From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maarten Lankhorst Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference Date: Mon, 13 Jul 2015 09:23:55 +0200 Message-ID: <55A3678B.6080803@linux.intel.com> References: <20150713062222.GG3736@phenom.ffwll.local> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by gabe.freedesktop.org (Postfix) with ESMTP id ECF9B6E196 for ; Mon, 13 Jul 2015 00:23:57 -0700 (PDT) In-Reply-To: <20150713062222.GG3736@phenom.ffwll.local> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: Linus Torvalds , =?windows-1252?Q?J=F6?= =?windows-1252?Q?rg_Otte?= , David Airlie , DRI , Linux Kernel Mailing List List-Id: dri-devel@lists.freedesktop.org T3AgMTMtMDctMTUgb20gMDg6MjIgc2NocmVlZiBEYW5pZWwgVmV0dGVyOgo+IE9uIFN1biwgSnVs IDEyLCAyMDE1IGF0IDA5OjUyOjUxQU0gLTA3MDAsIExpbnVzIFRvcnZhbGRzIHdyb3RlOgo+PiBP biBTdW4sIEp1bCAxMiwgMjAxNSBhdCAxOjAzIEFNLCBKw7ZyZyBPdHRlIDxqcmcub3R0ZUBnbWFp bC5jb20+IHdyb3RlOgo+Pj4gQlVHOiB1bmFibGUgdG8gaGFuZGxlIGtlcm5lbCBOVUxMIHBvaW50 ZXIgZGVyZWZlcmVuY2UgYXQgMDAwMDAwMDAwMDAwMDAwOQo+Pj4gSVA6IFs8ZmZmZmZmZmZiZDM0 NDdiYj5dIDB4ZmZmZmZmZmZiZDM0NDdiYgo+PiBVZ2guIFBsZWFzZSBlbmFibGUgS0FMTFNZTVMg dG8gZ2V0IHNhbmUgc3ltYm9scy4KPj4KPj4gQnV0IHllcywgImNydGNfc3RhdGUtPmJhc2UuYWN0 aXZlIiBpcyBhdCBvZmZzZXQgOSBmcm9tICJjcnRjX3N0YXRlIiwKPj4gc28gaXQncyBwcmV0dHkg Y2xlYXJseSBqdXN0IHRoYXQgY2hhbmdlIGZybQo+Pgo+PiAtICAgICAgIGlmIChpbnRlbF9jcnRj LT5hY3RpdmUpIHsKPj4gKyAgICAgICBpZiAoY3J0Y19zdGF0ZS0+YmFzZS5hY3RpdmUpIHsKPj4K Pj4gYW5kICJjcnRjX3N0YXRlIiBpcyBOVUxMLgo+Pgo+PiBBbmQgdGhlIGNvZGUgdmVyeSBtdWNo IGtub3dzIHRoYXQgY3J0Y19zdGF0ZSBjYW4gYmUgTlVMTCwgc2luY2UgaXQncwo+PiBpbml0aWFs aXplZCB3aXRoCj4+Cj4+ICAgICAgICAgY3J0Y19zdGF0ZSA9IHN0YXRlLT5iYXNlLnN0YXRlID8K Pj4gICAgICAgICAgICAgICAgIGludGVsX2F0b21pY19nZXRfY3J0Y19zdGF0ZShzdGF0ZS0+YmFz ZS5zdGF0ZSwKPj4gaW50ZWxfY3J0YykgOiBOVUxMOwo+Pgo+PiBUc3NrLiBEYW5pZWw/IFNob3Vs ZCBJIGp1c3QgcmV2ZXJ0IHRoYXQgY29tbWl0IGRlYzRmNzk5ZDBhNAo+PiAoImRybS9pOTE1OiBV c2UgY3J0Y19zdGF0ZS0+YWN0aXZlIGluIHByaW1hcnkgY2hlY2tfcGxhbmUgZnVuYyIpIGZvcgo+ PiBub3csIG9yIGlzIHRoZXJlIGEgYmV0dGVyIGZpeD8gTGlrZSBqdXN0IGNoZWNraW5nIGNydGNf c3RhdGUgZm9yIE5VTEw/Cj4gSW5kZWVkIGVtYmFycmFzc2luZy4gSSd2ZSBtaXNzZWQgdGhhdCB3 ZSBzdGlsbCBoYXZlIDEgY2FsbGVyIGxlZnQgdGhhdCdzCj4gdXNpbmcgdGhlIHRyYW5zaXRpb25h bCBoZWxwZXJzLCBhbmQgdGhvc2UgZG9uJ3QgZmlsbCBvdXQKPiBwbGFuZV9zdGF0ZS0+c3RhdGUg YmFja3BvaW50ZXJzIHRvIHRoZSBnbG9iYWwgYXRvbWljIHVwZGF0ZSBzaW5jZSB0aGVyZSBpcwo+ IG5vIGdsb2JhbCBhdG9taWMgdXBkYXRlIGZvciB0cmFuc2l0aW9uYWwgaGVscGVycy4gQmVsb3cg ZGlmZiBzaG91bGQgZml4Cj4gdGhpcyAtIHdlIG5lZWQgdG8gcHJlZmVyZW50aWFsbHkgY2hlY2sg Y3J0c19zdGF0ZS0+YWN0aXZlIGFuZCBpZiB0aGF0J3MKPiBub3Qgc2V0IGludGVsX2NydGMtPmFj dGl2ZSBzaG91bGQgeWllbGQgdGhlIHJpZ2h0IHJlc3VsdCBmb3IgdGhlIG9uZQo+IHJlbWFpbmlu ZyBjYWxsZXIgKGl0J3MgaW4gdGhlIGNydGNfZGlzYWJsZSBwYXRocykuCj4KPiBGb3IgY2hlYXAg ZXhjdXNlcyB3aHkgaTkxNSBpcyBzbyBjcmFwIGluIDQuMjogVGhhbmtzIHRvIGEgaGlwc2hvdCBk ZWNpc2lvbgo+IHRvIHRyYW5zaXRpb24gdG8gYSBkaWZmZXJlbnQgUUEgdGVhbSAoIndlJ2xsIGRv IHRoaXMgaW4gMSB3ZWVrIHdpdGhvdXQKPiB1cGZyb250IHBsYW5pbmciKSBJIGVzc2VudGlhbGx5 IGRvbid0IGhhdmUgcHJvcGVyIFFBIHN1cHBvcnQgZm9yIDEtMgo+IG1vbnRocyBieSBub3cuIFRo ZSBvdGhlciB0cm91YmxlIGluIHRoaXMgYXJlYSBzcGVjaWZpY2FsbHkgaXMgdGhhdCB0aGlzCj4g Y29kZSBpcyBhbHJlYWR5IGNvbXBsZXRlbHkgY2hhbmdlZCBpbiAtbmV4dCBhZ2Fpbiwgc28gYW55 IHRlc3RpbmcgZG9uZSBvbgo+IGludGVncmF0aW9uIHRyZWVzIChsaWtlIC1uZXh0IG9yIGRybS1p bnRlbC1uaWdodGx5KSB3b24ndCB0ZXN0IGFueSBwYXRjaGVzCj4gZm9yIDQuMi4KPiAtRGFuaWVs Cj4KPiBPaCBhbmQgU2lnbmVkLW9mZi1ieTogRGFuaWVsIFZldHRlciA8ZGFuaWVsLnZldHRlckBp bnRlbC5jb20+IGluIGNhc2UgeW91Cj4gZGVjaWRlIHRvIGFwcGx5IHRoaXMgcmlnaHQgYXdheS4K PgpXZWxsIHlvdXIgdmVyc2lvbiBoYXMgdGhlIGJlbmVmaXQgb2YgY29tcGlsaW5nIHdpdGhvdXQg ZXJyb3JzLiA6LSkKClJldmlld2VkLWJ5OiBNYWFydGVuIExhbmtob3JzdCA8bWFhcnRlbi5sYW5r aG9yc3RAbGludXguaW50ZWwuY29tPgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXwpkcmktZGV2ZWwgbWFpbGluZyBsaXN0CmRyaS1kZXZlbEBsaXN0cy5mcmVl ZGVza3RvcC5vcmcKaHR0cDovL2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2RyaS1kZXZlbAo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751822AbbGMHX7 (ORCPT ); Mon, 13 Jul 2015 03:23:59 -0400 Received: from mga11.intel.com ([192.55.52.93]:39449 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751327AbbGMHX6 (ORCPT ); Mon, 13 Jul 2015 03:23:58 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.15,461,1432623600"; d="scan'208";a="745966785" Message-ID: <55A3678B.6080803@linux.intel.com> Date: Mon, 13 Jul 2015 09:23:55 +0200 From: Maarten Lankhorst User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Linus Torvalds , =?windows-1252?Q?J=F6?= =?windows-1252?Q?rg_Otte?= , David Airlie , DRI , Linux Kernel Mailing List Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference References: <20150713062222.GG3736@phenom.ffwll.local> In-Reply-To: <20150713062222.GG3736@phenom.ffwll.local> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Op 13-07-15 om 08:22 schreef Daniel Vetter: > On Sun, Jul 12, 2015 at 09:52:51AM -0700, Linus Torvalds wrote: >> On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte wrote: >>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000009 >>> IP: [] 0xffffffffbd3447bb >> Ugh. Please enable KALLSYMS to get sane symbols. >> >> But yes, "crtc_state->base.active" is at offset 9 from "crtc_state", >> so it's pretty clearly just that change frm >> >> - if (intel_crtc->active) { >> + if (crtc_state->base.active) { >> >> and "crtc_state" is NULL. >> >> And the code very much knows that crtc_state can be NULL, since it's >> initialized with >> >> crtc_state = state->base.state ? >> intel_atomic_get_crtc_state(state->base.state, >> intel_crtc) : NULL; >> >> Tssk. Daniel? Should I just revert that commit dec4f799d0a4 >> ("drm/i915: Use crtc_state->active in primary check_plane func") for >> now, or is there a better fix? Like just checking crtc_state for NULL? > Indeed embarrassing. I've missed that we still have 1 caller left that's > using the transitional helpers, and those don't fill out > plane_state->state backpointers to the global atomic update since there is > no global atomic update for transitional helpers. Below diff should fix > this - we need to preferentially check crts_state->active and if that's > not set intel_crtc->active should yield the right result for the one > remaining caller (it's in the crtc_disable paths). > > For cheap excuses why i915 is so crap in 4.2: Thanks to a hipshot decision > to transition to a different QA team ("we'll do this in 1 week without > upfront planing") I essentially don't have proper QA support for 1-2 > months by now. The other trouble in this area specifically is that this > code is already completely changed in -next again, so any testing done on > integration trees (like -next or drm-intel-nightly) won't test any patches > for 4.2. > -Daniel > > Oh and Signed-off-by: Daniel Vetter in case you > decide to apply this right away. > Well your version has the benefit of compiling without errors. :-) Reviewed-by: Maarten Lankhorst