[PATCH] etnaviv: fix dumping of iommuv2

From: Christian Gmeiner
Date: Fri Oct 25 2019 - 06:39:25 EST

Next message: Thomas Renninger: "Re: [PATCHv2 2/3] cpupower: mperf_monitor: Introduce per_cpu_schedule flag"
Previous message: Koenig, Christian: "Re: [RESEND PATCH v4] drm: Don't free jobs in wait_event_interruptible()"
Next in thread: Lucas Stach: "Re: [PATCH] etnaviv: fix dumping of iommuv2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

etnaviv_iommuv2_dump_size(..) returns the number of PTE * SZ_4K but etnaviv_iommuv2_dump(..)
increments buf pointer even if there is no PTE. This results in a bad buf pointer which gets
used for memcpy(..).

[ 264.408474] 8<--- cut here ---
[ 264.412048] Unable to handle kernel paging request at virtual address f1a2c268
[ 264.419321] pgd = e5846004
[ 264.422069] [f1a2c268] *pgd=00000000
[ 264.425702] Internal error: Oops: 805 [#1] SMP ARM
[ 264.430520] Modules linked in:
[ 264.433616] CPU: 2 PID: 130 Comm: kworker/2:2 Tainted: G W 5.4.0-rc4 #10
[ 264.441643] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 264.448227] Workqueue: events drm_sched_job_timedout
[ 264.453237] PC is at memcpy+0x50/0x330
[ 264.457012] LR is at 0x2
[ 264.459572] pc : [<c0c04650>] lr : [<00000002>] psr: 200f0013
[ 264.465863] sp : ec96fe64 ip : 00000002 fp : 00000140
[ 264.471112] r10: 00003000 r9 : ec688040 r8 : 00000002
[ 264.476364] r7 : 00000002 r6 : 00000002 r5 : 00000002 r4 : 00000002
[ 264.482917] r3 : 00000002 r2 : 00000f60 r1 : f162a020 r0 : f1a2c268
[ 264.489472] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
[ 264.496635] Control: 10c5387d Table: 3d26804a DAC: 00000051
[ 264.502407] Process kworker/2:2 (pid: 130, stack limit = 0xe8f69f3d)
[ 264.508786] Stack: (0xec96fe64 to 0xec970000)
[ 264.513180] fe60: f1622000 f162218c f162c000 414e5445 f1a2c268 00000ffc c0655a8c
[ 264.521394] fe80: 00000000 0000012a f162c268 c064fd78 c0657350 c0187f64 00000001 00000000
[ 264.529606] fea0: ed0f9c00 00000001 00000002 435d587d ec688140 ec688100 ed0f9c00 ec688040
[ 264.537818] fec0: ed0f9c00 c1308b28 ec96ff1c c13e55b0 c13e41c8 c0657358 ec688260 ed0f9c18
[ 264.546029] fee0: ec688100 c0641278 ec688260 ec2f6180 ee1ba700 ee1bda00 c1308b28 c0149b98
[ 264.554240] ff00: 00000001 00000000 c0149ae4 c0c21fb0 00000000 00000000 c014a194 c1a4be34
[ 264.562452] ff20: c1870740 00000000 c1015384 435d587d ffffe000 ec2f6180 ec2f6194 ee1ba700
[ 264.570663] ff40: 00000008 ee1ba734 c1305900 ee1ba700 ffffe000 c014a0e4 ec9537a4 c0c28e64
[ 264.578874] ff60: ec96e000 00000000 ec2be780 ec2f99c0 ec96e000 ec2f6180 c014a0b8 ec13fe90
[ 264.587086] ff80: ec2be7b8 c0152890 ec96e000 ec2f99c0 c0152750 00000000 00000000 00000000
[ 264.595296] ffa0: 00000000 00000000 00000000 c01010b4 00000000 00000000 00000000 00000000
[ 264.603506] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 264.611716] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[ 264.619944] [<c0c04650>] (memcpy) from [<c0655a8c>] (etnaviv_iommuv2_dump+0x58/0x60)
[ 264.627738] [<c0655a8c>] (etnaviv_iommuv2_dump) from [<c064fd78>] (etnaviv_core_dump+0x140/0x45c)
[ 264.636658] [<c064fd78>] (etnaviv_core_dump) from [<c0657358>] (etnaviv_sched_timedout_job+0x8c/0xb8)
[ 264.645923] [<c0657358>] (etnaviv_sched_timedout_job) from [<c0641278>] (drm_sched_job_timedout+0x38/0x88)
[ 264.655631] [<c0641278>] (drm_sched_job_timedout) from [<c0149b98>] (process_one_work+0x2c4/0x7e4)
[ 264.664633] [<c0149b98>] (process_one_work) from [<c014a0e4>] (worker_thread+0x2c/0x59c)
[ 264.672765] [<c014a0e4>] (worker_thread) from [<c0152890>] (kthread+0x140/0x158)
[ 264.680200] [<c0152890>] (kthread) from [<c01010b4>] (ret_from_fork+0x14/0x20)
[ 264.687448] Exception stack(0xec96ffb0 to 0xec96fff8)
[ 264.692530] ffa0: 00000000 00000000 00000000 00000000
[ 264.700741] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 264.708949] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
[ 264.715599] Code: f5d1f05c f5d1f07c e8b151f8 e2522020 (e8a051f8)
[ 264.721727] ---[ end trace 8afcd79e9e2725b3 ]---

Fixes: afb7b3b1deb4 ("drm/etnaviv: implement IOMMUv2 translation")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Christian Gmeiner <christian.gmeiner@xxxxxxxxx>
---
drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c b/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c
index 043111a1d60c..f8bf488e9d71 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_iommu_v2.c
@@ -155,9 +155,11 @@ static void etnaviv_iommuv2_dump(struct etnaviv_iommu_context *context, void *bu

memcpy(buf, v2_context->mtlb_cpu, SZ_4K);
buf += SZ_4K;
- for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++, buf += SZ_4K)
- if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT)
+ for (i = 0; i < MMUv2_MAX_STLB_ENTRIES; i++)
+ if (v2_context->mtlb_cpu[i] & MMUv2_PTE_PRESENT) {
memcpy(buf, v2_context->stlb_cpu[i], SZ_4K);
+ buf += SZ_4K;
+ }
}

static void etnaviv_iommuv2_restore_nonsec(struct etnaviv_gpu *gpu,
--
2.23.0

Next message: Thomas Renninger: "Re: [PATCHv2 2/3] cpupower: mperf_monitor: Introduce per_cpu_schedule flag"
Previous message: Koenig, Christian: "Re: [RESEND PATCH v4] drm: Don't free jobs in wait_event_interruptible()"
Next in thread: Lucas Stach: "Re: [PATCH] etnaviv: fix dumping of iommuv2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]