Reviewed-by: Juan A. Suarez <[email protected]>
On Sat, 2025-06-28 at 19:42 -0300, Maíra Canal wrote: > Currently, an interrupt can be triggered during a GPU reset, which > can > lead to GPU hangs and NULL pointer dereference in an interrupt > context > as shown in the following trace: > > [ 314.035040] Unable to handle kernel NULL pointer dereference at > virtual address 00000000000000c0 > [ 314.043822] Mem abort info: > [ 314.046606] ESR = 0x0000000096000005 > [ 314.050347] EC = 0x25: DABT (current EL), IL = 32 bits > [ 314.055651] SET = 0, FnV = 0 > [ 314.058695] EA = 0, S1PTW = 0 > [ 314.061826] FSC = 0x05: level 1 translation fault > [ 314.066694] Data abort info: > [ 314.069564] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 > [ 314.075039] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 > [ 314.080080] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 > [ 314.085382] user pgtable: 4k pages, 39-bit VAs, > pgdp=0000000102728000 > [ 314.091814] [00000000000000c0] pgd=0000000000000000, > p4d=0000000000000000, pud=0000000000000000 > [ 314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT > SMP > [ 314.106770] Modules linked in: v3d i2c_brcmstb vc4 > snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec > drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks > snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd > backlight > [ 314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted > 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1 > [ 314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT) > [ 314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS > BTYPE=--) > [ 314.152165] pc : v3d_irq+0xec/0x2e0 [v3d] > [ 314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d] > [ 314.160198] sp : ffffffc080003ea0 > [ 314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: > 021202b000000000 > [ 314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: > ffffffec1f17d9f0 > [ 314.177764] x23: 000000000000002a x22: 000000000000002a x21: > ffffff8103252000 > [ 314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: > 0000000000000000 > [ 314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: > c306000000000000 > [ 314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: > 0000000000000001 > [ 314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : > ffffffec1dac3874 > [ 314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : > ffffff810017a180 > [ 314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : > 00000000000bebeb > [ 314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : > 0000000000000000 > [ 314.234807] Call trace: > [ 314.237243] v3d_irq+0xec/0x2e0 [v3d] > [ 314.240906] __handle_irq_event_percpu+0x58/0x218 > [ 314.245609] handle_irq_event+0x54/0xb8 > [ 314.249439] handle_fasteoi_irq+0xac/0x240 > [ 314.253527] handle_irq_desc+0x48/0x68 > [ 314.257269] generic_handle_domain_irq+0x24/0x38 > [ 314.261879] gic_handle_irq+0x48/0xd8 > [ 314.265533] call_on_irq_stack+0x24/0x58 > [ 314.269448] do_interrupt_handler+0x88/0x98 > [ 314.273624] el1_interrupt+0x34/0x68 > [ 314.277193] el1h_64_irq_handler+0x18/0x28 > [ 314.281281] el1h_64_irq+0x64/0x68 > [ 314.284673] default_idle_call+0x3c/0x168 > [ 314.288675] do_idle+0x1fc/0x230 > [ 314.291895] cpu_startup_entry+0x3c/0x50 > [ 314.295810] rest_init+0xe4/0xf0 > [ 314.299030] start_kernel+0x5e8/0x790 > [ 314.302684] __primary_switched+0x80/0x90 > [ 314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017) > [ 314.312775] ---[ end trace 0000000000000000 ]--- > [ 314.317384] Kernel panic - not syncing: Oops: Fatal exception in > interrupt > [ 314.324249] SMP: stopping secondary CPUs > [ 314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000 > [ 314.334076] PHYS_OFFSET: 0x0 > [ 314.336946] CPU features: 0x08,00002013,c0200000,0200421b > [ 314.342337] Memory Limit: none > [ 314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal > exception in interrupt ]--- > > Before resetting the GPU, it's necessary to disable all interrupts > and > deal with any interrupt handler still in-flight. Otherwise, the GPU > might > reset with jobs still running, or yet, an interrupt could be handled > during the reset. > > Cc: [email protected] > Fixes: 57692c94dcbe ("drm/v3d: Introduce a new DRM driver for > Broadcom V3D V3.x+") > Signed-off-by: Maíra Canal <[email protected]> > --- > drivers/gpu/drm/v3d/v3d_drv.h | 8 ++++++++ > drivers/gpu/drm/v3d/v3d_gem.c | 2 ++ > drivers/gpu/drm/v3d/v3d_irq.c | 37 +++++++++++++++++++++++++-------- > -- > 3 files changed, 37 insertions(+), 10 deletions(-) > > diff --git a/drivers/gpu/drm/v3d/v3d_drv.h > b/drivers/gpu/drm/v3d/v3d_drv.h > index b51f0b648a08..411e47702f8a 100644 > --- a/drivers/gpu/drm/v3d/v3d_drv.h > +++ b/drivers/gpu/drm/v3d/v3d_drv.h > @@ -101,6 +101,12 @@ enum v3d_gen { > V3D_GEN_71 = 71, > }; > > +enum v3d_irq { > + V3D_CORE_IRQ, > + V3D_HUB_IRQ, > + V3D_MAX_IRQS, > +}; > + > struct v3d_dev { > struct drm_device drm; > > @@ -112,6 +118,8 @@ struct v3d_dev { > > bool single_irq_line; > > + int irq[V3D_MAX_IRQS]; > + > struct v3d_perfmon_info perfmon_info; > > void __iomem *hub_regs; > diff --git a/drivers/gpu/drm/v3d/v3d_gem.c > b/drivers/gpu/drm/v3d/v3d_gem.c > index d7d16da78db3..37bf5eecdd2c 100644 > --- a/drivers/gpu/drm/v3d/v3d_gem.c > +++ b/drivers/gpu/drm/v3d/v3d_gem.c > @@ -134,6 +134,8 @@ v3d_reset(struct v3d_dev *v3d) > if (false) > v3d_idle_axi(v3d, 0); > > + v3d_irq_disable(v3d); > + > v3d_idle_gca(v3d); > v3d_reset_sms(v3d); > v3d_reset_v3d(v3d); > diff --git a/drivers/gpu/drm/v3d/v3d_irq.c > b/drivers/gpu/drm/v3d/v3d_irq.c > index 2cca5d3a26a2..a515a301e480 100644 > --- a/drivers/gpu/drm/v3d/v3d_irq.c > +++ b/drivers/gpu/drm/v3d/v3d_irq.c > @@ -260,7 +260,7 @@ v3d_hub_irq(int irq, void *arg) > int > v3d_irq_init(struct v3d_dev *v3d) > { > - int irq1, ret, core; > + int irq, ret, core; > > INIT_WORK(&v3d->overflow_mem_work, v3d_overflow_mem_work); > > @@ -271,17 +271,24 @@ v3d_irq_init(struct v3d_dev *v3d) > V3D_CORE_WRITE(core, V3D_CTL_INT_CLR, > V3D_CORE_IRQS(v3d->ver)); > V3D_WRITE(V3D_HUB_INT_CLR, V3D_HUB_IRQS(v3d->ver)); > > - irq1 = platform_get_irq_optional(v3d_to_pdev(v3d), 1); > - if (irq1 == -EPROBE_DEFER) > - return irq1; > - if (irq1 > 0) { > - ret = devm_request_irq(v3d->drm.dev, irq1, > + irq = platform_get_irq_optional(v3d_to_pdev(v3d), 1); > + if (irq == -EPROBE_DEFER) > + return irq; > + if (irq > 0) { > + v3d->irq[V3D_CORE_IRQ] = irq; > + > + ret = devm_request_irq(v3d->drm.dev, v3d- > >irq[V3D_CORE_IRQ], > v3d_irq, IRQF_SHARED, > "v3d_core0", v3d); > if (ret) > goto fail; > - ret = devm_request_irq(v3d->drm.dev, > - > platform_get_irq(v3d_to_pdev(v3d), 0), > + > + irq = platform_get_irq(v3d_to_pdev(v3d), 0); > + if (irq < 0) > + return irq; > + v3d->irq[V3D_HUB_IRQ] = irq; > + > + ret = devm_request_irq(v3d->drm.dev, v3d- > >irq[V3D_HUB_IRQ], > v3d_hub_irq, IRQF_SHARED, > "v3d_hub", v3d); > if (ret) > @@ -289,8 +296,12 @@ v3d_irq_init(struct v3d_dev *v3d) > } else { > v3d->single_irq_line = true; > > - ret = devm_request_irq(v3d->drm.dev, > - > platform_get_irq(v3d_to_pdev(v3d), 0), > + irq = platform_get_irq(v3d_to_pdev(v3d), 0); > + if (irq < 0) > + return irq; > + v3d->irq[V3D_CORE_IRQ] = irq; > + > + ret = devm_request_irq(v3d->drm.dev, v3d- > >irq[V3D_CORE_IRQ], > v3d_irq, IRQF_SHARED, > "v3d", v3d); > if (ret) > @@ -331,6 +342,12 @@ v3d_irq_disable(struct v3d_dev *v3d) > V3D_CORE_WRITE(core, V3D_CTL_INT_MSK_SET, ~0); > V3D_WRITE(V3D_HUB_INT_MSK_SET, ~0); > > + /* Finish any interrupt handler still in flight. */ > + for (int i = 0; i < V3D_MAX_IRQS; i++) { > + if (v3d->irq[i]) > + synchronize_irq(v3d->irq[i]); > + } > + > /* Clear any pending interrupts we might have left. */ > for (core = 0; core < v3d->cores; core++) > V3D_CORE_WRITE(core, V3D_CTL_INT_CLR, > V3D_CORE_IRQS(v3d->ver));
