Re: [next] Null pointer dereference in nouveau_vm_map_sg
On Tue, 24 Jan 2012 17:33:19 -0500 Jerome Glisse j.gli...@gmail.com wrote: Can you please both test if attached patch fix it for you ? Thanks. It looks good too me, but it crashes a little later due to vma-node being invalid: Jan 25 00:54:21 callisto kernel: [ 119.038357] [drm] nouveau_vm_unmap vma 880057502f50 Jan 25 00:54:21 callisto kernel: [ 119.038360] [drm] nouveau_vm_unmap vma-node 8800576b87a8 Jan 25 00:54:21 callisto kernel: [ 119.038363] [drm] nouveau_vm_unmap vma-node-length 58 Jan 25 00:54:21 callisto kernel: [ 119.038477] [drm] nouveau_vm_unmap vma 8800577beab8 Jan 25 00:54:21 callisto kernel: [ 119.038479] [drm] nouveau_vm_unmap vma-node 8800577bf880 Jan 25 00:54:21 callisto kernel: [ 119.038482] [drm] nouveau_vm_unmap vma-node-length 1 Jan 25 00:54:21 callisto kernel: [ 119.078025] [drm] nouveau_vm_unmap vma 8148df45 Jan 25 00:54:21 callisto kernel: [ 119.078029] [drm] nouveau_vm_unmap vma-node 8b48084b8b48 Jan 25 00:54:21 callisto kernel: [ 119.078040] general protection fault: [#1] SMP Jan 25 00:54:21 callisto kernel: [ 119.078133] CPU 0 Jan 25 00:54:21 callisto kernel: [ 119.078138] Modules linked in: tun iwl4965 iwlegacy mac80211 cfg80211 tg3 psmouse rtc_cmos evdev ehci_hcd uhci_hcd usbcore usb_common [last unloaded: scsi_wait_scan] Jan 25 00:54:21 callisto kernel: [ 119.078542] Jan 25 00:54:21 callisto kernel: [ 119.078914] Pid: 3220, comm: Xorg Tainted: GW3.3.0-rc1-00076-g44d4826-dirty #75 Dell Inc. XPS M1330 /0PU073 Jan 25 00:54:21 callisto kernel: [ 119.079331] RIP: 0010:[814b2f7f] [814b2f7f] nouveau_vm_unmap+0x4f/0x80 Jan 25 00:54:21 callisto kernel: [ 119.079778] RSP: 0018:88005c167868 EFLAGS: 00010292 Jan 25 00:54:21 callisto kernel: [ 119.080266] RAX: 8b48084b8b48 RBX: 8148df45 RCX: 0006 Jan 25 00:54:21 callisto kernel: [ 119.080712] RDX: RSI: 81868740 RDI: 81a6e040 Jan 25 00:54:21 callisto kernel: [ 119.081218] RBP: 88005c167878 R08: 0001 R09: Jan 25 00:54:21 callisto kernel: [ 119.081320] R10: R11: 0001 R12: Jan 25 00:54:21 callisto kernel: [ 119.081320] R13: 88006c309c80 R14: 88006c309a40 R15: 880037180590 Jan 25 00:54:21 callisto kernel: [ 119.081320] FS: 7f141232f880() GS:88007fc0() knlGS: Jan 25 00:54:21 callisto kernel: [ 119.081320] CS: 0010 DS: ES: CR0: 80050033 Jan 25 00:54:21 callisto kernel: [ 119.081320] CR2: 7fb09c1de000 CR3: 5ce28000 CR4: 06f0 Jan 25 00:54:21 callisto kernel: [ 119.081320] DR0: DR1: DR2: Jan 25 00:54:21 callisto kernel: [ 119.081320] DR3: DR6: 0ff0 DR7: 0400 Jan 25 00:54:21 callisto kernel: [ 119.081320] Process Xorg (pid: 3220, threadinfo 88005c166000, task 88005f502180) Jan 25 00:54:21 callisto kernel: [ 119.081320] Stack: Jan 25 00:54:21 callisto kernel: [ 119.081320] 88005f502180 8148df45 88005c1678a8 8148c0e8 Jan 25 00:54:21 callisto kernel: [ 119.081320] 88006c309a40 0002 880037180b00 880079ff5e68 Jan 25 00:54:21 callisto kernel: [ 119.081320] 88005c1678c8 814792b1 880079ff5e68 88006c309a40 Jan 25 00:54:21 callisto kernel: [ 119.081320] Call Trace: Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148df45] ? nouveau_bo_move+0xb5/0x270 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148c0e8] nouveau_bo_move_ntfy+0x38/0xc0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [814792b1] ttm_bo_cleanup_memtype_use+0x21/0xa0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a5b5] ttm_bo_cleanup_refs_or_queue+0x165/0x190 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a675] ttm_bo_release+0x95/0xd0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a6ef] ttm_bo_unref+0x3f/0x60 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147cae3] ttm_bo_move_accel_cleanup+0x213/0x240 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148db28] nouveau_bo_move_m2mf+0x148/0x1b0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [817bfd49] ? mutex_unlock+0x9/0x10 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148df45] nouveau_bo_move+0xb5/0x270 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147ab66] ttm_bo_handle_move_mem+0x1e6/0x3d0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147bcba] ttm_bo_move_buffer+0x14a/0x160 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147bdb7] ttm_bo_validate+0xe7/0xf0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148cbdd] nouveau_bo_validate+0x1d/0x20 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148f2a0] validate_list+0xc0/0x360 Jan 25
Re: [next] Null pointer dereference in nouveau_vm_map_sg
On Tue, Jan 24, 2012 at 7:12 PM, Martin Nyhus martin.ny...@gmx.com wrote: On Tue, 24 Jan 2012 17:33:19 -0500 Jerome Glisse j.gli...@gmail.com wrote: Can you please both test if attached patch fix it for you ? Thanks. It looks good too me, but it crashes a little later due to vma-node being invalid: Jan 25 00:54:21 callisto kernel: [ 119.038357] [drm] nouveau_vm_unmap vma 880057502f50 Jan 25 00:54:21 callisto kernel: [ 119.038360] [drm] nouveau_vm_unmap vma-node 8800576b87a8 Jan 25 00:54:21 callisto kernel: [ 119.038363] [drm] nouveau_vm_unmap vma-node-length 58 Jan 25 00:54:21 callisto kernel: [ 119.038477] [drm] nouveau_vm_unmap vma 8800577beab8 Jan 25 00:54:21 callisto kernel: [ 119.038479] [drm] nouveau_vm_unmap vma-node 8800577bf880 Jan 25 00:54:21 callisto kernel: [ 119.038482] [drm] nouveau_vm_unmap vma-node-length 1 Jan 25 00:54:21 callisto kernel: [ 119.078025] [drm] nouveau_vm_unmap vma 8148df45 Jan 25 00:54:21 callisto kernel: [ 119.078029] [drm] nouveau_vm_unmap vma-node 8b48084b8b48 Jan 25 00:54:21 callisto kernel: [ 119.078040] general protection fault: [#1] SMP Jan 25 00:54:21 callisto kernel: [ 119.078133] CPU 0 Jan 25 00:54:21 callisto kernel: [ 119.078138] Modules linked in: tun iwl4965 iwlegacy mac80211 cfg80211 tg3 psmouse rtc_cmos evdev ehci_hcd uhci_hcd usbcore usb_common [last unloaded: scsi_wait_scan] Jan 25 00:54:21 callisto kernel: [ 119.078542] Jan 25 00:54:21 callisto kernel: [ 119.078914] Pid: 3220, comm: Xorg Tainted: G W 3.3.0-rc1-00076-g44d4826-dirty #75 Dell Inc. XPS M1330 /0PU073 Jan 25 00:54:21 callisto kernel: [ 119.079331] RIP: 0010:[814b2f7f] [814b2f7f] nouveau_vm_unmap+0x4f/0x80 Jan 25 00:54:21 callisto kernel: [ 119.079778] RSP: 0018:88005c167868 EFLAGS: 00010292 Jan 25 00:54:21 callisto kernel: [ 119.080266] RAX: 8b48084b8b48 RBX: 8148df45 RCX: 0006 Jan 25 00:54:21 callisto kernel: [ 119.080712] RDX: RSI: 81868740 RDI: 81a6e040 Jan 25 00:54:21 callisto kernel: [ 119.081218] RBP: 88005c167878 R08: 0001 R09: Jan 25 00:54:21 callisto kernel: [ 119.081320] R10: R11: 0001 R12: Jan 25 00:54:21 callisto kernel: [ 119.081320] R13: 88006c309c80 R14: 88006c309a40 R15: 880037180590 Jan 25 00:54:21 callisto kernel: [ 119.081320] FS: 7f141232f880() GS:88007fc0() knlGS: Jan 25 00:54:21 callisto kernel: [ 119.081320] CS: 0010 DS: ES: CR0: 80050033 Jan 25 00:54:21 callisto kernel: [ 119.081320] CR2: 7fb09c1de000 CR3: 5ce28000 CR4: 06f0 Jan 25 00:54:21 callisto kernel: [ 119.081320] DR0: DR1: DR2: Jan 25 00:54:21 callisto kernel: [ 119.081320] DR3: DR6: 0ff0 DR7: 0400 Jan 25 00:54:21 callisto kernel: [ 119.081320] Process Xorg (pid: 3220, threadinfo 88005c166000, task 88005f502180) Jan 25 00:54:21 callisto kernel: [ 119.081320] Stack: Jan 25 00:54:21 callisto kernel: [ 119.081320] 88005f502180 8148df45 88005c1678a8 8148c0e8 Jan 25 00:54:21 callisto kernel: [ 119.081320] 88006c309a40 0002 880037180b00 880079ff5e68 Jan 25 00:54:21 callisto kernel: [ 119.081320] 88005c1678c8 814792b1 880079ff5e68 88006c309a40 Jan 25 00:54:21 callisto kernel: [ 119.081320] Call Trace: Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148df45] ? nouveau_bo_move+0xb5/0x270 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148c0e8] nouveau_bo_move_ntfy+0x38/0xc0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [814792b1] ttm_bo_cleanup_memtype_use+0x21/0xa0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a5b5] ttm_bo_cleanup_refs_or_queue+0x165/0x190 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a675] ttm_bo_release+0x95/0xd0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147a6ef] ttm_bo_unref+0x3f/0x60 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147cae3] ttm_bo_move_accel_cleanup+0x213/0x240 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148db28] nouveau_bo_move_m2mf+0x148/0x1b0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [817bfd49] ? mutex_unlock+0x9/0x10 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8148df45] nouveau_bo_move+0xb5/0x270 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147ab66] ttm_bo_handle_move_mem+0x1e6/0x3d0 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147bcba] ttm_bo_move_buffer+0x14a/0x160 Jan 25 00:54:21 callisto kernel: [ 119.081320] [8147bdb7] ttm_bo_validate+0xe7/0xf0 Jan 25 00:54:21 callisto kernel: [
Re: [next] Null pointer dereference in nouveau_vm_map_sg
On Sun, Jan 22, 2012 at 01:33:16PM -0500, Konrad Rzeszutek Wilk wrote:
On Tue, Jan 17, 2012 at 12:57:50AM +0100, Martin Nyhus wrote:
On Monday 16. January 2012 21:30:59 Jerome Glisse wrote:
On Sun, Jan 15, 2012 at 10:31:08PM +0100, Martin Nyhus wrote:
In some cases mem will be null in nouveau_vm_map_sg, resulting in a
crash
at drivers/gpu/drm/nouveau/nouveau_vm.c:84. It seems to be easy enough
to
reproduce, so I can test patches if needed.
How do you trigger this ?
Opening 10-15 high-res pictures in Firefox triggers it every time. Doing
the
same using Gimp does not, and neither does Firefox and lots of small images
(eg. Google image search).
I seem to be able to trigger this by using both Chrome and Firefox and
seeing a YouTube video. I did at that time have a dual-head display, while
in the past to reproduce this I had only one monitor and it took a bit of
time before I hit it.
Can you please both test if attached patch fix it for you ?
Cheers,
Jerome
From 67d4836e3511db2691c4ff2d3a23bf8c0e950edb Mon Sep 17 00:00:00 2001
From: John Doe gli...@dhcp-189-215.bos.redhat.com
Date: Tue, 24 Jan 2012 22:55:26 -0500
Subject: [PATCH] drm/nouveau: fix move notify callback
On vram buffer eviction the ttm_bo_move_accel_cleanup will the
mm_node field of struct ttm_mem_reg of new_mem placement to NULL.
As move notify call back is now call after ttm_bo_move_accel_cleanup
it was using NULL ptr for mm_node.
Signed-off-by: Jerome Glisse jgli...@redhat.com
---
drivers/gpu/drm/nouveau/nouveau_bo.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c
b/drivers/gpu/drm/nouveau/nouveau_bo.c
index 724b41a..3a9d978 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -814,13 +814,13 @@ nouveau_bo_move_ntfy(struct ttm_buffer_object *bo, struct
ttm_mem_reg *new_mem)
list_for_each_entry(vma, nvbo-vma_list, head) {
if (new_mem new_mem-mem_type == TTM_PL_VRAM) {
- nouveau_vm_map(vma, new_mem-mm_node);
+ nouveau_vm_map(vma, bo-mem.mm_node);
} else
if (new_mem new_mem-mem_type == TTM_PL_TT
nvbo-page_shift == vma-vm-spg_shift) {
nouveau_vm_map_sg(vma, 0, new_mem-
num_pages PAGE_SHIFT,
- new_mem-mm_node);
+ bo-mem.mm_node);
} else {
nouveau_vm_unmap(vma);
}
--
1.7.7.6
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [next] Null pointer dereference in nouveau_vm_map_sg
On Tue, Jan 17, 2012 at 12:57:50AM +0100, Martin Nyhus wrote: On Monday 16. January 2012 21:30:59 Jerome Glisse wrote: On Sun, Jan 15, 2012 at 10:31:08PM +0100, Martin Nyhus wrote: In some cases mem will be null in nouveau_vm_map_sg, resulting in a crash at drivers/gpu/drm/nouveau/nouveau_vm.c:84. It seems to be easy enough to reproduce, so I can test patches if needed. How do you trigger this ? Opening 10-15 high-res pictures in Firefox triggers it every time. Doing the same using Gimp does not, and neither does Firefox and lots of small images (eg. Google image search). I seem to be able to trigger this by using both Chrome and Firefox and seeing a YouTube video. I did at that time have a dual-head display, while in the past to reproduce this I had only one monitor and it took a bit of time before I hit it. ___ dri-devel mailing list dri-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [next] Null pointer dereference in nouveau_vm_map_sg
On Sun, Jan 15, 2012 at 10:31:08PM +0100, Martin Nyhus wrote: In some cases mem will be null in nouveau_vm_map_sg, resulting in a crash at drivers/gpu/drm/nouveau/nouveau_vm.c:84. It seems to be easy enough to reproduce, so I can test patches if needed. Martin How do you trigger this ? Cheers, Jerome [ 216.546584] BUG: unable to handle kernel NULL pointer dereference at 00d0 [ 216.546613] IP: [814a87ec] nouveau_vm_map_sg+0x2c/0x130 [ 216.546631] PGD 5b155067 PUD 5ab71067 PMD 0 [ 216.546647] Oops: [#1] SMP [ 216.546659] CPU 1 [ 216.546664] Modules linked in: tun iwl4965 iwlegacy mac80211 cfg80211 tg3 psmouse rtc_cmos evdev ehci_hcd uhci_hcd usbcore usb_common [last unloaded: scsi_wait_scan] [ 216.546721] [ 216.546727] Pid: 3327, comm: Xorg Not tainted 3.2.0-next-20120113 #56 Dell Inc. XPS M1330 /0PU073 [ 216.546749] RIP: 0010:[814a87ec] [814a87ec] nouveau_vm_map_sg+0x2c/0x130 [ 216.546770] RSP: 0018:88005b0c9858 EFLAGS: 00010246 [ 216.546780] RAX: 88005bf84620 RBX: 88005ab08d20 RCX: [ 216.546791] RDX: 0001 RSI: RDI: [ 216.546802] RBP: 88005b0c98a8 R08: R09: [ 216.546813] R10: 0001 R11: 0001 R12: 4000 [ 216.546823] R13: 88005bf84dc8 R14: 88007838c000 R15: [ 216.546835] FS: 7f5f728a8880() GS:88007fd0() knlGS: [ 216.546848] CS: 0010 DS: ES: CR0: 80050033 [ 216.546857] CR2: 00d0 CR3: 6c1bb000 CR4: 06e0 [ 216.546869] DR0: DR1: DR2: [ 216.546880] DR3: DR6: 0ff0 DR7: 0400 [ 216.546892] Process Xorg (pid: 3327, threadinfo 88005b0c8000, task 8800655da180) [ 216.546904] Stack: [ 216.546909] 88005b0c9960 880037180368 [ 216.546930] 88005b0c98d8 88005bf84dc8 88005b0c9960 88007838c240 [ 216.546949] 88007838c000 88005b0c98d8 81481bdf [ 216.546969] Call Trace: [ 216.546979] [81481bdf] nouveau_bo_move_ntfy+0x7f/0xb0 [ 216.546991] [81470614] ttm_bo_handle_move_mem+0x204/0x3d0 [ 216.547003] [8147099d] ttm_bo_evict+0x1bd/0x2a0 [ 216.547015] [81460de7] ? drm_mm_kmalloc+0x37/0xd0 [ 216.547027] [81470bf1] ttm_mem_evict_first+0x171/0x230 [ 216.547039] [814714ed] ttm_bo_mem_space+0x30d/0x420 [ 216.547056] [814716e8] ttm_bo_move_buffer+0xe8/0x160 [ 216.547069] [8108df2b] ? __lock_release+0x6b/0xe0 [ 216.547080] [81460de7] ? drm_mm_kmalloc+0x37/0xd0 [ 216.547091] [81471847] ttm_bo_validate+0xe7/0xf0 [ 216.547102] [81471a24] ttm_bo_init+0x1d4/0x2a0 [ 216.547113] [81482481] ? nouveau_bo_new+0x51/0x1c0 [ 216.547124] [8148258c] nouveau_bo_new+0x15c/0x1c0 [ 216.547135] [81481eb0] ? nouveau_ttm_tt_create+0x80/0x80 [ 216.547148] [81338bba] ? avc_has_perm_noaudit+0xfa/0x290 [ 216.547160] [81485cf3] nouveau_gem_new+0x53/0x120 [ 216.548008] [8108df81] ? __lock_release+0xc1/0xe0 [ 216.548008] [81112a97] ? might_fault+0x57/0xb0 [ 216.548008] [81485e29] nouveau_gem_ioctl_new+0x69/0x170 [ 216.548008] [81112a97] ? might_fault+0x57/0xb0 [ 216.548008] [814553e4] drm_ioctl+0x444/0x510 [ 216.548008] [81485dc0] ? nouveau_gem_new+0x120/0x120 [ 216.548008] [81150b17] do_vfs_ioctl+0x87/0x330 [ 216.548008] [8133b528] ? selinux_file_ioctl+0x68/0x140 [ 216.548008] [81150e51] sys_ioctl+0x91/0xa0 [ 216.555939] [817c1722] system_call_fastpath+0x16/0x1b [ 216.555939] Code: 48 89 e5 41 57 49 89 cf 41 56 41 55 49 89 fd 41 54 49 89 d4 ba 01 00 00 00 53 41 89 d3 48 83 ec 28 48 8b 47 20 48 8b 5f 18 31 ff 4c 8b b1 d0 00 00 00 0f b6 48 30 44 8b 48 34 8b 83 20 01 00 00 [ 216.555939] RIP [814a87ec] nouveau_vm_map_sg+0x2c/0x130 [ 216.555939] RSP 88005b0c9858 [ 216.555939] CR2: 00d0 [ 216.581301] ---[ end trace 0d910003d5fb1cd8 ]--- -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ___ dri-devel mailing list dri-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/dri-devel
