From patchwork Mon Jul 13 06:22:22 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Daniel Vetter X-Patchwork-Id: 6774411 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 666D3C05AC for ; Mon, 13 Jul 2015 06:19:44 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 722D9205E6 for ; Mon, 13 Jul 2015 06:19:43 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by mail.kernel.org (Postfix) with ESMTP id 2E5A62041B for ; Mon, 13 Jul 2015 06:19:42 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id CF9C06E4A1; Sun, 12 Jul 2015 23:19:40 -0700 (PDT) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com [209.85.212.175]) by gabe.freedesktop.org (Postfix) with ESMTPS id 266E86E4A1 for ; Sun, 12 Jul 2015 23:19:40 -0700 (PDT) Received: by widjy10 with SMTP id jy10so59337960wid.1 for ; Sun, 12 Jul 2015 23:19:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ffwll.ch; s=google; h=sender:date:from:to:cc:subject:message-id:mail-followup-to :references:mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=uR4A4fi7aEn4iT6LK2VC2/Dmy/VNeMU914wu1TqEP4A=; b=L3YqNzvgie3xDBGUhtfCM8UY0cjd7Uj7+n+kfXlezLNbvOQScxqx/kxUfCVXVPhAmW jtPGzEyPDwlFpUSxRNK8CSWjaboY+IwR7IXpXyn2yAUuONH9GDvcPWZ6PibAT/DwqhaT rUfBAHsD4uGFrij+uGjYTO1GyGKrbg+Q968Lg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-type :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=uR4A4fi7aEn4iT6LK2VC2/Dmy/VNeMU914wu1TqEP4A=; b=mOld4py5BXgzcoFConP92jiDMnJAetE9yP27BRODB4z5ejqvqvvNuqM+r+zRmbbc0f NJq2Hrqw23VX9subqOGwpVnpcGbHZqQVwz13d4OloBewSHBJjYdFoGOtoBZTHMSV47sU lsVUkQ33xRAzmT+FZ5tJKS2YL7Lszp+ZvJCZ7sysABccQK8vkPxwW48rP3JysIiZwx1C BJh35H8kfrlHFpxq+zkSoTfafcxZzrWgEEmGIlpr4nhwxe4rMFoSsqYYAJ6IYsiKEscQ 4jLK1wqIbhkrdFpGGm73p03W5P8NWZVEpsobwqgHsxuLGSPzISLlsuEFuREqBYo8Q8s8 vqig== X-Gm-Message-State: ALoCoQmD9jmh5sCGqjlM3QyGJEXnI3VTRxIOBpm4s/qekUFd5F+4aHpBeU/74Ml7ERP78W2XEU9W X-Received: by 10.180.38.34 with SMTP id d2mr13377341wik.48.1436768378131; Sun, 12 Jul 2015 23:19:38 -0700 (PDT) Received: from phenom.ffwll.local ([2a02:168:56b5:0:22cf:30ff:fe4c:37d6]) by smtp.gmail.com with ESMTPSA id x5sm12651488wif.21.2015.07.12.23.19.35 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Jul 2015 23:19:36 -0700 (PDT) Date: Mon, 13 Jul 2015 08:22:22 +0200 From: Daniel Vetter To: Linus Torvalds Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference Message-ID: <20150713062222.GG3736@phenom.ffwll.local> Mail-Followup-To: Linus Torvalds , =?iso-8859-1?Q?J=F6rg?= Otte , David Airlie , DRI , Linux Kernel Mailing List , Maarten Lankhorst References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Operating-System: Linux phenom 4.2.0-rc1+ User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Daniel Vetter , Linux Kernel Mailing List , DRI , =?iso-8859-1?Q?J=F6rg?= Otte X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" X-Spam-Status: No, score=-5.5 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Sun, Jul 12, 2015 at 09:52:51AM -0700, Linus Torvalds wrote: > On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte wrote: > > > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000009 > > IP: [] 0xffffffffbd3447bb > > Ugh. Please enable KALLSYMS to get sane symbols. > > But yes, "crtc_state->base.active" is at offset 9 from "crtc_state", > so it's pretty clearly just that change frm > > - if (intel_crtc->active) { > + if (crtc_state->base.active) { > > and "crtc_state" is NULL. > > And the code very much knows that crtc_state can be NULL, since it's > initialized with > > crtc_state = state->base.state ? > intel_atomic_get_crtc_state(state->base.state, > intel_crtc) : NULL; > > Tssk. Daniel? Should I just revert that commit dec4f799d0a4 > ("drm/i915: Use crtc_state->active in primary check_plane func") for > now, or is there a better fix? Like just checking crtc_state for NULL? Indeed embarrassing. I've missed that we still have 1 caller left that's using the transitional helpers, and those don't fill out plane_state->state backpointers to the global atomic update since there is no global atomic update for transitional helpers. Below diff should fix this - we need to preferentially check crts_state->active and if that's not set intel_crtc->active should yield the right result for the one remaining caller (it's in the crtc_disable paths). For cheap excuses why i915 is so crap in 4.2: Thanks to a hipshot decision to transition to a different QA team ("we'll do this in 1 week without upfront planing") I essentially don't have proper QA support for 1-2 months by now. The other trouble in this area specifically is that this code is already completely changed in -next again, so any testing done on integration trees (like -next or drm-intel-nightly) won't test any patches for 4.2. -Daniel Oh and Signed-off-by: Daniel Vetter in case you decide to apply this right away. Reviewed-by: Maarten Lankhorst diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c index ba9321998a41..85ac6d85dc39 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -13276,7 +13276,7 @@ intel_check_primary_plane(struct drm_plane *plane, if (ret) return ret; - if (crtc_state->base.active) { + if (crtc_state ? crtc_state->base.active : intel_crtc->active) { struct intel_plane_state *old_state = to_intel_plane_state(plane->state);