From mboxrd@z Thu Jan 1 00:00:00 1970 From: Inki Dae Subject: Re: [PATCH] drm/exynos: Check for NULL dereference of crtc Date: Fri, 06 Mar 2015 22:13:42 +0900 Message-ID: <54F9A806.6020605@samsung.com> References: <1424193281-30401-1-git-send-email-ckeepax@opensource.wolfsonmicro.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-reply-to: <1424193281-30401-1-git-send-email-ckeepax@opensource.wolfsonmicro.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Charles Keepax Cc: linux-samsung-soc@vger.kernel.org, sw0312.kim@samsung.com, linux-kernel@vger.kernel.org, dri-devel@lists.freedesktop.org, kyungmin.park@samsung.com, kgene@kernel.org List-Id: linux-samsung-soc@vger.kernel.org T24gMjAxNeuFhCAwMuyblCAxOOydvCAwMjoxNCwgQ2hhcmxlcyBLZWVwYXggd3JvdGU6Cj4gVGhl IGNvbW1pdCAiZHJtL2V4eW5vczogcmVtb3ZlIGV4eW5vc19wbGFuZV9kcG1zIiAoZDllYTYyNTYp IHJlbW92ZWQgdGhlCj4gdXNlIG9mIHRoZSBlbmFibGVkIGZsYWcsIHdoaWNoIG1lYW5zIHRoYXQg dGhlIGNvZGUgbWF5IGF0dGVtcHQgdG8gY2FsbAo+IHdpbl9lbmFibGUgb24gYSBOVUxMIGNydGMu IFRoaXMgcmVzdWx0cyBpbiB0aGUgZm9sbG93aW5nIG9vcHMgb24KCkhtbS4uLiBpdCdzIHN0cmFu Z2UuIHBsYW5lLT5mdW5jcy0+ZGVzdHJveSgpIGlzIGNhbGxlZCBwcmlvciB0bwpjcnRjLT5mdW5j cy0+ZGVzdHJveSgpIHNvIGl0IHNob3VsZCBiZSBleHlub3NfY3J0YyBpcyBub3QgTlVMTC4gSG93 ZXZlciwKaXQgc2VlbXMgdGhlcmUgaXMgYW55IGNvcm5lciBjYXNlIHdlIGRpZG4ndCBjYXRjaCB1 cC4KCkFwcGxpZWQuCgpUaGFua3MsCklua2kgRGFlCgo+IEFybmRhbGU6Cj4gCj4gWyAgICAxLjY3 MzQ3OV0gVW5hYmxlIHRvIGhhbmRsZSBrZXJuZWwgTlVMTCBwb2ludGVyIGRlcmVmZXJlbmNlIGF0 IHZpcnR1YWwgYWRkcmVzcyAwMDAwMDM2OAo+IFsgICAgMS42ODE1MDBdIHBnZCA9IGMwMDA0MDAw Cj4gWyAgICAxLjY4NDE1NF0gWzAwMDAwMzY4XSAqcGdkPTAwMDAwMDAwCj4gWyAgICAxLjY4Nzcx M10gSW50ZXJuYWwgZXJyb3I6IE9vcHM6IDUgWyMxXSBQUkVFTVBUIFNNUCBBUk0KPiBbICAgIDEu NjkzMDEyXSBNb2R1bGVzIGxpbmtlZCBpbjoKPiBbICAgIDEuNjk2MDQ1XSBDUFU6IDEgUElEOiAx IENvbW06IHN3YXBwZXIvMCBOb3QgdGFpbnRlZAo+IDMuMTkuMC0wNzU0NS1nNTc0ODVmYSAjMTkw Nwo+IFsgICAgMS43MDM1MjRdIEhhcmR3YXJlIG5hbWU6IFNBTVNVTkcgRVhZTk9TIChGbGF0dGVu ZWQgRGV2aWNlIFRyZWUpCj4gKC4uLi4pCj4gWyAgICAyLjAxNDgwM10gWzxjMDJmOWNmYz5dIChl eHlub3NfcGxhbmVfZGVzdHJveSkgZnJvbSBbPGMwMmU2MWI0Pl0gKGRybV9tb2RlX2NvbmZpZ19j bGVhbnVwKzB4MTY4LzB4MjBjKQo+IFsgICAgMi4wMjQxNzhdIFs8YzAyZTYxYjQ+XSAoZHJtX21v ZGVfY29uZmlnX2NsZWFudXApIGZyb20gWzxjMDJmNjZmYz5dIChleHlub3NfZHJtX2xvYWQrMHhh Yy8weDEyYykKPiAKPiBUaGlzIHBhdGNoIGFkZHMgaW4gYSBjaGVjayB0byBlbnN1cmUgZXh5bm9z X2NydGMgaXMgbm90IE5VTEwgYmVmb3JlIGl0Cj4gaXMgZGVyZWZlcmVuY2VkLgo+IAo+IFNpZ25l ZC1vZmYtYnk6IENoYXJsZXMgS2VlcGF4IDxja2VlcGF4QG9wZW5zb3VyY2Uud29sZnNvbm1pY3Jv LmNvbT4KPiAtLS0KPiAgZHJpdmVycy9ncHUvZHJtL2V4eW5vcy9leHlub3NfZHJtX3BsYW5lLmMg fCAgICAyICstCj4gIDEgZmlsZXMgY2hhbmdlZCwgMSBpbnNlcnRpb25zKCspLCAxIGRlbGV0aW9u cygtKQo+IAo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2dwdS9kcm0vZXh5bm9zL2V4eW5vc19kcm1f cGxhbmUuYyBiL2RyaXZlcnMvZ3B1L2RybS9leHlub3MvZXh5bm9zX2RybV9wbGFuZS5jCj4gaW5k ZXggMmRmYjg0Ny4uNzhmYzBhMSAxMDA2NDQKPiAtLS0gYS9kcml2ZXJzL2dwdS9kcm0vZXh5bm9z L2V4eW5vc19kcm1fcGxhbmUuYwo+ICsrKyBiL2RyaXZlcnMvZ3B1L2RybS9leHlub3MvZXh5bm9z X2RybV9wbGFuZS5jCj4gQEAgLTE3Niw3ICsxNzYsNyBAQCBzdGF0aWMgaW50IGV4eW5vc19kaXNh YmxlX3BsYW5lKHN0cnVjdCBkcm1fcGxhbmUgKnBsYW5lKQo+ICAJc3RydWN0IGV4eW5vc19kcm1f cGxhbmUgKmV4eW5vc19wbGFuZSA9IHRvX2V4eW5vc19wbGFuZShwbGFuZSk7Cj4gIAlzdHJ1Y3Qg ZXh5bm9zX2RybV9jcnRjICpleHlub3NfY3J0YyA9IHRvX2V4eW5vc19jcnRjKHBsYW5lLT5jcnRj KTsKPiAgCj4gLQlpZiAoZXh5bm9zX2NydGMtPm9wcy0+d2luX2Rpc2FibGUpCj4gKwlpZiAoZXh5 bm9zX2NydGMgJiYgZXh5bm9zX2NydGMtPm9wcy0+d2luX2Rpc2FibGUpCj4gIAkJZXh5bm9zX2Ny dGMtPm9wcy0+d2luX2Rpc2FibGUoZXh5bm9zX2NydGMsCj4gIAkJCQkJICAgICAgZXh5bm9zX3Bs YW5lLT56cG9zKTsKPiAgCj4gCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVz a3RvcC5vcmcKaHR0cDovL2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2Ry aS1kZXZlbAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753810AbbCFNNs (ORCPT ); Fri, 6 Mar 2015 08:13:48 -0500 Received: from mailout4.samsung.com ([203.254.224.34]:31779 "EHLO mailout4.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751138AbbCFNNp (ORCPT ); Fri, 6 Mar 2015 08:13:45 -0500 MIME-version: 1.0 Content-type: text/plain; charset=UTF-8 X-AuditID: cbfee691-f79b86d000004a5a-30-54f9a806dbdf Content-transfer-encoding: 8BIT Message-id: <54F9A806.6020605@samsung.com> Date: Fri, 06 Mar 2015 22:13:42 +0900 From: Inki Dae User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 To: Charles Keepax Cc: jy0922.shim@samsung.com, sw0312.kim@samsung.com, kyungmin.park@samsung.com, airlied@linux.ie, kgene@kernel.org, dri-devel@lists.freedesktop.org, linux-samsung-soc@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] drm/exynos: Check for NULL dereference of crtc References: <1424193281-30401-1-git-send-email-ckeepax@opensource.wolfsonmicro.com> In-reply-to: <1424193281-30401-1-git-send-email-ckeepax@opensource.wolfsonmicro.com> X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrLIsWRmVeSWpSXmKPExsWyRsSkSJd9xc8Qg7YnTBa9504yWfybcoPd 4srX92wWL+5dZLHof/ya2eJs0xt2i8u75rBZzDi/j8lixuSXbA6cHptWdbJ5bP/2gNXjfvdx Jo+XE3+zefRtWcXo8XmTXABbFJdNSmpOZllqkb5dAlfG5xtHWApOC1R86VzG1sB4mbeLkYND QsBEYvf2rC5GTiBTTOLCvfVsXYxcHEICSxkleq+dZoJImEj0Nn9lh0gsYpT49Xg+WIJXQFDi x+R7LCCDmAXkJY5cygYJMwuoS0yat4gZov4Vo0TXubmMIDW8AloS77oiQGpYBFQlFj17wQJi swHZE1fcZwOxRQXCJF682sUMYosIWEhMWXKLGWLmDUaJ1hW5ILawgLPE0pOPGUFsIYFQie9v zzCBjOcE6j11QxTi5LfsEu+7oiBWCUh8m3yIBeJdWYlNB5ghSiQlDq64wTKBUWwWkl9mIfwy C8kvCxiZVzGKphYkFxQnpReZ6hUn5haX5qXrJefnbmIExuLpf88m7mC8f8D6EKMAB6MSD6+G 4M8QIdbEsuLK3EOMpkBHTGSWEk3OB0Z8Xkm8obGZkYWpiamxkbmlmZI4r470z2AhgfTEktTs 1NSC1KL4otKc1OJDjEwcnFINjLpT0yL/Lb/9i+uQ0vPkK8mNV3k+OaltNPDQlLwrPK/s796H KYcTXh1TD2G5s8tGbZ/AMaMTS66GcHkIptSye/ederthcfjq6qw+zYrJnIdfSC7lKZw1cd8F WbVp2zMWz/LcVWZ0bFuSgoP7sRPcs9Mj+jnn5D2W8jnly3X1TPNG80S+C09PdyqxFGckGmox FxUnAgBgqTl9wAIAAA== X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJIsWRmVeSWpSXmKPExsVy+t9jAV22FT9DDM48N7foPXeSyeLflBvs Fle+vmezeHHvIotF/+PXzBZnm96wW1zeNYfNYsb5fUwWMya/ZHPg9Ni0qpPNY/u3B6we97uP M3m8nPibzaNvyypGj8+b5ALYohoYbTJSE1NSixRS85LzUzLz0m2VvIPjneNNzQwMdQ0tLcyV FPISc1NtlVx8AnTdMnOAzlJSKEvMKQUKBSQWFyvp22GaEBripmsB0xih6xsSBNdjZIAGEtYw Zny+cYSl4LRAxZfOZWwNjJd5uxg5OSQETCR6m7+yQ9hiEhfurWfrYuTiEBJYxCjx6/F8JpAE r4CgxI/J91i6GDk4mAXkJY5cygYJMwuoS0yat4gZov4Vo0TXubmMIDW8AloS77oiQGpYBFQl Fj17wQJiswHZE1fcZwOxRQXCJF682sUMYosIWEhMWXKLGWLmDUaJ1hW5ILawgLPE0pOPGUFs IYFQie9vzzCBjOcE6j11Q3QCo8AsJMfNQjhuFpLjFjAyr2IUTS1ILihOSs810itOzC0uzUvX S87P3cQIjvZn0jsYVzVYHGIU4GBU4uHVEPwZIsSaWFZcmXuIUYKDWUmEl3M5UIg3JbGyKrUo P76oNCe1+BCjKdBvE5mlRJPzgYkoryTe0NjEzMjSyNzQwsjYXEmcV8m+LURIID2xJDU7NbUg tQimj4mDU6qBsdnEKoj/2YGsiQdP/NdetKwuIX9e3uvzsj5dvM8nSf6Nj5l8wEp5yazr2yTS 9pl9e5iorv3zdehVcVmpzcw/4lz/m1/6v8Zip7UOf/6j15cEn3zR2NgVk2o+fZvru5CG2TP+ rdwvV6Z4cP7ZNZHXTa9KuRgF3VipPU9/vlMN+0Qx9pt/t/3Tn6zEUpyRaKjFXFScCADb3n37 DAMAAA== DLP-Filter: Pass X-MTR: 20000000000000000@CPGS X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2015년 02월 18일 02:14, Charles Keepax wrote: > The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the > use of the enabled flag, which means that the code may attempt to call > win_enable on a NULL crtc. This results in the following oops on Hmm... it's strange. plane->funcs->destroy() is called prior to crtc->funcs->destroy() so it should be exynos_crtc is not NULL. However, it seems there is any corner case we didn't catch up. Applied. Thanks, Inki Dae > Arndale: > > [ 1.673479] Unable to handle kernel NULL pointer dereference at virtual address 00000368 > [ 1.681500] pgd = c0004000 > [ 1.684154] [00000368] *pgd=00000000 > [ 1.687713] Internal error: Oops: 5 [#1] PREEMPT SMP ARM > [ 1.693012] Modules linked in: > [ 1.696045] CPU: 1 PID: 1 Comm: swapper/0 Not tainted > 3.19.0-07545-g57485fa #1907 > [ 1.703524] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) > (....) > [ 2.014803] [] (exynos_plane_destroy) from [] (drm_mode_config_cleanup+0x168/0x20c) > [ 2.024178] [] (drm_mode_config_cleanup) from [] (exynos_drm_load+0xac/0x12c) > > This patch adds in a check to ensure exynos_crtc is not NULL before it > is dereferenced. > > Signed-off-by: Charles Keepax > --- > drivers/gpu/drm/exynos/exynos_drm_plane.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/gpu/drm/exynos/exynos_drm_plane.c b/drivers/gpu/drm/exynos/exynos_drm_plane.c > index 2dfb847..78fc0a1 100644 > --- a/drivers/gpu/drm/exynos/exynos_drm_plane.c > +++ b/drivers/gpu/drm/exynos/exynos_drm_plane.c > @@ -176,7 +176,7 @@ static int exynos_disable_plane(struct drm_plane *plane) > struct exynos_drm_plane *exynos_plane = to_exynos_plane(plane); > struct exynos_drm_crtc *exynos_crtc = to_exynos_crtc(plane->crtc); > > - if (exynos_crtc->ops->win_disable) > + if (exynos_crtc && exynos_crtc->ops->win_disable) > exynos_crtc->ops->win_disable(exynos_crtc, > exynos_plane->zpos); > >