dri-devel.lists.freedesktop.org archive mirror
 help / color / mirror / Atom feed
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Sasha Levin <sashal@kernel.org>, Tong Zhang <ztong0001@gmail.com>,
	dri-devel@lists.freedesktop.org,
	virtualization@lists.linux-foundation.org,
	Gerd Hoffmann <kraxel@redhat.com>,
	spice-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 5.12 002/134] drm/qxl: do not run release if qxl failed to init
Date: Mon,  3 May 2021 12:33:01 -0400	[thread overview]
Message-ID: <20210503163513.2851510-2-sashal@kernel.org> (raw)
In-Reply-To: <20210503163513.2851510-1-sashal@kernel.org>

From: Tong Zhang <ztong0001@gmail.com>

[ Upstream commit b91907a6241193465ca92e357adf16822242296d ]

if qxl_device_init() fail, drm device will not be registered,
in this case, do not run qxl_drm_release()

[    5.258534] ==================================================================
[    5.258931] BUG: KASAN: user-memory-access in qxl_destroy_monitors_object+0x42/0xa0 [qxl]
[    5.259388] Write of size 8 at addr 00000000000014dc by task modprobe/95
[    5.259754]
[    5.259842] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc6-00007-g88bb507a74ea #62
[    5.260309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda54
[    5.260917] Call Trace:
[    5.261056]  dump_stack+0x7d/0xa3
[    5.261245]  kasan_report.cold+0x10c/0x10e
[    5.261475]  ? qxl_destroy_monitors_object+0x42/0xa0 [qxl]
[    5.261789]  check_memory_region+0x17c/0x1e0
[    5.262029]  qxl_destroy_monitors_object+0x42/0xa0 [qxl]
[    5.262332]  qxl_modeset_fini+0x9/0x20 [qxl]
[    5.262595]  qxl_drm_release+0x22/0x30 [qxl]
[    5.262841]  drm_dev_release+0x32/0x50
[    5.263047]  release_nodes+0x39e/0x410
[    5.263253]  ? devres_release+0x40/0x40
[    5.263462]  really_probe+0x2ea/0x420
[    5.263664]  driver_probe_device+0x6d/0xd0
[    5.263888]  device_driver_attach+0x82/0x90
[    5.264116]  ? device_driver_attach+0x90/0x90
[    5.264353]  __driver_attach+0x60/0x100
[    5.264563]  ? device_driver_attach+0x90/0x90
[    5.264801]  bus_for_each_dev+0xe1/0x140
[    5.265014]  ? subsys_dev_iter_exit+0x10/0x10
[    5.265251]  ? klist_node_init+0x61/0x80
[    5.265464]  bus_add_driver+0x254/0x2a0
[    5.265673]  driver_register+0xd3/0x150
[    5.265882]  ? 0xffffffffc0048000
[    5.266064]  do_one_initcall+0x84/0x250
[    5.266274]  ? trace_event_raw_event_initcall_finish+0x150/0x150
[    5.266596]  ? unpoison_range+0xf/0x30
[    5.266801]  ? ____kasan_kmalloc.constprop.0+0x84/0xa0
[    5.267082]  ? unpoison_range+0xf/0x30
[    5.267287]  ? unpoison_range+0xf/0x30
[    5.267491]  do_init_module+0xf8/0x350
[    5.267697]  load_module+0x3fe6/0x4340
[    5.267902]  ? vm_unmap_ram+0x1d0/0x1d0
[    5.268115]  ? module_frob_arch_sections+0x20/0x20
[    5.268375]  ? __do_sys_finit_module+0x108/0x170
[    5.268624]  __do_sys_finit_module+0x108/0x170
[    5.268865]  ? __ia32_sys_init_module+0x40/0x40
[    5.269111]  ? file_open_root+0x200/0x200
[    5.269330]  ? do_sys_open+0x85/0xe0
[    5.269527]  ? filp_open+0x50/0x50
[    5.269714]  ? exit_to_user_mode_prepare+0xfc/0x130
[    5.269978]  do_syscall_64+0x33/0x40
[    5.270176]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    5.270450] RIP: 0033:0x7fa3f685bcf7
[    5.270646] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d1
[    5.271634] RSP: 002b:00007ffca83048d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[    5.272037] RAX: ffffffffffffffda RBX: 0000000001e94a70 RCX: 00007fa3f685bcf7
[    5.272416] RDX: 0000000000000000 RSI: 0000000001e939e0 RDI: 0000000000000003
[    5.272794] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
[    5.273171] R10: 00007fa3f68bf300 R11: 0000000000000246 R12: 0000000001e939e0
[    5.273550] R13: 0000000000000000 R14: 0000000001e93bd0 R15: 0000000000000001
[    5.273928] ==================================================================

Signed-off-by: Tong Zhang <ztong0001@gmail.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20210203040727.868921-1-ztong0001@gmail.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/qxl/qxl_drv.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/qxl/qxl_drv.c b/drivers/gpu/drm/qxl/qxl_drv.c
index 1864467f1063..1b09bbe98055 100644
--- a/drivers/gpu/drm/qxl/qxl_drv.c
+++ b/drivers/gpu/drm/qxl/qxl_drv.c
@@ -144,6 +144,8 @@ static void qxl_drm_release(struct drm_device *dev)
 	 * reordering qxl_modeset_fini() + qxl_device_fini() calls is
 	 * non-trivial though.
 	 */
+	if (!dev->registered)
+		return;
 	qxl_modeset_fini(qdev);
 	qxl_device_fini(qdev);
 }
-- 
2.30.2

_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

  reply	other threads:[~2021-05-03 16:35 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-03 16:33 [PATCH AUTOSEL 5.12 001/134] drm: Added orientation quirk for OneGX1 Pro Sasha Levin
2021-05-03 16:33 ` Sasha Levin [this message]
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 003/134] drm/qxl: release shadow on shutdown Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 004/134] drm/ast: Fix invalid usage of AST_MAX_HWC_WIDTH in cursor atomic_check Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 005/134] drm/amd/display: changing sr exit latency Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 006/134] drm/amd/display: Fix MPC OGAM power on/off sequence Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 007/134] drm/amd/pm: do not issue message while write "r" into pp_od_clk_voltage Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 008/134] drm/ast: fix memory leak when unload the driver Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 009/134] drm/amd/display: Check for DSC support instead of ASIC revision Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 010/134] drm/amd/display: Don't optimize bandwidth before disabling planes Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 011/134] drm/amd/display: Return invalid state if GPINT times out Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 012/134] drm/amdgpu/display: buffer INTERRUPT_LOW_IRQ_CONTEXT interrupt work Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 013/134] drm/amd/display/dc/dce/dce_aux: Remove duplicate line causing 'field overwritten' issue Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 019/134] drm/amd/pm/swsmu: clean up user profile function Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 020/134] drm/amdgpu: Fix some unload driver issues Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 025/134] drm/virtio: fix possible leak/unlock virtio_gpu_object_array Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 043/134] backlight: qcom-wled: Use sink_addr for sync toggle Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 044/134] backlight: qcom-wled: Fix FSC update issue for WLED5 Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 045/134] drm/bridge/analogix/anx78xx: Setup encoder before registering connector Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 046/134] drm/bridge/analogix/anx78xx: Cleanup on error in anx78xx_bridge_attach() Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 047/134] drm/amdgpu: enable retry fault wptr overflow Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 048/134] drm/amdgpu: enable 48-bit IH timestamp counter Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 049/134] drm/amdgpu: mask the xgmi number of hops reported from psp to kfd Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 050/134] drm/amdkfd: Fix UBSAN shift-out-of-bounds warning Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 051/134] drm/amd/display: Align cursor cache address to 2KB Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 052/134] drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 053/134] drm/amd/pm: fix workload mismatch on vega10 Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 054/134] drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 055/134] drm/amd/display: DCHUB underflow counter increasing in some scenarios Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 056/134] drm/amd/display: fix dml prefetch validation Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 057/134] drm/amd/display: Fix potential memory leak Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 058/134] drm/amdgpu: Fix " Sasha Levin
2021-05-03 16:33 ` [PATCH AUTOSEL 5.12 060/134] drm/vkms: fix misuse of WARN_ON Sasha Levin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210503163513.2851510-2-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=kraxel@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=spice-devel@lists.freedesktop.org \
    --cc=stable@vger.kernel.org \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=ztong0001@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).