Commit b74d7a61 authored by Gu Zitao's avatar Gu Zitao Committed by Zheng Zengkai
Browse files

sw64: gpu/drm: fix kernel crash caused by drm driver 

Sunway inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SPZD


CVE: NA

-------------------------------

It causes kernel to crash when loading AST video card driver on sw64
arch showing as follows:

ast 0000:0c:00.0: [drm] fb0: astdrmfb frame buffer device
Unable to handle kernel paging request at virtual address fff08d00e0000000
CPU 0 kworker/0:2(370): Oops 1
pc = [<ffffffff81086560>]  ra = [<ffffffff811f475c>]  ps = 0000    Not tainted
pc is at memcpy+0xa0/0x260
ra is at drm_fb_helper_dirty_work+0x18c/0x2c0
v0 = fff08d00e0000000  t0 = 0000000000000000  t1 = 0000000000001000
t2 = 0000000000000000  t3 = fff000010730fd60  t4 = 0000000000000001
t5 = 0000000000000004  t6 = fff08d00e0000040  t7 = fff000010730c000
s0 = fff0000107a218d0  s1 = fffff0000d05a000  s2 = fff00001079e1400
s3 = 0000000000001000  s4 = fff08d00e0000000  s5 = 0000000000000000
s6 = fff000010730fdc8
a0 = fff08d00e0000000  a1 = fffff0000d05a000  a2 = 0000000000001000
a3 = fff000400690ce20  a4 = 0000000000000001  a5 = 0000000000000000
t8 = fff00001079e8740  t9 = fff000400690c800  t10 = fffff7f0800d1800
t11= 000000000000b940  pv = ffffffff810864c0  at = 0000000000000000
gp = ffffffff8211b170  sp = (____ptrval____)
Disabling lock debugging due to kernel taint
Trace:
[<ffffffff819833c8>] ww_mutex_unlock+0x38/0x70
[<ffffffff811ce054>] drm_gem_vram_vmap+0x114/0x1e0
[<ffffffff811ce144>] drm_gem_vram_object_vmap+0x24/0x70
[<ffffffff811f46c0>] drm_fb_helper_dirty_work+0xf0/0x2c0
[<ffffffff8097a500>] process_one_work+0x280/0x5d0
[<ffffffff8097a8c0>] worker_thread+0x70/0x7c0
[<ffffffff8098638c>] kthread+0x1fc/0x210
[<ffffffff8097a850>] worker_thread+0x0/0x7c0
[<ffffffff809862d8>] kthread+0x148/0x210
[<ffffffff80911738>] ret_from_kernel_thread+0x18/0x20
[<ffffffff80986190>] kthread+0x0/0x210

The backtrace indicates that the shadow framebuffer copy in
drm_fb_helper_dirty_blit_real() should access the real framebuffer
using an IO access typically implemented using a physical (ASI_PHYS)
access on sw64, so let's fix it.

Signed-off-by: Gu Zitao <guzitao@wxiat.com> #openEuler_contributor
Signed-off-by: default avatarLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: default avatarHanjun Guo <guohanjun@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 677eadb4
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment