Patch "fbdev: Fix unregistering of framebuffers without device" has been added to the 5.17-stable tree
This is a note to let you know that I've just added the patch titled fbdev: Fix unregistering of framebuffers without device to the 5.17-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbdev-fix-unregistering-of-framebuffers-without-device.patch and it can be found in the queue-5.17 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann Date: Mon, 4 Apr 2022 21:44:02 +0200 Subject: fbdev: Fix unregistering of framebuffers without device From: Thomas Zimmermann commit 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 upstream. OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x0060 Faulting instruction address: 0xc080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c080dfa4 LR: c080df9c CTR: c0797430 REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 82009033 CR: 28228282 XER: 2000 CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 GPR00: c080df9c c4133280 c169d200 0029 GPR04: efff c4132f90 c4132f88 GPR08: c15658f8 c15cd200 c14f57d0 48228283 GPR12: c0003fffe300 2000 GPR16: 000113fc4a40 0005 000113fcfb80 GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 GPR24: 0001 000a c00800db0168 c21f6ec0 GPR28: c16d65a8 c4b36460 c16d64b0 NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c4133280] [c080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c4133350] [c080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c41333a0] [c080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c4133450] [c00800e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 [c4133e10] [c000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation. Signed-off-by: Thomas Zimmermann Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Sudip Mukherjee Reviewed-by: Daniel Vetter Reviewed-by: Javier Martinez Canillas Tested-by: Sudip Mukherjee Cc: Zack Rusin Cc: Javier Martinez Canillas Cc: Hans de Goede Cc: sta...@vger.kernel.org # v5.11+ Cc: Helge Deller Cc: Daniel Vetter Cc: Sam Ravnborg Cc: Zheyu Ma Cc: Xiyu Yang Cc: Zhen Lei Cc: Matthew Wilcox Cc: Alex Deucher Cc: Tetsuo Handa Cc: Guenter Roeck Cc: linux-fb...@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] Link: https://patchwork.freedesktop.org/patch/msgid/20220404194402.29974-1-tzimmerm...@suse.de Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1583,7 +1583,14 @@ static void do_remove_conflicting_frameb * If it's not a platform device, at least print a warning. A * fix would add code to remove the device from the system. */ - if (dev_is_platform(device)) { + if (!device) { + /* TODO: Represent each OF framebuffer as its own +* device in the device hierarchy. For now, offb +* doesn't have such a device, so unregister the +* framebuffer as
Patch "fbdev: Fix unregistering of framebuffers without device" has been added to the 5.16-stable tree
This is a note to let you know that I've just added the patch titled fbdev: Fix unregistering of framebuffers without device to the 5.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbdev-fix-unregistering-of-framebuffers-without-device.patch and it can be found in the queue-5.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann Date: Mon, 4 Apr 2022 21:44:02 +0200 Subject: fbdev: Fix unregistering of framebuffers without device From: Thomas Zimmermann commit 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 upstream. OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x0060 Faulting instruction address: 0xc080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c080dfa4 LR: c080df9c CTR: c0797430 REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 82009033 CR: 28228282 XER: 2000 CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 GPR00: c080df9c c4133280 c169d200 0029 GPR04: efff c4132f90 c4132f88 GPR08: c15658f8 c15cd200 c14f57d0 48228283 GPR12: c0003fffe300 2000 GPR16: 000113fc4a40 0005 000113fcfb80 GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 GPR24: 0001 000a c00800db0168 c21f6ec0 GPR28: c16d65a8 c4b36460 c16d64b0 NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c4133280] [c080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c4133350] [c080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c41333a0] [c080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c4133450] [c00800e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 [c4133e10] [c000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation. Signed-off-by: Thomas Zimmermann Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Sudip Mukherjee Reviewed-by: Daniel Vetter Reviewed-by: Javier Martinez Canillas Tested-by: Sudip Mukherjee Cc: Zack Rusin Cc: Javier Martinez Canillas Cc: Hans de Goede Cc: sta...@vger.kernel.org # v5.11+ Cc: Helge Deller Cc: Daniel Vetter Cc: Sam Ravnborg Cc: Zheyu Ma Cc: Xiyu Yang Cc: Zhen Lei Cc: Matthew Wilcox Cc: Alex Deucher Cc: Tetsuo Handa Cc: Guenter Roeck Cc: linux-fb...@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] Link: https://patchwork.freedesktop.org/patch/msgid/20220404194402.29974-1-tzimmerm...@suse.de Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1581,7 +1581,14 @@ static void do_remove_conflicting_frameb * If it's not a platform device, at least print a warning. A * fix would add code to remove the device from the system. */ - if (dev_is_platform(device)) { + if (!device) { + /* TODO: Represent each OF framebuffer as its own +* device in the device hierarchy. For now, offb +* doesn't have such a device, so unregister the +* framebuffer as
Patch "fbdev: Fix unregistering of framebuffers without device" has been added to the 5.15-stable tree
This is a note to let you know that I've just added the patch titled fbdev: Fix unregistering of framebuffers without device to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fbdev-fix-unregistering-of-framebuffers-without-device.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann Date: Mon, 4 Apr 2022 21:44:02 +0200 Subject: fbdev: Fix unregistering of framebuffers without device From: Thomas Zimmermann commit 0f525289ff0ddeb380813bd81e0f9bdaaa1c9078 upstream. OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x0060 Faulting instruction address: 0xc080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c080dfa4 LR: c080df9c CTR: c0797430 REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 82009033 CR: 28228282 XER: 2000 CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 GPR00: c080df9c c4133280 c169d200 0029 GPR04: efff c4132f90 c4132f88 GPR08: c15658f8 c15cd200 c14f57d0 48228283 GPR12: c0003fffe300 2000 GPR16: 000113fc4a40 0005 000113fcfb80 GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 GPR24: 0001 000a c00800db0168 c21f6ec0 GPR28: c16d65a8 c4b36460 c16d64b0 NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c4133280] [c080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c4133350] [c080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c41333a0] [c080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c4133450] [c00800e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 [c4133e10] [c000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation. Signed-off-by: Thomas Zimmermann Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Sudip Mukherjee Reviewed-by: Daniel Vetter Reviewed-by: Javier Martinez Canillas Tested-by: Sudip Mukherjee Cc: Zack Rusin Cc: Javier Martinez Canillas Cc: Hans de Goede Cc: sta...@vger.kernel.org # v5.11+ Cc: Helge Deller Cc: Daniel Vetter Cc: Sam Ravnborg Cc: Zheyu Ma Cc: Xiyu Yang Cc: Zhen Lei Cc: Matthew Wilcox Cc: Alex Deucher Cc: Tetsuo Handa Cc: Guenter Roeck Cc: linux-fb...@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] Link: https://patchwork.freedesktop.org/patch/msgid/20220404194402.29974-1-tzimmerm...@suse.de Signed-off-by: Greg Kroah-Hartman --- drivers/video/fbdev/core/fbmem.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1581,7 +1581,14 @@ static void do_remove_conflicting_frameb * If it's not a platform device, at least print a warning. A * fix would add code to remove the device from the system. */ - if (dev_is_platform(device)) { + if (!device) { + /* TODO: Represent each OF framebuffer as its own +* device in the device hierarchy. For now, offb +* doesn't have such a device, so unregister the +* framebuffer as
Re: [PATCH] fbdev: Fix unregistering of framebuffers without device
Hi Am 05.04.22 um 11:01 schrieb Daniel Vetter: On Mon, Apr 04, 2022 at 09:44:02PM +0200, Thomas Zimmermann wrote: OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x0060 Faulting instruction address: 0xc080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c080dfa4 LR: c080df9c CTR: c0797430 REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 82009033 CR: 28228282 XER: 2000 CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 GPR00: c080df9c c4133280 c169d200 0029 GPR04: efff c4132f90 c4132f88 GPR08: c15658f8 c15cd200 c14f57d0 48228283 GPR12: c0003fffe300 2000 GPR16: 000113fc4a40 0005 000113fcfb80 GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 GPR24: 0001 000a c00800db0168 c21f6ec0 GPR28: c16d65a8 c4b36460 c16d64b0 NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c4133280] [c080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c4133350] [c080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c41333a0] [c080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c4133450] [c00800e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 [c4133e10] [c000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation. Signed-off-by: Thomas Zimmermann Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Sudip Mukherjee Cc: Zack Rusin Cc: Javier Martinez Canillas Cc: Hans de Goede Cc: sta...@vger.kernel.org # v5.11+ Cc: Helge Deller Cc: Daniel Vetter Cc: Sam Ravnborg Cc: Zheyu Ma Cc: Xiyu Yang Cc: Zhen Lei Cc: Matthew Wilcox Cc: Alex Deucher Cc: Tetsuo Handa Cc: Guenter Roeck Cc: linux-fb...@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] --- drivers/video/fbdev/core/fbmem.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 34d6bb1bf82e..a6bb0e438216 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1579,7 +1579,14 @@ static void do_remove_conflicting_framebuffers(struct apertures_struct *a, * If it's not a platform device, at least print a warning. A * fix would add code to remove the device from the system. */ - if (dev_is_platform(device)) { + if (!device) { + /* TODO: Represent each OF framebuffer as its own +* device in the device hierarchy. For now, offb +* doesn't have such a device, so unregister the +* framebuffer as before without warning. +*/ + do_unregister_framebuffer(registered_fb[i]); Reviewed-by: Daniel Vetter Might be good to have a fb_info flag for offb and then check in register_framebuffer that everyone else does have a device? Just to make sure we don't have more surprises here ... That exists already: all generic/firmware drivers are flagged with FBINFO_MISC_FIRMWARE specifically for the purpose of unloading. HW-native fbdev drivers don't have the flags and will never be unloaded. I double-checked and of the generic drivers, (efifb, vesafb, offb, simplefb, vga16) only offb had no device set. Best regards Thomas -Daniel + } else if (dev_is_platform(device)) {
Re: [PATCH] fbdev: Fix unregistering of framebuffers without device
Hello Thomas, On 4/4/22 21:44, Thomas Zimmermann wrote: > OF framebuffers do not have an underlying device in the Linux > device hierarchy. Do a regular unregister call instead of hot > unplugging such a non-existing device. Fixes a NULL dereference. > An example error message on ppc64le is shown below. > > BUG: Kernel NULL pointer dereference on read at 0x0060 > Faulting instruction address: 0xc080dfa4 > Oops: Kernel access of bad area, sig: 11 [#1] > LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries > [...] > CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 > NIP: c080dfa4 LR: c080df9c CTR: c0797430 > REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) > MSR: 82009033 CR: 28228282 XER: > 2000 > CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 > GPR00: c080df9c c4133280 c169d200 0029 > GPR04: efff c4132f90 c4132f88 > GPR08: c15658f8 c15cd200 c14f57d0 48228283 > GPR12: c0003fffe300 2000 > GPR16: 000113fc4a40 0005 000113fcfb80 > GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 > GPR24: 0001 000a c00800db0168 c21f6ec0 > GPR28: c16d65a8 c4b36460 c16d64b0 > NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 > [c4133280] [c080df9c] > do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) > [c4133350] [c080e4d0] > remove_conflicting_framebuffers+0x60/0x150 > [c41333a0] [c080e6f4] > remove_conflicting_pci_framebuffers+0x134/0x1b0 > [c4133450] [c00800e70438] > drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] > [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] > [...] > [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 > [c4133e10] [c000c3cc] system_call_common+0xec/0x250 > > The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug > firmware fb devices on forced removal"). Most firmware framebuffers > have an underlying platform device, which can be hot-unplugged > before loading the native graphics driver. OF framebuffers do not > (yet) have that device. Fix the code by unregistering the framebuffer > as before without a hot unplug. > I believe the assumption that all firmware fb would have an underlying device was a reasonable one and it's a pity that offb doesn't... But that is how things are and your patch is the least intrusive fix. Reviewed-by: Javier Martinez Canillas -- Best regards, Javier Martinez Canillas Linux Engineering Red Hat
Re: [PATCH] fbdev: Fix unregistering of framebuffers without device
On Mon, Apr 04, 2022 at 09:44:02PM +0200, Thomas Zimmermann wrote: > OF framebuffers do not have an underlying device in the Linux > device hierarchy. Do a regular unregister call instead of hot > unplugging such a non-existing device. Fixes a NULL dereference. > An example error message on ppc64le is shown below. > > BUG: Kernel NULL pointer dereference on read at 0x0060 > Faulting instruction address: 0xc080dfa4 > Oops: Kernel access of bad area, sig: 11 [#1] > LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries > [...] > CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 > NIP: c080dfa4 LR: c080df9c CTR: c0797430 > REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) > MSR: 82009033 CR: 28228282 XER: > 2000 > CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 > GPR00: c080df9c c4133280 c169d200 0029 > GPR04: efff c4132f90 c4132f88 > GPR08: c15658f8 c15cd200 c14f57d0 48228283 > GPR12: c0003fffe300 2000 > GPR16: 000113fc4a40 0005 000113fcfb80 > GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 > GPR24: 0001 000a c00800db0168 c21f6ec0 > GPR28: c16d65a8 c4b36460 c16d64b0 > NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 > [c4133280] [c080df9c] > do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) > [c4133350] [c080e4d0] > remove_conflicting_framebuffers+0x60/0x150 > [c41333a0] [c080e6f4] > remove_conflicting_pci_framebuffers+0x134/0x1b0 > [c4133450] [c00800e70438] > drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] > [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] > [...] > [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 > [c4133e10] [c000c3cc] system_call_common+0xec/0x250 > > The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug > firmware fb devices on forced removal"). Most firmware framebuffers > have an underlying platform device, which can be hot-unplugged > before loading the native graphics driver. OF framebuffers do not > (yet) have that device. Fix the code by unregistering the framebuffer > as before without a hot unplug. > > Tested with 5.17 on qemu ppc64le emulation. > > Signed-off-by: Thomas Zimmermann > Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced > removal") > Reported-by: Sudip Mukherjee > Cc: Zack Rusin > Cc: Javier Martinez Canillas > Cc: Hans de Goede > Cc: sta...@vger.kernel.org # v5.11+ > Cc: Helge Deller > Cc: Daniel Vetter > Cc: Sam Ravnborg > Cc: Zheyu Ma > Cc: Xiyu Yang > Cc: Zhen Lei > Cc: Matthew Wilcox > Cc: Alex Deucher > Cc: Tetsuo Handa > Cc: Guenter Roeck > Cc: linux-fb...@vger.kernel.org > Cc: dri-devel@lists.freedesktop.org > Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] > --- > drivers/video/fbdev/core/fbmem.c | 9 - > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/drivers/video/fbdev/core/fbmem.c > b/drivers/video/fbdev/core/fbmem.c > index 34d6bb1bf82e..a6bb0e438216 100644 > --- a/drivers/video/fbdev/core/fbmem.c > +++ b/drivers/video/fbdev/core/fbmem.c > @@ -1579,7 +1579,14 @@ static void do_remove_conflicting_framebuffers(struct > apertures_struct *a, >* If it's not a platform device, at least print a > warning. A >* fix would add code to remove the device from the > system. >*/ > - if (dev_is_platform(device)) { > + if (!device) { > + /* TODO: Represent each OF framebuffer as its > own > + * device in the device hierarchy. For now, offb > + * doesn't have such a device, so unregister the > + * framebuffer as before without warning. > + */ > + do_unregister_framebuffer(registered_fb[i]); Reviewed-by: Daniel Vetter Might be good to have a fb_info flag for offb and then check in register_framebuffer that everyone else does have a device? Just to make sure we don't have more surprises here ... -Daniel > + } else if (dev_is_platform(device)) { > registered_fb[i]->forced_out = true; > > platform_device_unregister(to_platform_device(device)); > } else { > -- > 2.35.1 > -- Daniel Vetter Software Engineer, Intel Corporation
[PATCH] fbdev: Fix unregistering of framebuffers without device
OF framebuffers do not have an underlying device in the Linux device hierarchy. Do a regular unregister call instead of hot unplugging such a non-existing device. Fixes a NULL dereference. An example error message on ppc64le is shown below. BUG: Kernel NULL pointer dereference on read at 0x0060 Faulting instruction address: 0xc080dfa4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries [...] CPU: 2 PID: 139 Comm: systemd-udevd Not tainted 5.17.0-ae085d7f9365 #1 NIP: c080dfa4 LR: c080df9c CTR: c0797430 REGS: c4132fe0 TRAP: 0300 Not tainted (5.17.0-ae085d7f9365) MSR: 82009033 CR: 28228282 XER: 2000 CFAR: c000c80c DAR: 0060 DSISR: 4000 IRQMASK: 0 GPR00: c080df9c c4133280 c169d200 0029 GPR04: efff c4132f90 c4132f88 GPR08: c15658f8 c15cd200 c14f57d0 48228283 GPR12: c0003fffe300 2000 GPR16: 000113fc4a40 0005 000113fcfb80 GPR20: 01000f7283b0 c0e4a588 c0e4a5b0 GPR24: 0001 000a c00800db0168 c21f6ec0 GPR28: c16d65a8 c4b36460 c16d64b0 NIP [c080dfa4] do_remove_conflicting_framebuffers+0x184/0x1d0 [c4133280] [c080df9c] do_remove_conflicting_framebuffers+0x17c/0x1d0 (unreliable) [c4133350] [c080e4d0] remove_conflicting_framebuffers+0x60/0x150 [c41333a0] [c080e6f4] remove_conflicting_pci_framebuffers+0x134/0x1b0 [c4133450] [c00800e70438] drm_aperture_remove_conflicting_pci_framebuffers+0x90/0x100 [drm] [c4133490] [c00800da0ce4] bochs_pci_probe+0x6c/0xa64 [bochs] [...] [c4133db0] [c002aaa0] system_call_exception+0x170/0x2d0 [c4133e10] [c000c3cc] system_call_common+0xec/0x250 The bug [1] was introduced by commit 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal"). Most firmware framebuffers have an underlying platform device, which can be hot-unplugged before loading the native graphics driver. OF framebuffers do not (yet) have that device. Fix the code by unregistering the framebuffer as before without a hot unplug. Tested with 5.17 on qemu ppc64le emulation. Signed-off-by: Thomas Zimmermann Fixes: 27599aacbaef ("fbdev: Hot-unplug firmware fb devices on forced removal") Reported-by: Sudip Mukherjee Cc: Zack Rusin Cc: Javier Martinez Canillas Cc: Hans de Goede Cc: sta...@vger.kernel.org # v5.11+ Cc: Helge Deller Cc: Daniel Vetter Cc: Sam Ravnborg Cc: Zheyu Ma Cc: Xiyu Yang Cc: Zhen Lei Cc: Matthew Wilcox Cc: Alex Deucher Cc: Tetsuo Handa Cc: Guenter Roeck Cc: linux-fb...@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Link: https://lore.kernel.org/all/YkHXO6LGHAN0p1pq@debian/ # [1] --- drivers/video/fbdev/core/fbmem.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c index 34d6bb1bf82e..a6bb0e438216 100644 --- a/drivers/video/fbdev/core/fbmem.c +++ b/drivers/video/fbdev/core/fbmem.c @@ -1579,7 +1579,14 @@ static void do_remove_conflicting_framebuffers(struct apertures_struct *a, * If it's not a platform device, at least print a warning. A * fix would add code to remove the device from the system. */ - if (dev_is_platform(device)) { + if (!device) { + /* TODO: Represent each OF framebuffer as its own +* device in the device hierarchy. For now, offb +* doesn't have such a device, so unregister the +* framebuffer as before without warning. +*/ + do_unregister_framebuffer(registered_fb[i]); + } else if (dev_is_platform(device)) { registered_fb[i]->forced_out = true; platform_device_unregister(to_platform_device(device)); } else { -- 2.35.1