RDX: ffffc9000124d000 RSI: 0000000000000000 RDI: ffff880242217b98
[   53.883124] RBP: ffff880242217be8 R08: ffff880245736010 R09: 000000000000002c
[   53.891240] R10: 0000000c80477c9c R11: 0000000000000008 R12: ffff880243f89058
[   53.899355] R13: ffff8802438bfa00 R14: ffff880242217c48 R15: ffff880243d31ef0
[   53.907471] FS:  00007f22043ea780(0000) GS:ffff88024f4c0000(0000) knlGS:0000000000000000
[   53.916673] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.924550] CR2: ffffc9000124d000 CR3: 00000002429e7000 CR4: 00000000003407e0
[   53.934011] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   53.943445] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   53.952870] Stack:
[   53.956465]  ffff880246806100 ffff880245736010 ffff880243f89058 ffff88024573601c
[   53.966240]  0000000000000296 ffff880200000000 ffff8802438bfa00 ffff880234586e20
[   53.976516]  ffff8802438bfa00 ffff880243d31ef0 ffff880242217c08 ffffffffa023ab3d
[   53.986286] Call Trace:
[   53.990392]  [<ffffffffa023ab3d>] i915_gem_context_free+0xbd/0x100 [i915]
[   53.999447]  [<ffffffffa0245fb0>] i915_gem_request_free+0xd0/0xe0 [i915]
[   54.008396]  [<ffffffffa0266bd8>] intel_execlists_retire_requests+0x188/0x1d0 [i915]
[   54.018537]  [<ffffffffa024879c>] i915_gem_retire_requests+0xfc/0x110 [i915]
[   54.027882]  [<ffffffffa025182e>] i915_gem_userptr_init__mmu_notifier+0xae/0x2e0 [i915]
[   54.038297]  [<ffffffffa0252732>] i915_gem_userptr_ioctl+0x252/0x320 [i915]
[   54.047512]  [<ffffffff81178a29>] ? unlock_page+0x69/0x70
[   54.054966]  [<ffffffffa0145c79>] drm_ioctl+0x349/0x670 [drm]
[   54.062799]  [<ffffffffa02524e0>] ? __i915_gem_userptr_get_pages_worker+0x2e0/0x2e0 [i915]
[   54.073482]  [<ffffffff811318cc>] ? acct_account_cputime+0x1c/0x20
[   54.081785]  [<ffffffff811f5998>] do_vfs_ioctl+0x2f8/0x510
[   54.089280]  [<ffffffff810d95b8>] ? rcu_eqs_enter+0x68/0x90
[   54.096851]  [<ffffffff811778e3>] ? context_tracking_user_exit+0x13/0x20
[   54.105714]  [<ffffffff811f5c31>] SyS_ioctl+0x81/0xa0
[   54.112692]  [<ffffffff81177a13>] ? context_tracking_user_enter+0x13/0x20
[   54.121652]  [<ffffffff81024bc5>] ? syscall_trace_leave+0xa5/0x120
[   54.129914]  [<ffffffff81797072>] system_call_fastpath+0x16/0x75
[   54.137972] Code: 7d b0 ba 20 00 00 00 4c 89 e6 e8 b9 06 ef e0 48 85 c0 74 28 4c 89 68 10 49 8b 55 38 48 8d 7d b0 48 89 50 18 49 8b 55 10 48 8b 12 <48> 8b 12 48 8b 52 38 8b 12 89 50 08 e8 
bc 22 ef e0 48 83 c4 38 
[   54.161431] RIP  [<ffffffffa0260603>] ftrace_raw_event_i915_context+0x53/0x80 [i915]
[   54.171571]  RSP <ffff880242217b98>
[   54.176849] CR2: ffffc9000124d000
[   54.190346] ---[ end trace 2590164a9e979a64 ]---


[-- Attachment #3: Type: text/plain, Size: 159 bytes --]

_______________________________________________
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/intel-gfx

             reply	other threads:[~2015-07-09  9:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-09  9:08 Ceraolo Spurio, Daniele [this message]
2015-07-09  9:13 ` NULL pointer dereference in trace_i915_context_free Chris Wilson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=559E39F8.2090501@intel.com \
    --to=daniele.ceraolospurio@intel.com \
    --cc=intel-gfx@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.