From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754263Ab3GaGHV (ORCPT ); Wed, 31 Jul 2013 02:07:21 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:59525 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751684Ab3GaGHT (ORCPT ); Wed, 31 Jul 2013 02:07:19 -0400 Message-ID: <51F8A994.5090809@canonical.com> Date: Wed, 31 Jul 2013 08:07:16 +0200 From: Maarten Lankhorst User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: Dave Jones , Linux Kernel , bskeggs@redhat.com Subject: Re: nouveau: check client.base.vm before dereferencing it. References: <20130725162203.GA32273@redhat.com> <20130730225521.GA25895@redhat.com> In-Reply-To: <20130730225521.GA25895@redhat.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Op 31-07-13 00:55, Dave Jones schreef: > On Thu, Jul 25, 2013 at 12:22:03PM -0400, Dave Jones wrote: > > This recently started happening (since the last DRM merge, 3.10 was fine). > > > > [ 17.751970] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC > > [ 17.753911] CPU: 3 PID: 292 Comm: systemd-udevd Not tainted 3.11.0-rc2+ #13 > > [ 17.754392] EIP: 0060:[] EFLAGS: 00010296 CPU: 3 > > [ 17.754542] EIP is at nouveau_bo_new+0x1f/0x28c [nouveau] > > [ 17.754647] EAX: 00000000 EBX: ed8610b0 ECX: 00000100 EDX: 00004000 > > .. > > [ 17.756729] Call Trace: > > [ 17.756849] [] ? drm_mode_crtc_set_gamma_size+0x23/0x43 [drm] > > [ 17.756993] [] nv04_crtc_create+0xd4/0x142 [nouveau] > > [ 17.757138] [] nv04_display_create+0xf2/0x35a [nouveau] > > [ 17.757281] [] nouveau_display_create+0x33f/0x553 [nouveau] > > [ 17.757422] [] nouveau_drm_load+0x22f/0x5dc [nouveau] > > [ 17.757534] [] ? device_register+0x17/0x1a > > [ 17.757648] [] ? drm_sysfs_device_add+0x76/0xa3 [drm] > > [ 17.757764] [] drm_get_pci_dev+0x138/0x238 [drm] > > [ 17.757902] [] ? nouveau_device_create_+0x65/0x11b [nouveau] > > [ 17.758044] [] nouveau_drm_probe+0x2d9/0x360 [nouveau] > > [ 17.758155] [] pci_device_probe+0x6c/0xb0 > > [ 17.758261] [] driver_probe_device+0x7f/0x356 > > [ 17.758367] [] __driver_attach+0x74/0x76 > > [ 17.758473] [] ? __device_attach+0x33/0x33 > > [ 17.758579] [] bus_for_each_dev+0x49/0x74 > > [ 17.758684] [] driver_attach+0x1e/0x20 > > [ 17.758791] [] ? __device_attach+0x33/0x33 > > [ 17.758896] [] bus_add_driver+0x1d0/0x27c > > [ 17.759002] [] ? pci_pm_suspend+0x111/0x111 > > [ 17.759109] [] ? pci_pm_suspend+0x111/0x111 > > [ 17.759215] [] driver_register+0x6a/0x123 > > [ 17.759321] [] ? __raw_spin_lock_init+0x2d/0x4e > > [ 17.759428] [] __pci_register_driver+0x4a/0x4d > > [ 17.760008] [] drm_pci_init+0xe6/0xee [drm] > > [ 17.760008] [] ? 0xf8751fff > > [ 17.760008] [] nouveau_drm_init+0x48/0x1000 [nouveau] > > [ 17.760008] [] do_one_initcall+0xc0/0x180 > > [ 17.760008] [] ? 0xf8751fff > > [ 17.760008] [] ? set_memory_nx+0x5a/0x5c > > [ 17.760008] [] ? set_section_ro_nx+0x54/0x59 > > [ 17.760008] [] load_module+0x1ad6/0x2519 > > [ 17.760008] [] ? copy_module_from_fd.isra.49+0x34/0x13b > > [ 17.760008] [] SyS_finit_module+0x73/0xac > > [ 17.760008] [] ? up_write+0x1b/0x30 > > [ 17.760008] [] ? vm_mmap_pgoff+0x7a/0x97 > > [ 17.760008] [] sysenter_do_call+0x12/0x32 > > [ 17.760008] Code: c7 83 1c 01 00 00 ff ff ff ff eb aa 55 89 e5 57 56 53 83 ec 2c 66 66 66 66 90 89 d6 89 4d e8 8b b8 ec 03 00 00 8b 87 8c 00 00 00 <8b> 00 0f b6 88 91 00 00 00 b8 ff ff ff ff d3 e0 25 ff ff ff 7f > > 0108bc808107b97e101b15af9705729626be6447 introduced an oops due > to use doing a dereference on a variable that can validly be null. > > Split up the new check, and add an additional check before > the potential NULL dereference. > > Signed-off-by: Dave Jones > http://cgit.freedesktop.org/nouveau/linux-2.6/commit/?id=421e3673400de7ccd0222e041803332c907a3417