[BUG REPORT] Panic with sys_imageblit on arm64
Hi all, When I run linux-4.19.2 on arm64, I got panic in sys_imageblit. My test steps are as fllows: 1) Remote login using BMC; 2) Enter a bunch of 'Enter' keys; 3) Execute the 'top' command and continuously press shift + page up several times. This gives the following panic on the serial console: [47229.923256] Unable to handle kernel paging request at virtual address 2f0bc010 [47229.923258] Mem abort info: [47229.923259] ESR = 0x9647 [47229.923261] Exception class = DABT (current EL), IL = 32 bits [47229.923262] SET = 0, FnV = 0 [47229.923263] EA = 0, S1PTW = 0 [47229.923263] Data abort info: [47229.923265] ISV = 0, ISS = 0x0047 [47229.923265] CM = 0, WnR = 1 [47229.923269] swapper pgtable: 4k pages, 48-bit VAs, pgdp = ea9a862f [47229.923270] [2f0bc010] pgd=00dffbffe803, pud=00dffbffd803, pmd=00bf758ee003, pte= [47229.923279] Internal error: Oops: 9647 [#1] SMP [47229.923285] CPU: 45 PID: 16061 Comm: top Kdump: loaded Tainted: G OE 4.19.2-1.1.23.aarch64 #1 [47229.923286] Hardware name: Huawei Taishan 2280 /BC11SPCD, BIOS 1.46 03/29/2018 [47229.923288] pstate: 8005 (Nzcv daif -PAN -UAO) [47229.923295] pc : sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923317] lr : drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923318] sp : 2f6d3820 [47229.923319] x29: 2f6d3820 x28: 00ff [47229.923322] x27: 0010 x26: 0001 [47229.923325] x25: 0118 x24: 0008 [47229.923327] x23: 805f771db800 x22: [47229.923330] x21: 2f6d3958 x20: 2f0bc010 [47229.923332] x19: x18: [47229.923335] x17: x16: [47229.923337] x15: x14: 2020202020202020 [47229.923339] x13: 2020202064686374 x12: 805f77927360 [47229.923342] x11: 00f54078 x10: 0023 [47229.923344] x9 : 000f x8 : 0003 [47229.923346] x7 : 008c x6 : 0002 [47229.923349] x5 : x4 : ad55ad55 [47229.923352] x3 : 805f77927360 x2 : [47229.923354] x1 : 0006 x0 : [47229.923357] Process top (pid: 16061, stack limit = 0xd490d156) [47229.923359] Call trace: [47229.923363] sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923373] drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923387] bit_putcs+0x29c/0x4a0 [47229.923391] fbcon_putcs+0x110/0x148 [47229.923397] do_update_region+0x138/0x1d8 [47229.923399] do_con_trol+0xb44/0x13e0 [47229.923400] do_con_write.part.29+0x1d0/0x8f0 [47229.923402] con_write+0x70/0x78 [47229.923405] n_tty_write+0x1a8/0x428 [47229.923407] tty_write+0x1bc/0x2f0 [47229.923412] __vfs_write+0x60/0x1a8 [47229.923414] vfs_write+0xb0/0x1a8 [47229.923416] ksys_write+0x6c/0xd8 [47229.923418] __arm64_sys_write+0x28/0x38 [47229.923424] el0_svc_common+0xb8/0x118 [47229.923426] el0_svc_handler+0x38/0x88 [47229.923429] el0_svc+0x8/0xc [47229.923431] Code: 0a08 b8605960 0a80 4a05 (b8227a80) [47229.923436] [kbox] die event detected I followed the same test steps and found the same problem in the linux-4.20.0-rc3. In the test I found that if the variable bitstart in function sys_imageblit is greater than variable p->screen_size - 1, the kernel will panic. The following patch seems to work fine in my test: diff --git a/drivers/video/fbdev/core/sysimgblt.c b/drivers/video/fbdev/core/sysimgblt.c index a4d05b1..b316404 100644 --- a/drivers/video/fbdev/core/sysimgblt.c +++ b/drivers/video/fbdev/core/sysimgblt.c @@ -254,6 +254,9 @@ void sys_imageblit(struct fb_info *p, const struct fb_image *image) bitstart /= 8; bitstart &= ~(bpl - 1); + if (p->screen_size - 1 < bitstart) + return; + dst1 = (void __force *)p->screen_base + bitstart; if (p->fbops->fb_sync) So please CC me directly on any reply. Many thanks, Zengruan. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] [BUG REPORT] Panic with sys_imageblit on arm64
From: yezengruan Hi all, When I run linux-4.19.2 on arm64, I got panic in sys_imageblit. My test steps are as fllows: 1) Remote login using BMC; 2) Enter a bunch of 'Enter' keys; 3) Execute the 'top' command and continuously press shift + page up several times. This gives the following panic on the serial console: [47229.923256] Unable to handle kernel paging request at virtual address 2f0bc010 [47229.923258] Mem abort info: [47229.923259] ESR = 0x9647 [47229.923261] Exception class = DABT (current EL), IL = 32 bits [47229.923262] SET = 0, FnV = 0 [47229.923263] EA = 0, S1PTW = 0 [47229.923263] Data abort info: [47229.923265] ISV = 0, ISS = 0x0047 [47229.923265] CM = 0, WnR = 1 [47229.923269] swapper pgtable: 4k pages, 48-bit VAs, pgdp = ea9a862f [47229.923270] [2f0bc010] pgd=00dffbffe803, pud=00dffbffd803, pmd=00bf758ee003, pte= [47229.923279] Internal error: Oops: 9647 [#1] SMP [47229.923285] CPU: 45 PID: 16061 Comm: top Kdump: loaded Tainted: G OE 4.19.2-1.1.23.aarch64 #1 [47229.923286] Hardware name: Huawei Taishan 2280 /BC11SPCD, BIOS 1.46 03/29/2018 [47229.923288] pstate: 8005 (Nzcv daif -PAN -UAO) [47229.923295] pc : sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923317] lr : drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923318] sp : 2f6d3820 [47229.923319] x29: 2f6d3820 x28: 00ff [47229.923322] x27: 0010 x26: 0001 [47229.923325] x25: 0118 x24: 0008 [47229.923327] x23: 805f771db800 x22: [47229.923330] x21: 2f6d3958 x20: 2f0bc010 [47229.923332] x19: x18: [47229.923335] x17: x16: [47229.923337] x15: x14: 2020202020202020 [47229.923339] x13: 2020202064686374 x12: 805f77927360 [47229.923342] x11: 00f54078 x10: 0023 [47229.923344] x9 : 000f x8 : 0003 [47229.923346] x7 : 008c x6 : 0002 [47229.923349] x5 : x4 : ad55ad55 [47229.923352] x3 : 805f77927360 x2 : [47229.923354] x1 : 0006 x0 : [47229.923357] Process top (pid: 16061, stack limit = 0xd490d156) [47229.923359] Call trace: [47229.923363] sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923373] drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923387] bit_putcs+0x29c/0x4a0 [47229.923391] fbcon_putcs+0x110/0x148 [47229.923397] do_update_region+0x138/0x1d8 [47229.923399] do_con_trol+0xb44/0x13e0 [47229.923400] do_con_write.part.29+0x1d0/0x8f0 [47229.923402] con_write+0x70/0x78 [47229.923405] n_tty_write+0x1a8/0x428 [47229.923407] tty_write+0x1bc/0x2f0 [47229.923412] __vfs_write+0x60/0x1a8 [47229.923414] vfs_write+0xb0/0x1a8 [47229.923416] ksys_write+0x6c/0xd8 [47229.923418] __arm64_sys_write+0x28/0x38 [47229.923424] el0_svc_common+0xb8/0x118 [47229.923426] el0_svc_handler+0x38/0x88 [47229.923429] el0_svc+0x8/0xc [47229.923431] Code: 0a08 b8605960 0a80 4a05 (b8227a80) [47229.923436] [kbox] die event detected I followed the same test steps and found the same problem in the linux-4.20.0-rc3. In the test I found that if the variable bitstart in function sys_imageblit is greater than variable p->screen_size - 1, the kernel will panic. The following patch seems to work fine in my test: --- drivers/video/fbdev/core/sysimgblt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/video/fbdev/core/sysimgblt.c b/drivers/video/fbdev/core/sysimgblt.c index a4d05b1..b316404 100644 --- a/drivers/video/fbdev/core/sysimgblt.c +++ b/drivers/video/fbdev/core/sysimgblt.c @@ -254,6 +254,9 @@ void sys_imageblit(struct fb_info *p, const struct fb_image *image) bitstart /= 8; bitstart &= ~(bpl - 1); + if (p->screen_size - 1 < bitstart) + return; + dst1 = (void __force *)p->screen_base + bitstart; if (p->fbops->fb_sync) -- 1.8.3.1 ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
[BUG REPORT] Panic with sys_imageblit on arm64
Hi all, When I run linux-4.19.2 on arm64, I got panic in sys_imageblit. My test steps are as fllows: 1) Remote login using BMC; 2) Enter a bunch of 'Enter' keys; 3) Execute the 'top' command and continuously press shift + page up several times. This gives the following panic on the serial console: [47229.923256] Unable to handle kernel paging request at virtual address 2f0bc010 [47229.923258] Mem abort info: [47229.923259] ESR = 0x9647 [47229.923261] Exception class = DABT (current EL), IL = 32 bits [47229.923262] SET = 0, FnV = 0 [47229.923263] EA = 0, S1PTW = 0 [47229.923263] Data abort info: [47229.923265] ISV = 0, ISS = 0x0047 [47229.923265] CM = 0, WnR = 1 [47229.923269] swapper pgtable: 4k pages, 48-bit VAs, pgdp = ea9a862f [47229.923270] [2f0bc010] pgd=00dffbffe803, pud=00dffbffd803, pmd=00bf758ee003, pte= [47229.923279] Internal error: Oops: 9647 [#1] SMP [47229.923285] CPU: 45 PID: 16061 Comm: top Kdump: loaded Tainted: G OE 4.19.2-1.1.23.aarch64 #1 [47229.923286] Hardware name: Huawei Taishan 2280 /BC11SPCD, BIOS 1.46 03/29/2018 [47229.923288] pstate: 8005 (Nzcv daif -PAN -UAO) [47229.923295] pc : sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923317] lr : drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923318] sp : 2f6d3820 [47229.923319] x29: 2f6d3820 x28: 00ff [47229.923322] x27: 0010 x26: 0001 [47229.923325] x25: 0118 x24: 0008 [47229.923327] x23: 805f771db800 x22: [47229.923330] x21: 2f6d3958 x20: 2f0bc010 [47229.923332] x19: x18: [47229.923335] x17: x16: [47229.923337] x15: x14: 2020202020202020 [47229.923339] x13: 2020202064686374 x12: 805f77927360 [47229.923342] x11: 00f54078 x10: 0023 [47229.923344] x9 : 000f x8 : 0003 [47229.923346] x7 : 008c x6 : 0002 [47229.923349] x5 : x4 : ad55ad55 [47229.923352] x3 : 805f77927360 x2 : [47229.923354] x1 : 0006 x0 : [47229.923357] Process top (pid: 16061, stack limit = 0xd490d156) [47229.923359] Call trace: [47229.923363] sys_imageblit+0x414/0x1000 [sysimgblt] [47229.923373] drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper] [47229.923387] bit_putcs+0x29c/0x4a0 [47229.923391] fbcon_putcs+0x110/0x148 [47229.923397] do_update_region+0x138/0x1d8 [47229.923399] do_con_trol+0xb44/0x13e0 [47229.923400] do_con_write.part.29+0x1d0/0x8f0 [47229.923402] con_write+0x70/0x78 [47229.923405] n_tty_write+0x1a8/0x428 [47229.923407] tty_write+0x1bc/0x2f0 [47229.923412] __vfs_write+0x60/0x1a8 [47229.923414] vfs_write+0xb0/0x1a8 [47229.923416] ksys_write+0x6c/0xd8 [47229.923418] __arm64_sys_write+0x28/0x38 [47229.923424] el0_svc_common+0xb8/0x118 [47229.923426] el0_svc_handler+0x38/0x88 [47229.923429] el0_svc+0x8/0xc [47229.923431] Code: 0a08 b8605960 0a80 4a05 (b8227a80) [47229.923436] [kbox] die event detected I followed the same test steps and found the same problem in the linux-4.20.0-rc3. In the test I found that if the variable bitstart in function sys_imageblit is greater than variable p->screen_size - 1, the kernel will panic. The following patch seems to work fine in my test: diff --git a/drivers/video/fbdev/core/sysimgblt.c b/drivers/video/fbdev/core/sysimgblt.c index a4d05b1..b316404 100644 --- a/drivers/video/fbdev/core/sysimgblt.c +++ b/drivers/video/fbdev/core/sysimgblt.c @@ -254,6 +254,9 @@ void sys_imageblit(struct fb_info *p, const struct fb_image *image) bitstart /= 8; bitstart &= ~(bpl - 1); + if (p->screen_size - 1 < bitstart) + return; + dst1 = (void __force *)p->screen_base + bitstart; if (p->fbops->fb_sync) So please CC me directly on any reply. Many thanks, Zengruan. ___ dri-devel mailing list dri-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/dri-devel
