From mboxrd@z Thu Jan 1 00:00:00 1970 From: bugzilla-daemon@freedesktop.org Subject: [Bug 100375] forced EDID's can cause a amdgpu to null ptr deref Date: Fri, 24 Mar 2017 10:36:39 +0000 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1953697432==" Return-path: Received: from culpepper.freedesktop.org (culpepper.freedesktop.org [IPv6:2610:10:20:722:a800:ff:fe98:4b55]) by gabe.freedesktop.org (Postfix) with ESMTP id D185C6EBB6 for ; Fri, 24 Mar 2017 10:36:39 +0000 (UTC) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" To: dri-devel@lists.freedesktop.org List-Id: dri-devel@lists.freedesktop.org --===============1953697432== Content-Type: multipart/alternative; boundary="14903517990.E65535f7F.12488"; charset="UTF-8" --14903517990.E65535f7F.12488 Date: Fri, 24 Mar 2017 10:36:39 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.freedesktop.org/ Auto-Submitted: auto-generated https://bugs.freedesktop.org/show_bug.cgi?id=3D100375 Bug ID: 100375 Summary: forced EDID's can cause a amdgpu to null ptr deref Product: DRI Version: unspecified Hardware: Other OS: All Status: NEW Severity: normal Priority: medium Component: DRM/AMDgpu Assignee: dri-devel@lists.freedesktop.org Reporter: funfunctor@folklore1984.net [ 307.570505] [drm] Got external EDID base block and 0 extensions from "edid/768x384.bin" for connector "VGA-1" [ 445.605230] [drm:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 60 [ 445.605232] Raw EDID: [ 445.605235] 00 ff ff ff ff ff ff 00 39 f6 05 04 16 07 02 00 [ 445.605236] 10 17 01 03 81 1e 17 b4 ea c1 e5 a3 57 4e 9c 23 [ 445.605237] 1d 50 54 21 08 00 01 01 01 01 01 01 01 01 01 01 [ 445.605238] 01 01 01 07 01 01 91 26 4f ff ff ff ff ff ff ff [ 445.605239] ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 445.605240] ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 445.605240] ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 445.605241] ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 445.606369] [drm:amdgpu_connector_dvi_detect [amdgpu]] *ERROR* HDMI-A-1: probed a monitor but no|invalid EDID # reboot INIT: Sending processes the KILL signal [ 521.758143] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 521.765999] IP: [] set_root+0x1d/0xa0 [ 521.771242] PGD 0 [ 521.773080]=20 [ 521.774580] Oops: 0000 [#1] SMP [ 521.777717] Modules linked in: amdgpu blackmagic_io(PO) ttm backlight hid_sony led_class [ 521.785920] CPU: 2 PID: 3694 Comm: hyperflow-engin Tainted: P = O=20=20=20 4.9.6-gentoo-r1 #1 [ 521.794610] Hardware name: BIOSTAR Group A68N-5200/A68N-5200, BIOS 4.6.5 09/03/2015 [ 521.802255] task: ffff880225698c40 task.stack: ffffc90000db8000 [ 521.808165] RIP: 0010:[] [] set_root+0x1d/0xa0 [ 521.815828] RSP: 0018:ffffc90000dbb688 EFLAGS: 00010202 [ 521.821133] RAX: ffff880225698c40 RBX: ffffc90000dbb7c0 RCX: ffff880225a63400 [ 521.828256] RDX: ffffffff81c56e48 RSI: 0000000000000041 RDI: ffffc90000dbb7c0 [ 521.835381] RBP: ffffc90000dbb698 R08: 000000000001a980 R09: ffff880225a63400 [ 521.842505] R10: ffff880225a80026 R11: 0000000000000010 R12: 0000000000000000 [ 521.849630] R13: ffff880225a8201c R14: 0000000000000001 R15: ffff880218826d80 [ 521.856755] FS: 00007fc3f57fa700(0000) GS:ffff88022ed00000(0000) knlGS:0000000000000000 [ 521.864834] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 521.870571] CR2: 0000000000000008 CR3: 0000000001a08000 CR4: 00000000000406e0 [ 521.877694] Stack: [ 521.879706] ffffc90000dbb7c0 0000000000000041 ffffc90000dbb6d8 ffffffff81169b89 [ 521.887160] ffff880220ead600 ffff880225a82000 ffffc90000dbb7c0 ffffc90000dbb8cc [ 521.894612] 0000000000000001 ffff880218826d80 ffffc90000dbb7b0 ffffffff8116c28a [ 521.902067] Call Trace: [ 521.904515] [] path_init+0x1e9/0x330 [ 521.909740] [] path_openat+0x6a/0x1480 [ 521.915141] [] ? default_wake_function+0xd/0x10 [ 521.921319] [] ? __wake_up_common+0x4d/0x80 [ 521.927145] [] do_filp_open+0x79/0xd0 [ 521.932467] [] ? acpi_driver_match_device+0x3d/0x5d [ 521.938991] [] ? platform_match+0x24/0xa0 [ 521.944644] [] ? klist_next+0x21/0xf0 [ 521.949957] [] file_open_name+0xdf/0x100 [ 521.955529] [] filp_open+0x2e/0x50 [ 521.960573] [] kernel_read_file_from_path+0x31/0x70 [ 521.967092] [] _request_firmware+0x2ef/0x5a0 [ 521.973002] [] request_firmware+0x32/0x50 [ 521.978654] [] drm_load_edid_firmware+0x264/0x500 [ 521.985001] [] drm_helper_probe_single_connector_modes+0x14c/0x4d0 [ 521.992826] [] drm_fb_helper_probe_connector_modes.isra.7+0x48/0x70 [ 522.000738] [] drm_fb_helper_hotplug_event+0x94/0xd0 [ 522.007343] [] drm_fb_helper_restore_fbdev_mode_unlocked+0x1bc/0x2a0 [ 522.015381] [] ? amdgpu_driver_postclose_kms+0x90/0xd0 [amdgpu] [ 522.022965] [] amdgpu_fbdev_restore_mode+0x15/0x40 [amdgpu] [ 522.030199] [] amdgpu_driver_lastclose_kms+0xd/0x10 [amdgpu] [ 522.037505] [] drm_lastclose+0x36/0xf0 [ 522.042895] [] drm_release+0x2a5/0x360 [ 522.048288] [] __fput+0xda/0x1e0 [ 522.053167] [] ____fput+0x9/0x10 [ 522.058039] [] task_work_run+0x79/0xa0 [ 522.063438] [] do_exit+0x34a/0xaa0 [ 522.068533] [] ? _ZN10IOWorkLoop8openGateEv+0xd/0x10 [blackmagic_io] [ 522.076524] [] do_group_exit+0x40/0xa0 [ 522.081916] [] get_signal+0x272/0x5e0 [ 522.087246] [] ? _ZN15UserClientClass21getFlushedInputFramesEPcPj+0x1e/0x20 [blackmagic_io] [ 522.097233] [] do_signal+0x23/0x5b0 [ 522.102395] [] ? _ZN20UserClientClassLinux5ioctlEjm+0x8a/0xa0 [blackmagic_io] [ 522.111193] [] ? bmio_client_ioctl+0xc/0x10 [blackmagic_io] [ 522.118424] [] ? __do_global_dtors_aux+0x145/0x540 [blackmagic_io] [ 522.126251] [] ? do_vfs_ioctl+0x8b/0x5a0 [ 522.131823] [] ? ktime_get_ts64+0x45/0xf0 [ 522.137474] [] exit_to_usermode_loop+0x4e/0x80 [ 522.143566] [] syscall_return_slowpath+0x43/0x50 [ 522.149827] [] entry_SYSCALL_64_fastpath+0x92/0x94 [ 522.156264] Code: 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 55 65 48 8b = 04 25 40 c4 00 00 48 89 e5 41 54 53 f6 47 38 40 4c 8b a0 68 05 00 00 74 39 <41= > 8b 4c 24 08 f6 c1 01 75 6d 49 8b 54 24 20 4 9 8b 44 24 18 48=20 [ 522.176216] RIP [] set_root+0x1d/0xa0 [ 522.181536] RSP [ 522.185022] CR2: 0000000000000008 [ 522.188333] ---[ end trace d57bf884cf6f4e4c ]--- [ 522.192944] Fixing recursive fault but reboot is needed! --=20 You are receiving this mail because: You are the assignee for the bug.= --14903517990.E65535f7F.12488 Date: Fri, 24 Mar 2017 10:36:39 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://bugs.freedesktop.org/ Auto-Submitted: auto-generated
Bug ID 100375
Summary forced EDID's can cause a amdgpu to null ptr deref
Product DRI
Version unspecified
Hardware Other
OS All
Status NEW
Severity normal
Priority medium
Component DRM/AMDgpu
Assignee dri-devel@lists.freedesktop.org
Reporter funfunctor@folklore1984.net 

[  307.570505] [drm] Got external EDID base block and 0 extens=
ions from
"edid/768x384.bin" for connector "VGA-1"
[  445.605230] [drm:drm_edid_block_valid] *ERROR* EDID checksum is invalid,
remainder is 60
[  445.605232] Raw EDID:
[  445.605235]          00 ff ff ff ff ff ff 00 39 f6 05 04 16 07 02 00
[  445.605236]          10 17 01 03 81 1e 17 b4 ea c1 e5 a3 57 4e 9c 23
[  445.605237]          1d 50 54 21 08 00 01 01 01 01 01 01 01 01 01 01
[  445.605238]          01 01 01 07 01 01 91 26 4f ff ff ff ff ff ff ff
[  445.605239]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605240]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605240]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.605241]          ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  445.606369] [drm:amdgpu_connector_dvi_detect [amdgpu]] *ERROR* HDMI-A-1:
probed a monitor but no|invalid EDID




 # reboot

INIT: Sending processes the KILL signal
[  521.758143] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[  521.765999] IP: [<ffffffff8116984d>] set_root+0x1d/0xa0
[  521.771242] PGD 0 [  521.773080]=20
[  521.774580] Oops: 0000 [#1] SMP
[  521.777717] Modules linked in: amdgpu blackmagic_io(PO) ttm backlight
hid_sony led_class
[  521.785920] CPU: 2 PID: 3694 Comm: hyperflow-engin Tainted: P           =
O=20=20=20
4.9.6-gentoo-r1 #1
[  521.794610] Hardware name: BIOSTAR Group A68N-5200/A68N-5200, BIOS 4.6.5
09/03/2015
[  521.802255] task: ffff880225698c40 task.stack: ffffc90000db8000
[  521.808165] RIP: 0010:[<ffffffff8116984d>]  [<ffffffff8116984d&=
gt;]
set_root+0x1d/0xa0
[  521.815828] RSP: 0018:ffffc90000dbb688  EFLAGS: 00010202
[  521.821133] RAX: ffff880225698c40 RBX: ffffc90000dbb7c0 RCX:
ffff880225a63400
[  521.828256] RDX: ffffffff81c56e48 RSI: 0000000000000041 RDI:
ffffc90000dbb7c0
[  521.835381] RBP: ffffc90000dbb698 R08: 000000000001a980 R09:
ffff880225a63400
[  521.842505] R10: ffff880225a80026 R11: 0000000000000010 R12:
0000000000000000
[  521.849630] R13: ffff880225a8201c R14: 0000000000000001 R15:
ffff880218826d80
[  521.856755] FS:  00007fc3f57fa700(0000) GS:ffff88022ed00000(0000)
knlGS:0000000000000000
[  521.864834] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  521.870571] CR2: 0000000000000008 CR3: 0000000001a08000 CR4:
00000000000406e0
[  521.877694] Stack:
[  521.879706]  ffffc90000dbb7c0 0000000000000041 ffffc90000dbb6d8
ffffffff81169b89
[  521.887160]  ffff880220ead600 ffff880225a82000 ffffc90000dbb7c0
ffffc90000dbb8cc
[  521.894612]  0000000000000001 ffff880218826d80 ffffc90000dbb7b0
ffffffff8116c28a
[  521.902067] Call Trace:
[  521.904515]  [<ffffffff81169b89>] path_init+0x1e9/0x330
[  521.909740]  [<ffffffff8116c28a>] path_openat+0x6a/0x1480
[  521.915141]  [<ffffffff81079bdd>] ? default_wake_function+0xd/0x10
[  521.921319]  [<ffffffff8108cddd>] ? __wake_up_common+0x4d/0x80
[  521.927145]  [<ffffffff8116f189>] do_filp_open+0x79/0xd0
[  521.932467]  [<ffffffff8134f298>] ? acpi_driver_match_device+0x3d/=
0x5d
[  521.938991]  [<ffffffff813d67c4>] ? platform_match+0x24/0xa0
[  521.944644]  [<ffffffff81602d71>] ? klist_next+0x21/0xf0
[  521.949957]  [<ffffffff8115e5df>] file_open_name+0xdf/0x100
[  521.955529]  [<ffffffff8115e62e>] filp_open+0x2e/0x50
[  521.960573]  [<ffffffff81165561>] kernel_read_file_from_path+0x31/=
0x70
[  521.967092]  [<ffffffff813dffaf>] _request_firmware+0x2ef/0x5a0
[  521.973002]  [<ffffffff813e0292>] request_firmware+0x32/0x50
[  521.978654]  [<ffffffff813a9604>] drm_load_edid_firmware+0x264/0x5=
00
[  521.985001]  [<ffffffff8139e2fc>]
drm_helper_probe_single_connector_modes+0x14c/0x4d0
[  521.992826]  [<ffffffff813aa618>]
drm_fb_helper_probe_connector_modes.isra.7+0x48/0x70
[  522.000738]  [<ffffffff813ac154>] drm_fb_helper_hotplug_event+0x94=
/0xd0
[  522.007343]  [<ffffffff813ac34c>]
drm_fb_helper_restore_fbdev_mode_unlocked+0x1bc/0x2a0
[  522.015381]  [<ffffffffa00efa50>] ? amdgpu_driver_postclose_kms+0x=
90/0xd0
[amdgpu]
[  522.022965]  [<ffffffffa01023d5>] amdgpu_fbdev_restore_mode+0x15/0=
x40
[amdgpu]
[  522.030199]  [<ffffffffa00ef8dd>] amdgpu_driver_lastclose_kms+0xd/=
0x10
[amdgpu]
[  522.037505]  [<ffffffff813b0286>] drm_lastclose+0x36/0xf0
[  522.042895]  [<ffffffff813b05e5>] drm_release+0x2a5/0x360
[  522.048288]  [<ffffffff81160f7a>] __fput+0xda/0x1e0
[  522.053167]  [<ffffffff811610b9>] ____fput+0x9/0x10
[  522.058039]  [<ffffffff8106e929>] task_work_run+0x79/0xa0
[  522.063438]  [<ffffffff8105731a>] do_exit+0x34a/0xaa0
[  522.068533]  [<ffffffffa00749ed>] ? _ZN10IOWorkLoop8openGateEv+0xd=
/0x10
[blackmagic_io]
[  522.076524]  [<ffffffff810588d0>] do_group_exit+0x40/0xa0
[  522.081916]  [<ffffffff81062812>] get_signal+0x272/0x5e0
[  522.087246]  [<ffffffffa004093e>] ?
_ZN15UserClientClass21getFlushedInputFramesEPcPj+0x1e/0x20 [blackmagic_io]
[  522.097233]  [<ffffffff8101bfd3>] do_signal+0x23/0x5b0
[  522.102395]  [<ffffffffa003683a>] ?
_ZN20UserClientClassLinux5ioctlEjm+0x8a/0xa0 [blackmagic_io]
[  522.111193]  [<ffffffffa002d34c>] ? bmio_client_ioctl+0xc/0x10
[blackmagic_io]
[  522.118424]  [<ffffffffa0070af5>] ? __do_global_dtors_aux+0x145/0x=
540
[blackmagic_io]
[  522.126251]  [<ffffffff81171fab>] ? do_vfs_ioctl+0x8b/0x5a0
[  522.131823]  [<ffffffff810ab5c5>] ? ktime_get_ts64+0x45/0xf0
[  522.137474]  [<ffffffff8100222e>] exit_to_usermode_loop+0x4e/0x80
[  522.143566]  [<ffffffff81002673>] syscall_return_slowpath+0x43/0x50
[  522.149827]  [<ffffffff81608e1f>] entry_SYSCALL_64_fastpath+0x92/0=
x94
[  522.156264] Code: 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 55 65 48 8b =
04
25 40 c4 00 00 48 89 e5 41 54 53 f6 47 38 40 4c 8b a0 68 05 00 00 74 39 <=
;41> 8b
4c 24 08 f6 c1 01 75 6d 49 8b 54 24 20 4
9 8b 44 24 18 48=20
[  522.176216] RIP  [<ffffffff8116984d>] set_root+0x1d/0xa0
[  522.181536]  RSP <ffffc90000dbb688>
[  522.185022] CR2: 0000000000000008
[  522.188333] ---[ end trace d57bf884cf6f4e4c ]---
[  522.192944] Fixing recursive fault but reboot is needed!

You are receiving this mail because:
  • You are the assignee for the bug.
= --14903517990.E65535f7F.12488-- --===============1953697432== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlz dHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCg== --===============1953697432==--