From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?Q2zDqW1lbnQ=?= Calmels Subject: Radeon atombios power state can cause NULL pointer dereference Date: Fri, 24 May 2013 01:07:54 +0200 Message-ID: <20130524010754.4841195c@gromit> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail-we0-f170.google.com (mail-we0-f170.google.com [74.125.82.170]) by gabe.freedesktop.org (Postfix) with ESMTP id 93659E5C7D for ; Thu, 23 May 2013 16:07:57 -0700 (PDT) Received: by mail-we0-f170.google.com with SMTP id u59so1763246wes.15 for ; Thu, 23 May 2013 16:07:56 -0700 (PDT) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org Errors-To: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org To: dri-devel@lists.freedesktop.org, David Airlie List-Id: dri-devel@lists.freedesktop.org Hi, My Packard Bell Dot M/A laptop (ATI x1200/rs690m) fails during resume: [ 73.033179] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 73.033184] IP: [] radeon_pm_resume+0xda/0x137 [radeon] [ 73.033227] PGD 0 [ 73.033231] Oops: 0000 [#1] SMP [ 73.033236] CPU 0 [ 73.033238] Modules linked in: cryptd aes_x86_64 aes_generic uinput loop snd_hda_codec_realtek arc4 ath9k joydev snd_hda_intel radeon ath9k_common ath9k_hw snd_hda_codec ath ttm snd_hwdep uvcvideo drm_kms_helper mac80211 videodev snd_pcm snd_page_alloc snd_seq snd_seq_device snd_timer drm v4l2_compat_ioctl32 media cfg80211 edac_mce_amd mperf acerhdf acer_wmi snd sp5100_tco sparse_keymap pcspkr edac_core rfkill soundcore i2c_piix4 i2c_algo_bit k8temp psmouse i2c_core evdev serio_raw video wmi shpchp processor ac battery power_supply button ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif ata_generic ahci libahci pata_atiixp libata ohci_hcd ehci_hcd usbcore scsi_mod thermal thermal_sys r8169 mii usb_common [last unloaded: scsi_wait_scan] [ 73.033304] [ 73.033310] Pid: 154, comm: kworker/u:6 Not tainted 3.2.0-4-amd64 #1 Debian 3.2.41-2+deb7u2 Packard Bell DOTMA /SJM11-YK [ 73.033317] RIP: 0010:[] [] radeon_pm_resume+0xda/0x137 [radeon] [ 73.033347] RSP: 0018:ffff880037631db0 EFLAGS: 00010297 [ 73.033350] RAX: ffff88006b8fa1d0 RBX: ffff88003715c000 RCX: 0000000000000000 [ 73.033354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003715d3a8 [ 73.033358] RBP: ffff88003715d3a8 R08: 0000000000000002 R09: 0000000000000028 [ 73.033362] R10: 0000000000001700 R11: 0000000000001700 R12: 0000000000000000 [ 73.033366] R13: ffffffff8142db90 R14: ffff88006d733c05 R15: ffff88006b6156d0 [ 73.033372] FS: 00007f96cf0ea700(0000) GS:ffff88006fc00000(0000) knlGS:0000000000000000 [ 73.033376] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 73.033380] CR2: 0000000000000020 CR3: 0000000001605000 CR4: 00000000000006f0 [ 73.033385] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.033389] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 73.033394] Process kworker/u:6 (pid: 154, threadinfo ffff880037630000, task ffff8800375415d0) [ 73.033397] Stack: [ 73.033399] ffff88006b737000 ffff88003715c000 ffff88006b737000 ffffffffa03d5a26 [ 73.033406] ffff88006cc57090 0000000000000000 0000000000000000 ffffffff81255b88 [ 73.033411] ffff880037631d2c ffff88006cc57090 ffff88006cc570f0 0000000000000000 [ 73.033417] Call Trace: [ 73.033439] [] ? radeon_resume_kms+0x82/0x114 [radeon] [ 73.033448] [] ? pm_op+0xa1/0x141 [ 73.033455] [] ? device_resume+0xa2/0xfc [ 73.033461] [] ? async_resume+0x14/0x38 [ 73.033469] [] ? async_run_entry_fn+0x96/0x142 [ 73.033475] [] ? process_one_work+0x161/0x264 [ 73.033484] [] ? need_to_create_worker+0x9/0x1c [ 73.033489] [] ? worker_thread+0xc2/0x145 [ 73.033495] [] ? manage_workers.isra.25+0x15b/0x15b [ 73.033502] [] ? kthread+0x76/0x7e [ 73.033509] [] ? kernel_thread_helper+0x4/0x10 [ 73.033515] [] ? kthread_worker_fn+0x139/0x139 [ 73.033521] [] ? gs_change+0x13/0x13 [ 73.033523] Code: 14 00 00 8b 93 38 14 00 00 89 83 14 14 00 00 48 6b c0 30 48 03 83 08 14 00 00 89 93 2c 14 00 00 83 bb 48 14 00 00 01 48 8b 50 08 <8b> 52 20 66 89 93 30 14 00 00 48 8b 40 08 66 8b 40 22 66 89 83 [ 73.033565] RIP [] radeon_pm_resume+0xda/0x137 [radeon] [ 73.033593] RSP [ 73.033596] CR2: 0000000000000020 Digging a little bit, the issue can be highlighted with this patch: --- drivers/gpu/drm/radeon/radeon_atombios.c.orig 2013-05-23 21:54:50.514665155 +0200 +++ drivers/gpu/drm/radeon/radeon_atombios.c 2013-05-24 00:20:43.149263167 +0200 @@ -2159,6 +2159,7 @@ static int radeon_atombios_parse_power_t } /* last mode is usually default */ if (rdev->pm.default_power_state_index == -1) { + WARN_ON(state_index == 0); rdev->pm.power_state[state_index - 1].type = POWER_STATE_TYPE_DEFAULT; rdev->pm.default_power_state_index = state_index - 1; In my case, the laptop report 0 for memory clock for all power states. At the end of the for loop, state_index still equals 0, leading to a wrong access in the rdev->pm.power_state array. When switching memory clock in async mode (instead of sync mode) within the bios, the laptop correctly reports its value (ie 333MHz). Regards, Clement