From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maarten Lankhorst Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference Date: Mon, 13 Jul 2015 07:56:10 +0200 Message-ID: <55A352FA.1000300@linux.intel.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by gabe.freedesktop.org (Postfix) with ESMTP id EECC86E0F4 for ; Sun, 12 Jul 2015 22:56:12 -0700 (PDT) In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Linus Torvalds , =?UTF-8?B?SsO2cmcgT3R0?= =?UTF-8?B?ZQ==?= , Daniel Vetter Cc: Linux Kernel Mailing List , DRI List-Id: dri-devel@lists.freedesktop.org T3AgMTItMDctMTUgb20gMTg6NTIgc2NocmVlZiBMaW51cyBUb3J2YWxkczoKPiBPbiBTdW4sIEp1 bCAxMiwgMjAxNSBhdCAxOjAzIEFNLCBKw7ZyZyBPdHRlIDxqcmcub3R0ZUBnbWFpbC5jb20+IHdy b3RlOgo+PiBCVUc6IHVuYWJsZSB0byBoYW5kbGUga2VybmVsIE5VTEwgcG9pbnRlciBkZXJlZmVy ZW5jZSBhdCAwMDAwMDAwMDAwMDAwMDA5Cj4+IElQOiBbPGZmZmZmZmZmYmQzNDQ3YmI+XSAweGZm ZmZmZmZmYmQzNDQ3YmIKPiBVZ2guIFBsZWFzZSBlbmFibGUgS0FMTFNZTVMgdG8gZ2V0IHNhbmUg c3ltYm9scy4KPgo+IEJ1dCB5ZXMsICJjcnRjX3N0YXRlLT5iYXNlLmFjdGl2ZSIgaXMgYXQgb2Zm c2V0IDkgZnJvbSAiY3J0Y19zdGF0ZSIsCj4gc28gaXQncyBwcmV0dHkgY2xlYXJseSBqdXN0IHRo YXQgY2hhbmdlIGZybQo+Cj4gLSAgICAgICBpZiAoaW50ZWxfY3J0Yy0+YWN0aXZlKSB7Cj4gKyAg ICAgICBpZiAoY3J0Y19zdGF0ZS0+YmFzZS5hY3RpdmUpIHsKPgo+IGFuZCAiY3J0Y19zdGF0ZSIg aXMgTlVMTC4KPgo+IEFuZCB0aGUgY29kZSB2ZXJ5IG11Y2gga25vd3MgdGhhdCBjcnRjX3N0YXRl IGNhbiBiZSBOVUxMLCBzaW5jZSBpdCdzCj4gaW5pdGlhbGl6ZWQgd2l0aAo+Cj4gICAgICAgICBj cnRjX3N0YXRlID0gc3RhdGUtPmJhc2Uuc3RhdGUgPwo+ICAgICAgICAgICAgICAgICBpbnRlbF9h dG9taWNfZ2V0X2NydGNfc3RhdGUoc3RhdGUtPmJhc2Uuc3RhdGUsCj4gaW50ZWxfY3J0YykgOiBO VUxMOwo+Cj4gVHNzay4gRGFuaWVsPyBTaG91bGQgSSBqdXN0IHJldmVydCB0aGF0IGNvbW1pdCBk ZWM0Zjc5OWQwYTQKPiAoImRybS9pOTE1OiBVc2UgY3J0Y19zdGF0ZS0+YWN0aXZlIGluIHByaW1h cnkgY2hlY2tfcGxhbmUgZnVuYyIpIGZvcgo+IG5vdywgb3IgaXMgdGhlcmUgYSBiZXR0ZXIgZml4 PyBMaWtlIGp1c3QgY2hlY2tpbmcgY3J0Y19zdGF0ZSBmb3IgTlVMTD8KPgo+ICAgICAgICAgICAg ICAgICAgICAgTGludXMKTW9yZSBzeW1ib2xzIHdvdWxkIGJlIG5pY2UuCgpXaXRoIHRoZSB0cmFu c2l0aW9uYWwgaGVscGVycyB3aGVuIGNydGNfc3RhdGUgPT0gTlVMTCB5b3UgZG9uJ3Qgd2FudCB0 byB1cGRhdGUgdGhlIHNjYWxlcnMgb3IgZnVubnkgdGhpbmdzIGhhcHBlbi4KRml4IGlzIHByb2Jh Ymx5IHNvbWV0aGluZyBsaWtlIHRoaXM6CgpkaWZmIC0tZ2l0IGEvZHJpdmVycy9ncHUvZHJtL2k5 MTUvaW50ZWxfZGlzcGxheS5jIGIvZHJpdmVycy9ncHUvZHJtL2k5MTUvaW50ZWxfZGlzcGxheS5j CmluZGV4IGJhOTMyMTk5OGE0MS4uODMwZTA3YjIzYTE1IDEwMDY0NAotLS0gYS9kcml2ZXJzL2dw dS9kcm0vaTkxNS9pbnRlbF9kaXNwbGF5LmMKKysrIGIvZHJpdmVycy9ncHUvZHJtL2k5MTUvaW50 ZWxfZGlzcGxheS5jCkBAIC0xMzI3Niw3ICsxMzI3Niw3IEBAIGludGVsX2NoZWNrX3ByaW1hcnlf cGxhbmUoc3RydWN0IGRybV9wbGFuZSAqcGxhbmUsCiAJaWYgKHJldCkKIAkJcmV0dXJuIHJldDsK IAotCWlmIChjcnRjX3N0YXRlLT5iYXNlLmFjdGl2ZSkgeworCWlmIChjcnRjX3N0YXRlID8gY3J0 Y19zdGF0ZS0+YmFzZS5hY3RpdmUgfHwgY3J0Yy0+c3RhdGUtPmFjdGl2ZSkgewogCQlzdHJ1Y3Qg aW50ZWxfcGxhbmVfc3RhdGUgKm9sZF9zdGF0ZSA9CiAJCQl0b19pbnRlbF9wbGFuZV9zdGF0ZShw bGFuZS0+c3RhdGUpOwogCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fXwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVlZGVza3Rv cC5vcmcKaHR0cDovL2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2RyaS1k ZXZlbAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751493AbbGMF4O (ORCPT ); Mon, 13 Jul 2015 01:56:14 -0400 Received: from mga11.intel.com ([192.55.52.93]:18413 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751123AbbGMF4M (ORCPT ); Mon, 13 Jul 2015 01:56:12 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.15,459,1432623600"; d="scan'208";a="745930045" Message-ID: <55A352FA.1000300@linux.intel.com> Date: Mon, 13 Jul 2015 07:56:10 +0200 From: Maarten Lankhorst User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Linus Torvalds , =?UTF-8?B?SsO2cmcgT3R0?= =?UTF-8?B?ZQ==?= , Daniel Vetter CC: David Airlie , DRI , Linux Kernel Mailing List Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference References: In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Op 12-07-15 om 18:52 schreef Linus Torvalds: > On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte wrote: >> BUG: unable to handle kernel NULL pointer dereference at 0000000000000009 >> IP: [] 0xffffffffbd3447bb > Ugh. Please enable KALLSYMS to get sane symbols. > > But yes, "crtc_state->base.active" is at offset 9 from "crtc_state", > so it's pretty clearly just that change frm > > - if (intel_crtc->active) { > + if (crtc_state->base.active) { > > and "crtc_state" is NULL. > > And the code very much knows that crtc_state can be NULL, since it's > initialized with > > crtc_state = state->base.state ? > intel_atomic_get_crtc_state(state->base.state, > intel_crtc) : NULL; > > Tssk. Daniel? Should I just revert that commit dec4f799d0a4 > ("drm/i915: Use crtc_state->active in primary check_plane func") for > now, or is there a better fix? Like just checking crtc_state for NULL? > > Linus More symbols would be nice. With the transitional helpers when crtc_state == NULL you don't want to update the scalers or funny things happen. Fix is probably something like this: diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index ba9321998a41..830e07b23a15 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -13276,7 +13276,7 @@ intel_check_primary_plane(struct drm_plane *plane, if (ret) return ret; - if (crtc_state->base.active) { + if (crtc_state ? crtc_state->base.active || crtc->state->active) { struct intel_plane_state *old_state = to_intel_plane_state(plane->state);