Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4736748rwb; Tue, 8 Aug 2023 13:02:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGwdi/5qR9Ls1RTxuYYIrxSL5OWfni5BmlJeL0tWATM/6yKKs/jffLj5lKBrQ2rchq3MtGX X-Received: by 2002:a17:902:db06:b0:1b6:b44d:a5b6 with SMTP id m6-20020a170902db0600b001b6b44da5b6mr864413plx.14.1691524945946; Tue, 08 Aug 2023 13:02:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691524945; cv=none; d=google.com; s=arc-20160816; b=szoa/QANVKVXMvE4g4uUaaCF2/EiPyVfW3xJbYKK+VKOlDWY8txbjZoqOkiN/5xzyC RlJdo8dA9jH6gaOXwf34D39oP3PV1EqLmVBquONO3QhizWN+oah70kRfm9IxF94ZtZO3 HB0+XgCfGnHDPnYl9QRbDFhDGgtgZDzLxz8qVRH+kdwKUVtW8SiKnWvszJKrMdDakxk+ Ew+inzfOMzHrk3UIdWw/sDYeIP1+7l6xu0IMLlleffmbEn1dsBsT10NY92YrHmICb4dA c8kzPmu9Osq4Psa6EAMW3WiRF7FaievM3DttE9eP0afWCQqDKU2p1zDSXkW5bG45B1jE TUlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=lRDxW5/CLjXom3lTf/cLHkx3v/Wb2nUur8TRjHNGba0=; fh=LffpjTq91ZL1Rc+q68CrSnJ6e8v6WBeY6P3z68asHYE=; b=UDnBDl79Fd91gkEgZVD85m5xVUvTh3XGJ6qrhf1QLHf1uqrW4JmoQ+NjyX2yhPOy1B ybwUVtOD/xe9HzNNhVT9/iAbYLj/4seniCdH8tFz38mXt87Sd8boAX8MXOXhXQfw1UvG Gdxh6PVlqQcX9v+EnTdozHwd9QK/mxfZ+LejUHihgcekLlYDYG7YV52oyhAj9LLcX2dH XXELxf9yjTHOmNsBXZR3dyV8/KI1QKCjG+LsVZyC5PE+QvZKtFERLeS4SUL3OoPcvh+k 5qzhoj9hJgcwH8I+cPqcx1a8f9+b+q8JRH0WNG3KSzubfzKpKuPZDTDMMWteKbCwcrlm J56A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b="DfDKntE/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x3-20020a170902fe8300b001bb54abfc0fsi7617143plm.380.2023.08.08.13.02.13; Tue, 08 Aug 2023 13:02:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=alien8 header.b="DfDKntE/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234858AbjHHRhy (ORCPT + 99 others); Tue, 8 Aug 2023 13:37:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233006AbjHHRhS (ORCPT ); Tue, 8 Aug 2023 13:37:18 -0400 Received: from mail.alien8.de (mail.alien8.de [IPv6:2a01:4f9:3051:3f93::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 105623AB9 for ; Tue, 8 Aug 2023 09:16:18 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTP id 1B47940E01A0; Tue, 8 Aug 2023 13:47:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.alien8.de Authentication-Results: mail.alien8.de (amavisd-new); dkim=pass (4096-bit key) header.d=alien8.de Received: from mail.alien8.de ([127.0.0.1]) by localhost (mail.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SCgo-ykV10ou; Tue, 8 Aug 2023 13:47:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=alien8; t=1691502461; bh=lRDxW5/CLjXom3lTf/cLHkx3v/Wb2nUur8TRjHNGba0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DfDKntE/CJsfBKI9yO49raeXHw4VbhvBhDnuSBG17IDEo5OOIqxMxZ7WX8uRWxDQf 44H64WHLrus/EiRz1i4pr8oBf9F/sCsENagO6W0YAhk1vbOrxAfGofakkTd7SeBR9A WYh2qL5YJ9Pi8lI9qQPtsmBYXtUfXgsKhmQ9N0C8//+sIBN/Tr6NiqBjpv33BnogKs zj5B6EPlkpmE01UFq8rM73M+QNuyFuU0DWpvGLbRqUmMh5chKuDAmQOJ6IzU+vE8FG Y+i/ZXNjHBplUN0I6YO5SYfU0p5l6++U7n8LKyZIncUrW5TB6GNRIjrBFamr7aZQ4V Dn25NNDk9IfwHIiNBywX+oW4BixNhwHcDUp69sgCn8WzWiwhNDFjCjPSvEJSuOFfuQ 7pii6aLfv8eIGIrjca8KtDhbPKBmVrgVrTzA844qjfgRtuAgObXsZP0Bi/TxYBOTx6 jZzU4uiaK9kNZh0/Cir1gLJPyBVEDcgf0OO6h+UmTTJlPL5BJi8oQvgNiFqT9OCQ3S c0iKe77F48+vsEty23id17LFQOrmn/1SKv+VisB9wbwplYzQryp2MyTHFJhKjGcB2x IBUFnddOQk13hOF+9VZbfmvS8hAwAA8DO3s1rUI94FzOzZ3o5gePRStXPMXgTxBnWV 2MesaIWMYqGggIVIY5dEx+SA= Received: from zn.tnic (pd9530d32.dip0.t-ipconnect.de [217.83.13.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail.alien8.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AA91A40E0195; Tue, 8 Aug 2023 13:47:32 +0000 (UTC) Date: Tue, 8 Aug 2023 15:47:26 +0200 From: Borislav Petkov To: Karol Herbst Cc: Ben Skeggs , regressions@leemhuis.info, Lyude Paul , David Airlie , Daniel Vetter , dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org, lkml Subject: Re: 2b5d1c29f6c4 ("drm/nouveau/disp: PIOR DP uses GPIO for HPD, not PMGR AUX interrupts") Message-ID: <20230808134726.GBZNJHbovV87w/5t/d@fat_crate.local> References: <20230806213107.GFZNARG6moWpFuSJ9W@fat_crate.local> <20230807150521.GGZNEIMQ9rsyCmkpoA@fat_crate.local> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Aug 08, 2023 at 12:39:32PM +0200, Karol Herbst wrote: > ahh, that would have been good to know :) Yeah, I didn't see it before - it would only freeze. Only after I added the printk you requested. > Mind figuring out what's exactly NULL inside nvif_object_mthd? Or > rather what line `nvif_object_mthd+0x136` belongs to, then it should > be easy to figure out what's wrong here. That looks like this: ffffffff816ddfee: e8 8d 04 4e 00 callq ffffffff81bbe480 <__memcpy> ffffffff816ddff3: 41 8d 56 20 lea 0x20(%r14),%edx ffffffff816ddff7: 49 8b 44 24 08 mov 0x8(%r12),%rax ffffffff816ddffc: 83 fa 17 cmp $0x17,%edx ffffffff816ddfff: 76 7d jbe ffffffff816de07e ffffffff816de001: 49 39 c4 cmp %rax,%r12 ffffffff816de004: 74 45 je ffffffff816de04b <--- RIP points here. The 0x20 also fits the deref address: 0000000000000020. Which means %rax is 0. Yap. ffffffff816de006: 48 8b 78 20 mov 0x20(%rax),%rdi ffffffff816de00a: 4c 89 64 24 10 mov %r12,0x10(%rsp) ffffffff816de00f: 48 8b 40 38 mov 0x38(%rax),%rax ffffffff816de013: c6 44 24 06 ff movb $0xff,0x6(%rsp) ffffffff816de018: 31 c9 xor %ecx,%ecx ffffffff816de01a: 48 89 e6 mov %rsp,%rsi ffffffff816de01d: 48 8b 40 28 mov 0x28(%rax),%rax ffffffff816de021: e8 3a 0c 4f 00 callq ffffffff81bcec60 <__x86_indirect_thunk_array> Now, the preprocessed asm version of nvif/object.c says around here: call memcpy # # drivers/gpu/drm/nouveau/nvif/object.c:160: ret = nvif_object_ioctl(object, args, sizeof(*args) + size, NULL); leal 32(%r14), %edx #, _108 # drivers/gpu/drm/nouveau/nvif/object.c:33: struct nvif_client *client = object->client; movq 8(%r12), %rax # object_19(D)->client, client # drivers/gpu/drm/nouveau/nvif/object.c:38: if (size >= sizeof(*args) && args->v0.version == 0) { cmpl $23, %edx #, _108 jbe .L69 #, # drivers/gpu/drm/nouveau/nvif/object.c:39: if (object != &client->object) cmpq %rax, %r12 # client, object je .L70 #, # drivers/gpu/drm/nouveau/nvif/object.c:47: return client->driver->ioctl(client->object.priv, data, size, hack); movq 32(%rax), %rdi # client_109->object.priv, client_109->object.priv So I'd say that client is NULL. IINM. movq %r12, 16(%rsp) # object, MEM[(union *)&stack].v0.object # drivers/gpu/drm/nouveau/nvif/object.c:47: return client->driver->ioctl(client->object.priv, data, size, hack); movq 56(%rax), %rax # client_109->driver, client_109->driver # drivers/gpu/drm/nouveau/nvif/object.c:43: args->v0.owner = NVIF_IOCTL_V0_OWNER_ANY; movb $-1, 6(%rsp) #, MEM[(union *)&stack].v0.owner .L64: # drivers/gpu/drm/nouveau/nvif/object.c:47: return client->driver->ioctl(client->object.priv, data, size, hack); xorl %ecx, %ecx # movq %rsp, %rsi #, movq 40(%rax), %rax #, _77->ioctl call __x86_indirect_thunk_rax # drivers/gpu/drm/nouveau/nvif/object.c:161: memcpy(data, args->mthd.data, size); > > [ 4.144676] #PF: supervisor read access in kernel mode > > [ 4.144676] #PF: error_code(0x0000) - not-present page > > [ 4.144676] PGD 0 P4D 0 > > [ 4.144676] Oops: 0000 [#1] PREEMPT SMP PTI > > [ 4.144676] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 6.5.0-rc5-dirty #1 > > [ 4.144676] Hardware name: Dell Inc. Precision T3600/0PTTT9, BIOS A13 05/11/2014 > > [ 4.144676] RIP: 0010:nvif_object_mthd+0x136/0x1e0 > > [ 4.144676] Code: f2 4c 89 ee 48 8d 7c 24 20 66 89 04 24 c6 44 24 18 00 e8 8d 04 4e 00 41 8d 56 20 49 8b 44 24 08 83 fa 17 76 7d 49 39 c4 74 45 <48> 8b 78 20 4c 89 64 24 10 48 8b 40 38 c6 44 24 06 ff 31 c9 48 89 Opcode bytes around RIP look correct too: ./scripts/decodecode < /tmp/oops [ 4.144676] Code: f2 4c 89 ee 48 8d 7c 24 20 66 89 04 24 c6 44 24 18 00 e8 8d 04 4e 00 41 8d 56 20 49 8b 44 24 08 83 fa 17 76 7d 49 39 c4 74 45 <48> 8b 78 20 4c 89 64 24 10 48 8b 40 38 c6 44 24 06 ff 31 c9 48 89 All code ======== 0: f2 4c 89 ee repnz mov %r13,%rsi 4: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 9: 66 89 04 24 mov %ax,(%rsp) d: c6 44 24 18 00 movb $0x0,0x18(%rsp) 12: e8 8d 04 4e 00 callq 0x4e04a4 17: 41 8d 56 20 lea 0x20(%r14),%edx 1b: 49 8b 44 24 08 mov 0x8(%r12),%rax 20: 83 fa 17 cmp $0x17,%edx 23: 76 7d jbe 0xa2 25: 49 39 c4 cmp %rax,%r12 28: 74 45 je 0x6f 2a:* 48 8b 78 20 mov 0x20(%rax),%rdi <-- trapping instruction 2e: 4c 89 64 24 10 mov %r12,0x10(%rsp) 33: 48 8b 40 38 mov 0x38(%rax),%rax 37: c6 44 24 06 ff movb $0xff,0x6(%rsp) 3c: 31 c9 xor %ecx,%ecx 3e: 48 rex.W 3f: 89 .byte 0x89 HTH. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette