From patchwork Tue Mar 5 11:59:19 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maarten Lankhorst X-Patchwork-Id: 2218871 Return-Path: X-Original-To: patchwork-dri-devel@patchwork.kernel.org Delivered-To: patchwork-process-083081@patchwork1.kernel.org Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) by patchwork1.kernel.org (Postfix) with ESMTP id 45E6C3FCF6 for ; Tue, 5 Mar 2013 12:00:30 +0000 (UTC) Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id 54C6BE69AA for ; Tue, 5 Mar 2013 04:00:30 -0800 (PST) X-Original-To: dri-devel@lists.freedesktop.org Delivered-To: dri-devel@lists.freedesktop.org Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) by gabe.freedesktop.org (Postfix) with ESMTP id 4549EE648A; Tue, 5 Mar 2013 03:59:21 -0800 (PST) Received: from 5ed48cef.cm-7-5c.dynamic.ziggo.nl ([94.212.140.239] helo=[192.168.1.128]) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1UCqWe-0006C3-Gl; Tue, 05 Mar 2013 11:59:20 +0000 Message-ID: <5135DE17.3000507@canonical.com> Date: Tue, 05 Mar 2013 12:59:19 +0100 From: Maarten Lankhorst User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130221 Thunderbird/17.0.3 MIME-Version: 1.0 To: nouveau@lists.freedesktop.org Subject: [PATCH] drm/nouveau: fix null pointer deref on init Cc: "dri-devel@lists.freedesktop.org" X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org Errors-To: dri-devel-bounces+patchwork-dri-devel=patchwork.kernel.org@lists.freedesktop.org My nv96 claims to have a DCB_OUTPUT_TV, which is currently not implemented for nv50, this triggers the following oops: [ 30.110017] nouveau W[ DRM] failed to create encoder 0/1/0: -19 [ 30.110020] nouveau W[ DRM] TV-1 has no encoders, removing [ 30.134089] BUG: unable to handle kernel NULL pointer dereference at (null) [ 30.134096] IP: [] nv50_crtc_destroy+0x29/0x110 [nouveau] [ 30.134127] PGD 0 [ 30.134129] Oops: 0000 [#1] PREEMPT SMP [ 30.134131] Modules linked in: snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_seq_midi snd_seq_midi_event nouveau(+) snd_rawmidi snd_seq kvm_intel kvm snd_seq_device snd_timer usb_storage video fan thermal drm_kms_helper snd ttm drm acpi_cpufreq mperf soundcore processor agpgart thermal_sys mei parport_pc ppdev parport nfsd [ 30.134151] CPU 0 [ 30.134154] Pid: 557, comm: modprobe Not tainted 3.9.0-rc1-patser+ #1116 Acer Aspire M3985/Aspire M3985 [ 30.134157] RIP: 0010:[] [] nv50_crtc_destroy+0x29/0x110 [nouveau] [ 30.134179] RSP: 0018:ffff880261e65928 EFLAGS: 00010286 [ 30.134182] RAX: ffff88025c2a9e40 RBX: ffff8802832ac000 RCX: ffff880000000000 [ 30.134184] RDX: 000000000000002a RSI: ffff8802832aca60 RDI: ffff8802832ac000 [ 30.134186] RBP: ffff880261e65948 R08: 000000029cd39000 R09: 0000000000000001 [ 30.134188] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 [ 30.134190] R13: ffff88028314e468 R14: ffffffffa03be590 R15: ffff88025c2a9e40 [ 30.134193] FS: 00007fba2ff1b740(0000) GS:ffff88029c600000(0000) knlGS:0000000000000000 [ 30.134196] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 30.134198] CR2: 0000000000000000 CR3: 0000000261a1a000 CR4: 00000000001407f0 [ 30.134200] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 30.134203] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 30.134205] Process modprobe (pid: 557, threadinfo ffff880261e64000, task ffff880261e621c0) [ 30.134208] Stack: [ 30.134209] ffff88028314e000 ffff88028314e478 ffff880282d08000 ffff88028314e000 [ 30.134213] ffff880261e65978 ffffffffa0121190 ffff880261e65968 ffff88028314e000 [ 30.134216] 00000000ffffffed 000000005fc41aa0 ffff880261e659d8 ffffffffa0337bf5 [ 30.134220] Call Trace: [ 30.134230] [] drm_mode_config_cleanup+0x1a0/0x1f0 [drm] [ 30.134252] [] nouveau_display_create+0x445/0x820 [nouveau] [ 30.134272] [] nouveau_drm_load+0x3aa/0x980 [nouveau] [ 30.134277] [] ? device_register+0x19/0x20 [ 30.134284] [] ? drm_sysfs_device_add+0x81/0xb0 [drm] [ 30.134292] [] drm_get_pci_dev+0x179/0x290 [drm] [ 30.134295] [] ? __pci_set_master+0x26/0x80 [ 30.134315] [] nouveau_drm_probe+0x25a/0x290 [nouveau] [ 30.134318] [] local_pci_probe+0x46/0x80 [ 30.134321] [] pci_device_probe+0xf9/0x120 [ 30.134324] [] driver_probe_device+0x76/0x220 [ 30.134327] [] __driver_attach+0x9b/0xa0 [ 30.134330] [] ? driver_probe_device+0x220/0x220 [ 30.134333] [] bus_for_each_dev+0x56/0x90 [ 30.134335] [] driver_attach+0x19/0x20 [ 30.134338] [] bus_add_driver+0xee/0x250 [ 30.134341] [] driver_register+0x75/0x150 [ 30.134344] [] __pci_register_driver+0x46/0x50 [ 30.134350] [] drm_pci_init+0x11a/0x130 [drm] [ 30.134353] [] ? 0xffffffffa01b2fff [ 30.134356] [] ? 0xffffffffa01b2fff [ 30.134371] [] nouveau_drm_init+0x4d/0x1000 [nouveau] [ 30.134375] [] do_one_initcall+0x3a/0x160 [ 30.134379] [] load_module+0x1be6/0x2320 [ 30.134382] [] ? show_initstate+0x50/0x50 [ 30.134386] [] sys_init_module+0xa4/0xd0 [ 30.134389] [] system_call_fastpath+0x16/0x1b [ 30.134391] Code: 1f 00 55 48 8d b7 60 0a 00 00 48 89 e5 41 54 53 48 89 fb 48 83 ec 10 48 8b 07 48 8b 80 20 03 00 00 48 8b 80 68 0b 00 00 4c 8b 20 <49> 8b 3c 24 e8 9e fd ff ff 49 8b 3c 24 48 8d b3 a8 0a 00 00 e8 [ 30.134414] RIP [] nv50_crtc_destroy+0x29/0x110 [nouveau] [ 30.134434] RSP [ 30.134436] CR2: 0000000000000000 [ 30.134692] ---[ end trace 4678de513b8e8da0 ]--- Signed-off-by: Maarten Lankhorst diff --git a/drivers/gpu/drm/nouveau/nv50_display.c b/drivers/gpu/drm/nouveau/nv50_display.c index a4d2d3a..b044c4a 100644 --- a/drivers/gpu/drm/nouveau/nv50_display.c +++ b/drivers/gpu/drm/nouveau/nv50_display.c @@ -1271,10 +1271,14 @@ nv50_crtc_destroy(struct drm_crtc *crtc) struct nouveau_crtc *nv_crtc = nouveau_crtc(crtc); struct nv50_disp *disp = nv50_disp(crtc->dev); struct nv50_head *head = nv50_head(crtc); - nv50_dmac_destroy(disp->core, &head->ovly.base); - nv50_pioc_destroy(disp->core, &head->oimm.base); - nv50_dmac_destroy(disp->core, &head->sync.base); - nv50_pioc_destroy(disp->core, &head->curs.base); + + if (disp) { + nv50_dmac_destroy(disp->core, &head->ovly.base); + nv50_pioc_destroy(disp->core, &head->oimm.base); + nv50_dmac_destroy(disp->core, &head->sync.base); + nv50_pioc_destroy(disp->core, &head->curs.base); + } + nouveau_bo_unmap(nv_crtc->cursor.nvbo); if (nv_crtc->cursor.nvbo) nouveau_bo_unpin(nv_crtc->cursor.nvbo);