From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michel Thierry Subject: Re: NULL ptr dereference in current i915 driver Date: Wed, 22 Apr 2015 17:11:37 +0100 Message-ID: <5537C839.2060702@intel.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8"; Format="flowed" Content-Transfer-Encoding: base64 Return-path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by gabe.freedesktop.org (Postfix) with ESMTP id 3F2F66E0B2 for ; Wed, 22 Apr 2015 09:11:40 -0700 (PDT) In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: intel-gfx-bounces@lists.freedesktop.org Sender: "Intel-gfx" To: Linus Torvalds , Daniel Vetter , Jani Nikula , David Airlie , Ben Widawsky , Mika Kuoppala Cc: intel-gfx , Linux Kernel Mailing List List-Id: intel-gfx@lists.freedesktop.org T24gNC8yMi8yMDE1IDEyOjM2IEFNLCBMaW51cyBUb3J2YWxkcyB3cm90ZToKPiBTbyBJIGp1c3Qg Z28gdGhlIGFwcGVuZGVkIE5VTEwgcG9pbnRlciBkZS1yZWZlcmVuY2Ugd2hlbiB0cnlpbmcgdG8K PiBsb29rIGF0IGEgdmlkZW8gZnJvbSBteSBHb1Byby4KPgo+IFRoZSBjb2RlIGRpc2Fzc2VtYmxl cyB0bwo+Cj4gICAgIDA6IDgxIGZiIDAwIDA0IDAwIDAwICAgICBjbXAgICAgJDB4NDAwLCVlYngK PiAgICAgNjogNDEgODkgMDcgICAgICAgICAgICAgbW92ICAgICVlYXgsKCVyMTUpCj4gICAgIDk6 IDc0IDc4ICAgICAgICAgICAgICAgICBqZSAgICAgMHg4Mwo+ICAgICBiOiA0OCA4ZCA3YyAyNCAx OCAgICAgICBsZWEgICAgMHgxOCglcnNwKSwlcmRpCj4gICAgMTA6IGU4IDZlIGIzIDFiIGMxICAg ICAgIGNhbGxxICAweGZmZmZmZmZmYzExYmIzODMKPiAgICAxNTogODQgYzAgICAgICAgICAgICAg ICAgIHRlc3QgICAlYWwsJWFsCj4gICAgMTc6IDc0IDRhICAgICAgICAgICAgICAgICBqZSAgICAg MHg2Mwo+ICAgIDE5OiA0OCA4NSBlZCAgICAgICAgICAgICB0ZXN0ICAgJXJicCwlcmJwCj4gICAg MWM6IDc1IGI1ICAgICAgICAgICAgICAgICBqbmUgICAgMHhmZmZmZmZmZmZmZmZmZmQzCj4gICAg MWU6IDQ4IDhiIDA0IDI0ICAgICAgICAgICBtb3YgICAgKCVyc3ApLCVyYXgKPiAgICAyMjogNDkg OGIgODQgYzQgOTggMDEgMDAgbW92ICAgIDB4MTk4KCVyMTIsJXJheCw4KSwlcmF4Cj4gICAgMjk6 IDAwCj4gICAgMmE6KiA0OCA4YiAyOCAgICAgICAgICAgICBtb3YgICAgKCVyYXgpLCVyYnAgPC0t IHRyYXBwaW5nIGluc3RydWN0aW9uCj4gICAgMmQ6IDY1IGZmIDA1IDFmIGU4IGVmIDNmIGluY2wg ICAlZ3M6MHgzZmVmZTgxZiglcmlwKSAgICAgICAgIyAweDNmZWZlODUzCj4gICAgMzQ6IDQ4IGI4 IDAwIDAwIDAwIDAwIDAwIG1vdmFicyAkMHgxNjAwMDAwMDAwMDAsJXJheAo+ICAgIDNiOiAxNiAw MCAwMAo+Cj4gd2hpY2ggbWF0Y2hlcyB1cCB3aXRoIHRoZSBhc20gY29kZQo+Cj4gICAgICAgICAg Y21wbCAgICAkMTAyNCwgJWVieCAgICAgIywgYWN0X3B0ZQo+ICAgICAgICAgIG1vdmwgICAgJWVh eCwgKCVyMTUpICAgICMgRC40OTIxNywgKl8yNgo+ICAgICAgICAgIGplICAgICAgLkwxMTggICAj LAo+ICAgIC5MMTEwOgo+ICAgICAgICAgIGxlYXEgICAgMjQoJXJzcCksICVyZGkgICMsIHRtcDE1 Ngo+ICAgICAgICAgIGNhbGwgICAgX19zZ19wYWdlX2l0ZXJfbmV4dCAgICAgIwo+ICAgICAgICAg IHRlc3RiICAgJWFsLCAlYWwgICAgICAgICMgRC40OTIxOQo+ICAgICAgICAgIGplICAgICAgLkwx MTkgICAjLAo+ICAgICAgICAgIHRlc3RxICAgJXJicCwgJXJicCAgICAgICMgcHRfdmFkZHIKPiAg ICAgICAgICBqbmUgICAgIC5MMTA5ICAgIywKPiAgICAgICAgICBtb3ZxICAgICglcnNwKSwgJXJh eCAgICAjICVzZnAsIGFjdF9wdAo+ICAgICAgICAgIG1vdnEgICAgNDA4KCVyMTIsJXJheCw4KSwg JXJheCAgIyBNRU1bKHN0cnVjdCBpOTE1X2h3X3BwZ3R0Cj4gKil2bV84KEQpXS5ELjM2OTk4LnBk LnBhZ2UKPiAgICAgICAgICBtb3ZxICAgICglcmF4KSwgJXJicCAgICAjIF8yMS0+cGFnZSwgRC40 OTIyMQo+ICAgICNBUFAKPiAgICAjIDcyICIuL2FyY2gveDg2L2luY2x1ZGUvYXNtL3ByZWVtcHQu aCIgMQo+ICAgICAgICAgIGluY2wgJWdzOl9fcHJlZW1wdF9jb3VudCglcmlwKSAgIyBfX3ByZWVt cHRfY291bnQKPiAgICAjIDAgIiIgMgo+ICAgICNOT19BUFAKPiAgICAgICAgICBtb3ZhYnNxICQy NDE4OTI1NTgxMTA3MiwgJXJheCAgICMsIHRtcDE1MAo+Cj4gd2hpY2ggaW4gdHVybiBzZWVtcyB0 byBjb21lIGZyb20gdGhlIEMgY29kZQo+Cj4gICAgICAgICAgICAgICAgICAgICAgICAgIHB0X3Zh ZGRyID0KPiBrbWFwX2F0b21pYyhwcGd0dC0+cGQucGFnZV90YWJsZVthY3RfcHRdLT5wYWdlKTsK Pgo+ICh0aGF0ICJ0ZXN0cSAlcmJwLCVyYnA7IGpuZSIganVzdCBiZWZvcmUgdGhlIG9vcHNpbmcg aW5zdHJ1Y3Rpb24gZ3JvdXAKPiBpcyB0aGF0ICJpZiAocHRfdmFkZHIgPT0gTlVMTCkiIHRlc3Qu Cj4KPiBJT1csIGl0IGxvb2tzIGxpa2UKPgo+ICAgICAgIHBwZ3R0LT5wZC5wYWdlX3RhYmxlW2Fj dF9wdF0KPgo+IGlzIE5VTEwsIGFuZCB0aGVuIHRyeWluZyB0byBkZXJlZmVyZW5jZSAtPnBhZ2Ug b2ZmIG9mIGl0IGlzIHdoYXQKPiBvb3BzZXMgKHRoZSBwcmVlbXB0LWNvdW50IGluY3JlbWVudCB0 aGF0IGNvbWVzIGFmdGVyIGlzIHRoZQo+ICJwYWdlZmF1bHRfZGlzYWJsZSgpIiBpbiBrbWFwX2F0 b21pYywgYW5kIHRoZSBiaWcgY29uc3RhbnQgd2UncmUKPiBsb2FkaW5nIGludG8gJXJheCBpcyBw YXJ0IG9mICJwYWdlX2FkZHJlc3MocGFnZSkiKS4KPgo+IEkgaGF2ZSBubyBpZGVhIHdoeSAicHBn dHQtPnBkLnBhZ2VfdGFibGVbYWN0X3B0XSIgd291bGQgYmUgTlVMTCwgYnV0Cj4gY2xlYXJseSBp dCBjYW4gYmUuIENhbiBzb21lYm9keSB3aG8ga25vd3MgdGhpcyBjb2RlIGxvb2sgaW50byBpdC4g SSd2ZQo+IGFkZGVkIGEgZmV3IHBlb3BsZSB3aG8gaGF2ZSB3b3JrZWQgaW4gdGhpcyBhcmVhIHJl Y2VudGx5LCBpbiBhZGRpdGlvbgo+IHRvIHRoZSB1c3VhbCBtYWludGFpbmVyIGxpc3QuLgo+Cj4g VGhhbmtzLAo+Cj4gICAgICAgICAgICAgICAgICAgIExpbnVzCj4KPiAtLS0KPiBCVUc6IHVuYWJs ZSB0byBoYW5kbGUga2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSBhdCAgICAgICAgICAg KG51bGwpCj4gSVA6IFs8ZmZmZmZmZmZjMDEwYzEzNz5dIGdlbjZfcHBndHRfaW5zZXJ0X2VudHJp ZXMrMHhhNy8weDEyMCBbaTkxNV0KPiBQR0QgMAo+IE9vcHM6IDAwMDAgWyMxXSBTTVAKPiBNb2R1 bGVzIGxpbmtlZCBpbjogcmZjb21tIGZ1c2UgY21hYyBpcDZ0X3JwZmlsdGVyIGlwNnRfUkVKRUNU Cj4gbmZfcmVqZWN0X2lwdjYgbmZfY29ubnRyYWNrX2lwdjYgbmZfZGVmcmFnX2lwdjYgbmZfY29u bnRyYWNrX2lwdjQKPiBuZl9kZWZyYWdfaXB2NCB4dF9jb25udHJhY2sgbmZfY29ubnRyYWNrIGVi dGFibGVfbmF0IGVidGFibGVfYnJvdXRlCj4gYnJpZGdlIHN0cCBsbGMgZWJ0YWJsZV9maWx0ZXIg ZWJ0YWJsZXMgaXA2dGFibGVfbWFuZ2xlCj4gaXA2dGFibGVfc2VjdXJpdHkgaXA2dGFibGVfcmF3 IGlwNnRhYmxlX2ZpbHRlciBpcDZfdGFibGVzCj4gaXB0YWJsZV9tYW5nbGUgaXB0YWJsZV9zZWN1 cml0eSBpcHRhYmxlX3JhdyBibmVwIGFyYzQgdmZhdCBmYXQKPiB4ODZfcGtnX3RlbXBfdGhlcm1h bCBwbjU0NF9tZWkgbWVpX3BoeSBjb3JldGVtcCBwbjU0NCBoY2kgbmZjCj4ga3ZtX2ludGVsIGlU Q09fd2R0IGlUQ09fdmVuZG9yX3N1cHBvcnQgc25kX2hkYV9jb2RlY19yZWFsdGVrCj4gc25kX2hk YV9jb2RlY19oZG1pIGt2bSBzbmRfaGRhX2NvZGVjX2dlbmVyaWMgdXZjdmlkZW8KPiB2aWRlb2J1 ZjJfdm1hbGxvYyB2aWRlb2J1ZjJfbWVtb3BzIG1pY3JvY29kZSB2aWRlb2J1ZjJfY29yZQo+IHNu ZF9oZGFfaW50ZWwgdjRsMl9jb21tb24gaGlkX211bHRpdG91Y2ggc25kX2hkYV9jb250cm9sbGVy IHZpZGVvZGV2Cj4gYnR1c2Igc25kX2hkYV9jb2RlYyBpd2xtdm0gbWVkaWEgc25kX2h3ZGVwIG1h YzgwMjExIGJ0YmNtIHNuZF9zZXEKPiBidGludGVsIGJsdWV0b290aCBzbmRfc2VxX2RldmljZSBq b3lkZXYgc25kX3BjbSBzZXJpb19yYXcKPiAgIGkyY19pODAxIGl3bHdpZmkgY2ZnODAyMTEgc25k X2hkYV9jb3JlIHNvbnlfbGFwdG9wIHNuZF90aW1lciBzbmQKPiByZmtpbGwgbWVpX21lIHNvdW5k Y29yZSBscGNfaWNoIHNocGNocCBtZWkgbWZkX2NvcmUgZG1fY3J5cHQKPiBjcmN0MTBkaWZfcGNs bXVsIGk5MTUgY3JjMzJfcGNsbXVsIGNyYzMyY19pbnRlbCBpMmNfYWxnb19iaXQKPiBkcm1fa21z X2hlbHBlciBnaGFzaF9jbG11bG5pX2ludGVsIGRybSBpMmNfY29yZSB2aWRlbwo+IENQVTogMSBQ SUQ6IDI2OTcgQ29tbTogY2hyb21lIE5vdCB0YWludGVkIDQuMC4wLTA5MzYyLWcxZmMxNDk5MzNm ZDQgIzgKPiBIYXJkd2FyZSBuYW1lOiBTb255IENvcnBvcmF0aW9uIFNWUDExMjEzQ1hCL1ZBSU8s IEJJT1MgUjAyNzBWNyAwNS8xNy8yMDEzCj4gdGFzazogZmZmZjg4MDEwZGM1MWIzMCB0aTogZmZm Zjg4MDAzZjMyODAwMCB0YXNrLnRpOiBmZmZmODgwMDNmMzI4MDAwCj4gUklQOiAwMDEwOls8ZmZm ZmZmZmZjMDEwYzEzNz5dICBbPGZmZmZmZmZmYzAxMGMxMzc+XQo+IGdlbjZfcHBndHRfaW5zZXJ0 X2VudHJpZXMrMHhhNy8weDEyMCBbaTkxNV0KPiBSU1A6IDAwMTg6ZmZmZjg4MDAzZjMyYjlhOCAg RUZMQUdTOiAwMDAxMDI0Ngo+IFJBWDogMDAwMDAwMDAwMDAwMDAwMCBSQlg6IDAwMDAwMDAwMDAw MDAwMDAgUkNYOiAwMDAwMDAwMDAwMDc1YjFiCj4gUkRYOiBmZmZmODgwMDdkODQ4OTkwIFJTSTog MDAwMDAwMDAwMDAwMDAwMSBSREk6IGZmZmY4ODAwM2YzMmI5YzAKPiBSQlA6IDAwMDAwMDAwMDAw MDAwMDAgUjA4OiAwMDAwMDAwMDAwMDAwMDAwIFIwOTogZmZmZjg4MDAzZjZmN2U1OAo+IFIxMDog MDAwMDAwMDAwZDgzNjAwMCBSMTE6IDAwMDAwMDAwMDAwMDAwMDAgUjEyOiBmZmZmODgwMGQ0MTY0 MDAwCj4gUjEzOiAwMDAwMDAwMDAwMDAwMDAwIFIxNDogMDAwMDAwMDAwMDAwMDAwMSBSMTU6IGZm ZmY4ODAwM2Y3YmJmZmMKPiBGUzogIDAwMDA3ZjdmMGVlOTRhMDAoMDAwMCkgR1M6ZmZmZjg4MDEx ZmE4MDAwMCgwMDAwKSBrbmxHUzowMDAwMDAwMDAwMDAwMDAwCj4gQ1M6ICAwMDEwIERTOiAwMDAw IEVTOiAwMDAwIENSMDogMDAwMDAwMDA4MDA1MDAzMwo+IENSMjogMDAwMDAwMDAwMDAwMDAwMCBD UjM6IDAwMDAwMDAwNWY2MDcwMDAgQ1I0OiAwMDAwMDAwMDAwMTQwN2UwCj4gU3RhY2s6Cj4gICAw MDAwMDAwMDAwMDAwMjAxIDAwMDAwMjAxMGRjNTFiMzAgMDAwMDAwMDAwMDAwMDAwMCBmZmZmODgw MDdkODQ4OTkwCj4gICAwMDAwMDA0MDAwMDc1YjFiIGZmZmY4ODAxMDAwMDAwMDEgMDAwMDAwMDAw MDAwMGZlMCBmZmZmODgwMDExMjE1OTAwCj4gICAwMDAwMDAwMDAwMDAwMDAwIGZmZmY4ODAwNmNj NGMzODAgZmZmZjg4MDAzZjZmMDAwMCAwMDAwMDAwMDAwMDAwMDAxCj4gQ2FsbCBUcmFjZToKPiAg IGdndHRfYmluZF92bWErMHg5Ny8weDExMCBbaTkxNV0KPiAgIGk5MTVfdm1hX2JpbmQrMHg0MC8w eDQxMCBbaTkxNV0KPiAgIHN3aW90bGJfbWFwX3NnX2F0dHJzKzB4NzQvMHgxNDAKPiAgIGk5MTVf Z2VtX29iamVjdF9kb19waW4rMHg4NjQvMHg5ZjAgW2k5MTVdCj4gICBtdXRleF9sb2NrKzB4OS8w eDMwCj4gICBpOTE1X2dlbV9leGVjYnVmZmVyX3Jlc2VydmVfdm1hLmlzcmEuMjArMHg2Ni8weDEz MCBbaTkxNV0KPiAgIGk5MTVfZ2VtX2V4ZWNidWZmZXJfcmVzZXJ2ZSsweDJlYy8weDMyMCBbaTkx NV0KPiAgIGk5MTVfZ2VtX2RvX2V4ZWNidWZmZXIuaXNyYS4yNysweDVlZS8weGY4MCBbaTkxNV0K PiAgIG11dGV4X29wdGltaXN0aWNfc3BpbisweDE2ZS8weDFmMAo+ICAgX19tdXRleF9sb2NrX2lu dGVycnVwdGlibGVfc2xvd3BhdGgrMHgyMS8weDEzMAo+ICAgc2htZW1fZmF1bHQrMHg1Ny8weDFj MAo+ICAgZHJtX2dlbV9vYmplY3RfbG9va3VwKzB4MTQvMHhhMCBbZHJtXQo+ICAgaTkxNV9nZW1f ZXhlY2J1ZmZlcjIrMHhiMi8weDJhMCBbaTkxNV0KPiAgIGRybV9pb2N0bCsweDE1YS8weDU4MCBb ZHJtXQo+ICAgY3VycmVudF9mc190aW1lKzB4OS8weDUwCj4gICBkb192ZnNfaW9jdGwrMHgyZTgv MHg0ZjAKPiAgIGZpbGVfaGFzX3Blcm0rMHg3Ny8weDgwCj4gICBzeXNjYWxsX3RyYWNlX2VudGVy X3BoYXNlMSsweDExNi8weDE0MAo+ICAgU3lTX2lvY3RsKzB4NzkvMHg5MAo+ICAgc3lzdGVtX2Nh bGxfZmFzdHBhdGgrMHgxMi8weDZhCj4gQ29kZTogMDAgODEgZmIgMDAgMDQgMDAgMDAgNDEgODkg MDcgNzQgNzggNDggOGQgN2MgMjQgMTggZTggNmUgYjMgMWIKPiBjMSA4NCBjMCA3NCA0YSA0OCA4 NSBlZCA3NSBiNSA0OCA4YiAwNCAyNCA0OSA4YiA4NCBjNCA5OCAwMSAwMCAwMCA8NDg+Cj4gOGIg MjggNjUgZmYgMDUgMWYgZTggZWYgM2YgNDggYjggMDAgMDAgMDAgMDAgMDAgMTYgMDAgMDAgNDgK PiBSSVAgIGdlbjZfcHBndHRfaW5zZXJ0X2VudHJpZXMrMHhhNy8weDEyMCBbaTkxNV0KPiAgIFJT UCA8ZmZmZjg4MDAzZjMyYjlhOD4KPiBDUjI6IDAwMDAwMDAwMDAwMDAwMDAKPgoKSGksCgpJIHNl ZSBhIHBvc3NpYmxlIHZhIHJlLWFsbG9jYXRpb24gdGhhdCBjb3VsZCBiZSB0aGUgY3VscHJpdCwg YnV0IHRoZSAKY2hhbmdlIHdhcyBjb21taXRlZCBqdXN0IDIgZGF5cyBhZ28gCihodHRwOi8vY2dp dC5mcmVlZGVza3RvcC5vcmcvZHJtLWludGVsL2NvbW1pdC8/aWQ9NWM1ZjY0NTc3M2I2ZDE0N2Jm NjhjMzUwNjc0ZGMzZWY0ZjhkZTgzZCkuCgotTWljaGVsCl9fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fCkludGVsLWdmeCBtYWlsaW5nIGxpc3QKSW50ZWwtZ2Z4 QGxpc3RzLmZyZWVkZXNrdG9wLm9yZwpodHRwOi8vbGlzdHMuZnJlZWRlc2t0b3Aub3JnL21haWxt YW4vbGlzdGluZm8vaW50ZWwtZ2Z4Cg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965693AbbDVQLm (ORCPT ); Wed, 22 Apr 2015 12:11:42 -0400 Received: from mga09.intel.com ([134.134.136.24]:42814 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965142AbbDVQLk (ORCPT ); Wed, 22 Apr 2015 12:11:40 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.11,624,1422950400"; d="scan'208";a="684036449" Message-ID: <5537C839.2060702@intel.com> Date: Wed, 22 Apr 2015 17:11:37 +0100 From: Michel Thierry Organization: Intel Corporation (UK) Ltd. - Co. Reg. #1134945 - Pipers Way, Swindon SN3 1RJ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Linus Torvalds , Daniel Vetter , Jani Nikula , David Airlie , Ben Widawsky , Mika Kuoppala CC: intel-gfx , Linux Kernel Mailing List Subject: Re: NULL ptr dereference in current i915 driver References: In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/22/2015 12:36 AM, Linus Torvalds wrote: > So I just go the appended NULL pointer de-reference when trying to > look at a video from my GoPro. > > The code disassembles to > > 0: 81 fb 00 04 00 00 cmp $0x400,%ebx > 6: 41 89 07 mov %eax,(%r15) > 9: 74 78 je 0x83 > b: 48 8d 7c 24 18 lea 0x18(%rsp),%rdi > 10: e8 6e b3 1b c1 callq 0xffffffffc11bb383 > 15: 84 c0 test %al,%al > 17: 74 4a je 0x63 > 19: 48 85 ed test %rbp,%rbp > 1c: 75 b5 jne 0xffffffffffffffd3 > 1e: 48 8b 04 24 mov (%rsp),%rax > 22: 49 8b 84 c4 98 01 00 mov 0x198(%r12,%rax,8),%rax > 29: 00 > 2a:* 48 8b 28 mov (%rax),%rbp <-- trapping instruction > 2d: 65 ff 05 1f e8 ef 3f incl %gs:0x3fefe81f(%rip) # 0x3fefe853 > 34: 48 b8 00 00 00 00 00 movabs $0x160000000000,%rax > 3b: 16 00 00 > > which matches up with the asm code > > cmpl $1024, %ebx #, act_pte > movl %eax, (%r15) # D.49217, *_26 > je .L118 #, > .L110: > leaq 24(%rsp), %rdi #, tmp156 > call __sg_page_iter_next # > testb %al, %al # D.49219 > je .L119 #, > testq %rbp, %rbp # pt_vaddr > jne .L109 #, > movq (%rsp), %rax # %sfp, act_pt > movq 408(%r12,%rax,8), %rax # MEM[(struct i915_hw_ppgtt > *)vm_8(D)].D.36998.pd.page > movq (%rax), %rbp # _21->page, D.49221 > #APP > # 72 "./arch/x86/include/asm/preempt.h" 1 > incl %gs:__preempt_count(%rip) # __preempt_count > # 0 "" 2 > #NO_APP > movabsq $24189255811072, %rax #, tmp150 > > which in turn seems to come from the C code > > pt_vaddr = > kmap_atomic(ppgtt->pd.page_table[act_pt]->page); > > (that "testq %rbp,%rbp; jne" just before the oopsing instruction group > is that "if (pt_vaddr == NULL)" test. > > IOW, it looks like > > ppgtt->pd.page_table[act_pt] > > is NULL, and then trying to dereference ->page off of it is what > oopses (the preempt-count increment that comes after is the > "pagefault_disable()" in kmap_atomic, and the big constant we're > loading into %rax is part of "page_address(page)"). > > I have no idea why "ppgtt->pd.page_table[act_pt]" would be NULL, but > clearly it can be. Can somebody who knows this code look into it. I've > added a few people who have worked in this area recently, in addition > to the usual maintainer list.. > > Thanks, > > Linus > > --- > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: [] gen6_ppgtt_insert_entries+0xa7/0x120 [i915] > PGD 0 > Oops: 0000 [#1] SMP > Modules linked in: rfcomm fuse cmac ip6t_rpfilter ip6t_REJECT > nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 > nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute > bridge stp llc ebtable_filter ebtables ip6table_mangle > ip6table_security ip6table_raw ip6table_filter ip6_tables > iptable_mangle iptable_security iptable_raw bnep arc4 vfat fat > x86_pkg_temp_thermal pn544_mei mei_phy coretemp pn544 hci nfc > kvm_intel iTCO_wdt iTCO_vendor_support snd_hda_codec_realtek > snd_hda_codec_hdmi kvm snd_hda_codec_generic uvcvideo > videobuf2_vmalloc videobuf2_memops microcode videobuf2_core > snd_hda_intel v4l2_common hid_multitouch snd_hda_controller videodev > btusb snd_hda_codec iwlmvm media snd_hwdep mac80211 btbcm snd_seq > btintel bluetooth snd_seq_device joydev snd_pcm serio_raw > i2c_i801 iwlwifi cfg80211 snd_hda_core sony_laptop snd_timer snd > rfkill mei_me soundcore lpc_ich shpchp mei mfd_core dm_crypt > crct10dif_pclmul i915 crc32_pclmul crc32c_intel i2c_algo_bit > drm_kms_helper ghash_clmulni_intel drm i2c_core video > CPU: 1 PID: 2697 Comm: chrome Not tainted 4.0.0-09362-g1fc149933fd4 #8 > Hardware name: Sony Corporation SVP11213CXB/VAIO, BIOS R0270V7 05/17/2013 > task: ffff88010dc51b30 ti: ffff88003f328000 task.ti: ffff88003f328000 > RIP: 0010:[] [] > gen6_ppgtt_insert_entries+0xa7/0x120 [i915] > RSP: 0018:ffff88003f32b9a8 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000075b1b > RDX: ffff88007d848990 RSI: 0000000000000001 RDI: ffff88003f32b9c0 > RBP: 0000000000000000 R08: 0000000000000000 R09: ffff88003f6f7e58 > R10: 000000000d836000 R11: 0000000000000000 R12: ffff8800d4164000 > R13: 0000000000000000 R14: 0000000000000001 R15: ffff88003f7bbffc > FS: 00007f7f0ee94a00(0000) GS:ffff88011fa80000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000000 CR3: 000000005f607000 CR4: 00000000001407e0 > Stack: > 0000000000000201 000002010dc51b30 0000000000000000 ffff88007d848990 > 0000004000075b1b ffff880100000001 0000000000000fe0 ffff880011215900 > 0000000000000000 ffff88006cc4c380 ffff88003f6f0000 0000000000000001 > Call Trace: > ggtt_bind_vma+0x97/0x110 [i915] > i915_vma_bind+0x40/0x410 [i915] > swiotlb_map_sg_attrs+0x74/0x140 > i915_gem_object_do_pin+0x864/0x9f0 [i915] > mutex_lock+0x9/0x30 > i915_gem_execbuffer_reserve_vma.isra.20+0x66/0x130 [i915] > i915_gem_execbuffer_reserve+0x2ec/0x320 [i915] > i915_gem_do_execbuffer.isra.27+0x5ee/0xf80 [i915] > mutex_optimistic_spin+0x16e/0x1f0 > __mutex_lock_interruptible_slowpath+0x21/0x130 > shmem_fault+0x57/0x1c0 > drm_gem_object_lookup+0x14/0xa0 [drm] > i915_gem_execbuffer2+0xb2/0x2a0 [i915] > drm_ioctl+0x15a/0x580 [drm] > current_fs_time+0x9/0x50 > do_vfs_ioctl+0x2e8/0x4f0 > file_has_perm+0x77/0x80 > syscall_trace_enter_phase1+0x116/0x140 > SyS_ioctl+0x79/0x90 > system_call_fastpath+0x12/0x6a > Code: 00 81 fb 00 04 00 00 41 89 07 74 78 48 8d 7c 24 18 e8 6e b3 1b > c1 84 c0 74 4a 48 85 ed 75 b5 48 8b 04 24 49 8b 84 c4 98 01 00 00 <48> > 8b 28 65 ff 05 1f e8 ef 3f 48 b8 00 00 00 00 00 16 00 00 48 > RIP gen6_ppgtt_insert_entries+0xa7/0x120 [i915] > RSP > CR2: 0000000000000000 > Hi, I see a possible va re-allocation that could be the culprit, but the change was commited just 2 days ago (http://cgit.freedesktop.org/drm-intel/commit/?id=5c5f645773b6d147bf68c350674dc3ef4f8de83d). -Michel