Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp15952097rwd; Mon, 26 Jun 2023 03:51:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4PEOaKB9R56Xirzw+PAnLYCcgxY/9GZ+Xm2tkrupBn++XlTgxkLFMf3gVkQm8hIUH8OIz2 X-Received: by 2002:a17:90b:370b:b0:262:e045:a6af with SMTP id mg11-20020a17090b370b00b00262e045a6afmr2993682pjb.18.1687776675527; Mon, 26 Jun 2023 03:51:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687776675; cv=none; d=google.com; s=arc-20160816; b=m3QarGdWfWSOdgu1Qv/jsd0CmEvWta9DYgeFdoVmzvKe3Cf5PGFZPYxPixAQp0+5xt nZC4k5no0V8yzk6wuIM71Gpmhjm3L30Vx2NRPb4Xqb0YN9w0n7lGIhssLbU9oAqwnOMe bM0MDWUcniprPUHS4H8/CeOgBk7uQSaySmkvnHhrlmqtzyXfNhqAwVLv9e9+0n1xYS+v HKnNLXw0/+8NMZeMpC39/nf4zvOqng07Gw1cqRCV6j9QKFp83RcKCRBvHnIdW0CTvuG8 +A4mvcx0oBHrbBIZ6gdysYHct5upWq0VmZ5Qgaz0+Juzr9Y2rR2rWQRzJ2hq6Af6yvDJ Q8Tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=HeacIq0iGBmlMTVQdsWhJFRPflCyuB9lhDlBAARX9pM=; fh=PEn8xPw9IP5a/YS/DdU73if+AZ6lt4DZxtN7p611weU=; b=YjvbzC2oonzfhIgcGvN3lJsDisgS1wbkPEteBV23ibY/+oTFerZvxKibbJFKnhNGTG 3q4E3jLAHCpQQWhbbMbNHjoZd19dYrx7kCvYHirXfoeV109aNDG7K+G2xXevIiJRDotp m+X2vJfXMN27/kWJHEoyepW43PS6UXLhA+FkD06SQBydl0Mb9lO20AW0vdXjwSYmpTQq cMqMuo/Gt2KGuFe77Kwdtuz0Gp+VTR2OEBDm0d3icFpLV7xDhxbtGijGCQmGQ9FqxlLY NcAlVM9NQBl0sv39t8T2fj/Jodj9r1cxLXVH4bUKwB+VV8QvVhjxxW83B40LYMbmw5OL DgBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=MU0bhlG+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id co10-20020a17090afe8a00b0025efb838ac0si4817696pjb.179.2023.06.26.03.51.04; Mon, 26 Jun 2023 03:51:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=MU0bhlG+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229935AbjFZKVt (ORCPT + 99 others); Mon, 26 Jun 2023 06:21:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230176AbjFZKVm (ORCPT ); Mon, 26 Jun 2023 06:21:42 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0AA401AA; Mon, 26 Jun 2023 03:21:41 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2b69f958ef3so14076721fa.1; Mon, 26 Jun 2023 03:21:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687774899; x=1690366899; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=HeacIq0iGBmlMTVQdsWhJFRPflCyuB9lhDlBAARX9pM=; b=MU0bhlG+BLyjbACqov3lAaQ+x/BLQbwWuoLQXFBcrNlTaUiR/oJWoe7If8mNFbrM/a KvMV6iQ3ndKT2Suyh/cxeNu4v3aqi07XLFg0oFMSxlyKzitdS4c7H/9KvIkBKskwaP++ ilkzuD9jrM8gIYUops8xBUT2pJSAYAxUNkIGqHiqMACIbaTvGUD7kzZgilU+NqtJr6qq ka8nNQC5CnSkSDCOmFbAoCy0/PBwsreflYYQR35R/SB7KRmRgubkBQ+zAT8WjkkBQy3/ 8fLLCI1ltpyhICG2SNJvoDhiXlp5Yl7PaGueJEIDk/DFKvKBJ9bPfkf/9Ju5D8fRqaXZ 1p5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687774899; x=1690366899; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HeacIq0iGBmlMTVQdsWhJFRPflCyuB9lhDlBAARX9pM=; b=IuucYF7KuWWNyd4vIOFfjYOy7/yZHITgLu2Uoe3rVWwNcfI+TqwiyYY4X7yum8ZBHt 4wto4h46Z5syH4nPKeuARjn9upOq76bfgYQTmETXvUq9tJ1WWwXb7SaxyC93sf1+mKEk nsNt7P9zNFHbbHDLdzpMbELvyaeJpj52DLacMs7qRf6+bhwMXGQwNSyT0i2SpprsGc7d Oagf5We4EfV8NYX8i798Cmhe0CHd6eSLjVxZrO9Sg7cM5bumcNQ+mn5ENApHx9vonI/e JUpiSEg1Beh1+nyZYdCwhfhq99Nd6/k4bGgMahiPDrC5vqGHkTreD0XokhMuFDZ8worz s8sg== X-Gm-Message-State: AC+VfDynXEk+H4kwcNcPEOELcFhMAGZz6b3kmJBZbi2a6/anMTAP/xtv a4cX4WKF3M2m8dpvyakfEQc= X-Received: by 2002:a2e:8088:0:b0:2b4:7f66:8c85 with SMTP id i8-20020a2e8088000000b002b47f668c85mr13594865ljg.48.1687774898695; Mon, 26 Jun 2023 03:21:38 -0700 (PDT) Received: from ?IPV6:2a00:e180:158d:7600:d62f:c4fb:6eee:7b87? ([2a00:e180:158d:7600:d62f:c4fb:6eee:7b87]) by smtp.gmail.com with ESMTPSA id m10-20020a50ef0a000000b0051d8f9ec3basm2024177eds.15.2023.06.26.03.21.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 26 Jun 2023 03:21:38 -0700 (PDT) Message-ID: Date: Mon, 26 Jun 2023 12:21:37 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v2 1/4] drm/ttm: Fix ttm_lru_bulk_move_pos_tail() Content-Language: en-US To: =?UTF-8?Q?Thomas_Hellstr=c3=b6m?= , intel-xe@lists.freedesktop.org Cc: =?UTF-8?Q?Christian_K=c3=b6nig?= , Daniel Vetter , dri-devel@lists.freedesktop.org, stable@vger.kernel.org, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, Andi Shyti References: <20230626091450.14757-1-thomas.hellstrom@linux.intel.com> <20230626091450.14757-2-thomas.hellstrom@linux.intel.com> From: =?UTF-8?Q?Christian_K=c3=b6nig?= In-Reply-To: <20230626091450.14757-2-thomas.hellstrom@linux.intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I've already pushed the version from Teddy to drm-misc-fixes last week. So no need for that one any more. Christian. Am 26.06.23 um 11:14 schrieb Thomas Hellström: > The value of pos->first was not updated when the first resource of the > range was moved. This could lead to errors like the one below. > Fix this by updating pos->first when needed. > > <3> [218.963342] BUG: KASAN: null-ptr-deref in ttm_lru_bulk_move_del+0xc5/0x180 [ttm] > <3> [218.963456] Read of size 8 at addr 0000000000000038 by task xe_evict/1529 > <3> [218.963546] > <3> [218.963566] CPU: 0 PID: 1529 Comm: xe_evict Not tainted 6.3.0-xe #1 > <3> [218.963664] Hardware name: Intel Corporation Tiger Lake Client Platform/TigerLake H DDR4 SODIMM RVP, BIOS TGLSFWI1.R00.4064.A00.2102041619 02/04/2021 > <3> [218.963841] Call Trace: > <3> [218.963881] > <3> [218.963915] dump_stack_lvl+0x64/0xb0 > <3> [218.963976] print_report+0x3e5/0x600 > <3> [218.964036] ? ttm_lru_bulk_move_del+0xc5/0x180 [ttm] > <3> [218.964127] kasan_report+0x96/0xc0 > <3> [218.964183] ? ttm_lru_bulk_move_del+0xc5/0x180 [ttm] > <3> [218.964276] ttm_lru_bulk_move_del+0xc5/0x180 [ttm] > <3> [218.964365] ttm_bo_set_bulk_move+0x92/0x140 [ttm] > <3> [218.964454] xe_gem_object_close+0xc8/0x120 [xe] > <3> [218.964675] ? __pfx_xe_gem_object_close+0x10/0x10 [xe] > <3> [218.964908] ? drm_gem_object_handle_put_unlocked+0xc7/0x170 [drm] > <3> [218.965071] drm_gem_object_release_handle+0x45/0x80 [drm] > <3> [218.965220] ? __pfx_drm_gem_object_release_handle+0x10/0x10 [drm] > <3> [218.965381] idr_for_each+0xc9/0x180 > <3> [218.965437] ? __pfx_idr_for_each+0x10/0x10 > <3> [218.965504] drm_gem_release+0x20/0x30 [drm] > <3> [218.965637] drm_file_free.part.0+0x4cb/0x4f0 [drm] > <3> [218.965778] ? drm_close_helper.isra.0+0xb7/0xe0 [drm] > <3> [218.965921] drm_release_noglobal+0x49/0x90 [drm] > <3> [218.966061] __fput+0x122/0x450 > <3> [218.966115] task_work_run+0xfe/0x190 > <3> [218.966175] ? __pfx_task_work_run+0x10/0x10 > <3> [218.966239] ? do_raw_spin_unlock+0xa7/0x140 > <3> [218.966308] do_exit+0x55f/0x1430 > <3> [218.966364] ? __pfx_lock_release+0x10/0x10 > <3> [218.966431] ? do_raw_spin_lock+0x11d/0x1e0 > <3> [218.966498] ? __pfx_do_exit+0x10/0x10 > <3> [218.966554] ? __pfx_do_raw_spin_lock+0x10/0x10 > <3> [218.966625] ? mark_held_locks+0x24/0x90 > <3> [218.966688] ? lockdep_hardirqs_on_prepare+0x136/0x210 > <3> [218.966768] do_group_exit+0x68/0x110 > <3> [218.966828] __x64_sys_exit_group+0x2c/0x30 > <3> [218.966896] do_syscall_64+0x3c/0x90 > <3> [218.966955] entry_SYSCALL_64_after_hwframe+0x72/0xdc > <3> [218.967035] RIP: 0033:0x7f77b194f146 > <3> [218.967094] Code: Unable to access opcode bytes at 0x7f77b194f11c. > <3> [218.967174] RSP: 002b:00007ffc64791188 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 > <3> [218.967271] RAX: ffffffffffffffda RBX: 00007f77b1a548a0 RCX: 00007f77b194f146 > <3> [218.967364] RDX: 0000000000000062 RSI: 000000000000003c RDI: 0000000000000062 > <3> [218.967458] RBP: 0000000000000062 R08: 00000000000000e7 R09: ffffffffffffff78 > <3> [218.967553] R10: 0000000000000058 R11: 0000000000000246 R12: 00007f77b1a548a0 > <3> [218.967648] R13: 0000000000000003 R14: 00007f77b1a5d2e8 R15: 0000000000000000 > <3> [218.967745] > > Fixes: fee2ede15542 ("drm/ttm: rework bulk move handling v5") > Cc: "Christian König" > Cc: "Christian König" > Cc: Daniel Vetter > Cc: dri-devel@lists.freedesktop.org > Cc: # v5.19+ > Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/411 > Signed-off-by: Thomas Hellström > --- > drivers/gpu/drm/ttm/ttm_resource.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/gpu/drm/ttm/ttm_resource.c b/drivers/gpu/drm/ttm/ttm_resource.c > index 7333f7a87a2f..cb05e0a36576 100644 > --- a/drivers/gpu/drm/ttm/ttm_resource.c > +++ b/drivers/gpu/drm/ttm/ttm_resource.c > @@ -86,6 +86,8 @@ static void ttm_lru_bulk_move_pos_tail(struct ttm_lru_bulk_move_pos *pos, > struct ttm_resource *res) > { > if (pos->last != res) { > + if (pos->first == res) > + pos->first = list_next_entry(res, lru); > list_move(&res->lru, &pos->last->lru); > pos->last = res; > }