Re: video: fbdev: Convert timers to use timer_setup()

2017-11-14 Thread Kees Cook 
On Mon, Nov 13, 2017 at 5:45 PM, Guenter Roeck  wrote:
> On Tue, Oct 24, 2017 at 08:20:26AM -0700, Kees Cook wrote:
>> In preparation for unconditionally passing the struct timer_list pointer to
>> all timer callbacks, switch to using the new timer_setup() and from_timer()
>> to pass the timer pointer explicitly. One tracking pointer was added, and
>> one initialization was cleaned up.
>>
>> Cc: Bartlomiej Zolnierkiewicz 
>> Cc: Benjamin Herrenschmidt 
>> Cc: Tomi Valkeinen 
>> Cc: David Lechner 
>> Cc: Daniel Vetter 
>> Cc: Sean Paul 
>> Cc: Jean Delvare 
>> Cc: Hans de Goede 
>> Cc: "Gustavo A. R. Silva" 
>> Cc: linux-fb...@vger.kernel.org
>> Cc: dri-devel@lists.freedesktop.org
>> Cc: linux-o...@vger.kernel.org
>> Signed-off-by: Kees Cook 
>
> Hi Kees,
>
> this patch causes a large number of qemu crashes.
>
> Unable to handle kernel NULL pointer dereference at virtual address 0194
> pgd = c0004000
> [0194] *pgd=
> Internal error: Oops: 5 [#1] ARM
> Modules linked in:
> CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-next-20171113 #1
> Hardware name: ARM-Versatile (Device Tree Support)
> task: c04df238 task.stack: c04da000
> PC is at queue_work_on+0x1c/0x48
> ...
> [] (queue_work_on) from [] 
> (cursor_timer_handler+0x20/0x44)
> [] (cursor_timer_handler) from [] 
> (call_timer_fn+0x24/0xa0)
> [] (call_timer_fn) from [] (expire_timers+0x7c/0x8c)
> [] (expire_timers) from [] (run_timer_softirq+0x88/0x184)
> [] (run_timer_softirq) from [] (__do_softirq+0xe0/0x238)
> [] (__do_softirq) from [] (irq_exit+0xb4/0xd0)
> [] (irq_exit) from [] (__handle_domain_irq+0x50/0xa8)
> [] (__handle_domain_irq) from [] 
> (vic_handle_irq+0x54/0x94)
> [] (vic_handle_irq) from [] (__irq_svc+0x68/0x84)
>
> See
> http://kerneltests.org/builders/qemu-arm-next/builds/806/steps/qemubuildcommand/logs/stdio
> for complete crash logs.
>
> Reverting the patch fixes the problem.
>
> Images for various other architectures crash as well in next-20171113,
> but I didn't bisect those. It looks like there are additional (possibly irq
> related) problems in the latest -next kernel; I don't know if those are
> also related to timer changes.

I think this is already fixed here:
https://marc.info/?l=linux-fbdev=151056635200583=2

If not, please let me know! :)

-Kees

-- 
Kees Cook
Pixel Security
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel

Re: video: fbdev: Convert timers to use timer_setup()

2017-11-14 Thread Guenter Roeck 
On Tue, Oct 24, 2017 at 08:20:26AM -0700, Kees Cook wrote:
> In preparation for unconditionally passing the struct timer_list pointer to
> all timer callbacks, switch to using the new timer_setup() and from_timer()
> to pass the timer pointer explicitly. One tracking pointer was added, and
> one initialization was cleaned up.
> 
> Cc: Bartlomiej Zolnierkiewicz 
> Cc: Benjamin Herrenschmidt 
> Cc: Tomi Valkeinen 
> Cc: David Lechner 
> Cc: Daniel Vetter 
> Cc: Sean Paul 
> Cc: Jean Delvare 
> Cc: Hans de Goede 
> Cc: "Gustavo A. R. Silva" 
> Cc: linux-fb...@vger.kernel.org
> Cc: dri-devel@lists.freedesktop.org
> Cc: linux-o...@vger.kernel.org
> Signed-off-by: Kees Cook 

Hi Kees,

this patch causes a large number of qemu crashes.

Unable to handle kernel NULL pointer dereference at virtual address 0194
pgd = c0004000
[0194] *pgd=
Internal error: Oops: 5 [#1] ARM
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-next-20171113 #1
Hardware name: ARM-Versatile (Device Tree Support)
task: c04df238 task.stack: c04da000
PC is at queue_work_on+0x1c/0x48
...
[] (queue_work_on) from [] (cursor_timer_handler+0x20/0x44)
[] (cursor_timer_handler) from [] (call_timer_fn+0x24/0xa0)
[] (call_timer_fn) from [] (expire_timers+0x7c/0x8c)
[] (expire_timers) from [] (run_timer_softirq+0x88/0x184)
[] (run_timer_softirq) from [] (__do_softirq+0xe0/0x238)
[] (__do_softirq) from [] (irq_exit+0xb4/0xd0)
[] (irq_exit) from [] (__handle_domain_irq+0x50/0xa8)
[] (__handle_domain_irq) from [] (vic_handle_irq+0x54/0x94)
[] (vic_handle_irq) from [] (__irq_svc+0x68/0x84)

See
http://kerneltests.org/builders/qemu-arm-next/builds/806/steps/qemubuildcommand/logs/stdio
for complete crash logs.

Reverting the patch fixes the problem.

Images for various other architectures crash as well in next-20171113,
but I didn't bisect those. It looks like there are additional (possibly irq
related) problems in the latest -next kernel; I don't know if those are
also related to timer changes.

Guenter

---
git bisect log:

# bad: [c348a99ee55feac43b5b62a5957c6d8e2b6c3abe] Add linux-next specific files 
for 20171113
# good: [bebc6082da0a9f5d47a1ea2edc099bf671058bd4] Linux 4.14
git bisect start 'HEAD' 'v4.14'
# bad: [ef01732397847b006e3a9147829739c490b8272c] Merge remote-tracking branch 
'crypto/master'
git bisect bad ef01732397847b006e3a9147829739c490b8272c
# good: [16337aaf7b06176148e7007dc20e34cd1e634a0f] Merge remote-tracking branch 
'v4l-dvb/master'
git bisect good 16337aaf7b06176148e7007dc20e34cd1e634a0f
# good: [2ae21cf527da0e5cf9d7ee14bd5b0909bb9d1a75] tcp: Namespace-ify 
sysctl_tcp_early_retrans
git bisect good 2ae21cf527da0e5cf9d7ee14bd5b0909bb9d1a75
# good: [fdae5f37a88caed9d2105f5a1ff609322f9e5416] Merge 
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
git bisect good fdae5f37a88caed9d2105f5a1ff609322f9e5416
# bad: [01ff3f27ce88684a034bfad8fe5f5f99db04030e] Merge remote-tracking branch 
'mac80211-next/master'
git bisect bad 01ff3f27ce88684a034bfad8fe5f5f99db04030e
# good: [e5b9855372a0f3d53d8e84b51d781a736e5b7e99] Merge branch 
'device-properties' into linux-next
git bisect good e5b9855372a0f3d53d8e84b51d781a736e5b7e99
# bad: [1417face305e9e10f8e65216e9bcb7a74c4e42ff] Merge remote-tracking branch 
'thermal/next'
git bisect bad 1417face305e9e10f8e65216e9bcb7a74c4e42ff
# bad: [e7528eca7b6e5b7d7d5b9dbcf39b31a535bfb32f] Merge remote-tracking branch 
'pm/linux-next'
git bisect bad e7528eca7b6e5b7d7d5b9dbcf39b31a535bfb32f
# good: [ab798b908737e999e5d9bcebe972e9d5002583cc] video: fbdev: au1200fb: 
Style clean up
git bisect good ab798b908737e999e5d9bcebe972e9d5002583cc
# good: [0101f48ae50d700becafbbba2c57005174c54658] video: fbdev: aty: 
radeon_pm: mark expected switch fall-throughs
git bisect good 0101f48ae50d700becafbbba2c57005174c54658
# bad: [1fc1d27c1ab07a8830a0139f45508a49c6d71729] Merge remote-tracking branch 
'fbdev/fbdev-for-next'
git bisect bad 1fc1d27c1ab07a8830a0139f45508a49c6d71729
# good: [ac831a379d34109451b3c41a44a20ee10ecb615f] fbdev: controlfb: Add 
missing modes to fix out of bounds access
git bisect good ac831a379d34109451b3c41a44a20ee10ecb615f
# bad: [6c78935777d12ead2d32adf3eb525a24faf02d04] video: fbdev: Convert timers 
to use timer_setup()
git bisect bad 6c78935777d12ead2d32adf3eb525a24faf02d04
# good: [e4a67df75a7b93b1bcddf576fa9122da2305dc8b] video: fbdev: pxa3xx_gcu: 
Convert timers to use timer_setup()
git bisect good e4a67df75a7b93b1bcddf576fa9122da2305dc8b
# first bad commit: [6c78935777d12ead2d32adf3eb525a24faf02d04] video: fbdev: 
Convert timers to use timer_setup()
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel