Message ID | 20210914132020.v5.2.I62e76a034ac78c994d40a23cd4ec5aeee56fa77c@changeid (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
Series | eDP: Support probing eDP panels dynamically instead of hardcoding | expand |
Hi Douglas, On Tue, Sep 14, 2021 at 10:23 PM Douglas Anderson <dianders@chromium.org> wrote: > A future change wants to be able to read just block 0 of the EDID, so > break it out of drm_do_get_edid() into a sub-function. > > This is intended to be a no-op change--just code movement. > > Signed-off-by: Douglas Anderson <dianders@chromium.org> Thanks for your patch, which is now commit bac9c29482248b00 ("drm/edid: Break out reading block 0 of the EDID") in drm-next. > --- a/drivers/gpu/drm/drm_edid.c > +++ b/drivers/gpu/drm/drm_edid.c > @@ -1905,6 +1905,44 @@ int drm_add_override_edid_modes(struct drm_connector *connector) > } > EXPORT_SYMBOL(drm_add_override_edid_modes); > > +static struct edid *drm_do_get_edid_base_block( > + int (*get_edid_block)(void *data, u8 *buf, unsigned int block, > + size_t len), > + void *data, bool *edid_corrupt, int *null_edid_counter) > +{ > + int i; > + void *edid; > + > + edid = kmalloc(EDID_LENGTH, GFP_KERNEL); > + if (edid == NULL) > + return NULL; > + > + /* base block fetch */ > + for (i = 0; i < 4; i++) { > + if (get_edid_block(data, edid, 0, EDID_LENGTH)) > + goto out; > + if (drm_edid_block_valid(edid, 0, false, edid_corrupt)) > + break; > + if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) { > + if (null_edid_counter) > + (*null_edid_counter)++; > + goto carp; > + } > + } > + if (i == 4) > + goto carp; > + > + return edid; > + > +carp: > + kfree(edid); > + return ERR_PTR(-EINVAL); > + > +out: > + kfree(edid); > + return NULL; > +} > + > /** > * drm_do_get_edid - get EDID data using a custom EDID block read function > * @connector: connector we're probing > @@ -1938,25 +1976,16 @@ struct edid *drm_do_get_edid(struct drm_connector *connector, > if (override) > return override; > > - if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL) > + edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data, > + &connector->edid_corrupt, > + &connector->null_edid_counter); > + if (IS_ERR_OR_NULL(edid)) { > + if (IS_ERR(edid)) So edid is an error code, not a valid pointer... > + connector_bad_edid(connector, edid, 1); ... while connector_bad_edid() expects edid to be a valid pointer, causing a crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000068 Mem abort info: ESR = 0x96000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [0000000000000068] user address but active_mm is swapper Internal error: Oops: 96000004 [#1] PREEMPT SMP CPU: 0 PID: 7 Comm: kworker/u4:0 Not tainted 5.15.0-rc3-arm64-renesas-00629-geb2d42841024-dirty #1313 Hardware name: Renesas Ebisu-4D board based on r8a77990 (DT) Workqueue: events_unbound deferred_probe_work_func pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : connector_bad_edid+0x28/0x1a8 lr : drm_do_get_edid+0x260/0x268 sp : ffff8000121336a0 x29: ffff8000121336a0 x28: ffff00000a373200 x27: 0000000000001ffe PM: ==== always-on/ee160000.mmc: stop x26: 0000000000000005 x25: 0000000000000041 x24: 0000000000000000 x23: ffff000008a25080 x22: ffff8000106bd990 x21: ffff0000081496c0 x20: 0000000000000001 x19: ffffffffffffffea x18: 0000000000000010 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000080 x6 : ffff000009c71000 x5 : 0000000000000000 x4 : 0000000000000069 x3 : ffff00000a3c2900 x2 : 0000000000000001 x1 : ffffffffffffffea x0 : ffff000009c71000 Call trace: connector_bad_edid+0x28/0x1a8 drm_do_get_edid+0x260/0x268 adv7511_get_edid+0xb4/0xd0 adv7511_bridge_get_edid+0x10/0x18 > return NULL; > - > - /* base block fetch */ > - for (i = 0; i < 4; i++) { > - if (get_edid_block(data, edid, 0, EDID_LENGTH)) > - goto out; > - if (drm_edid_block_valid(edid, 0, false, > - &connector->edid_corrupt)) > - break; > - if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) { > - connector->null_edid_counter++; > - goto carp; > - } > } > - if (i == 4) > - goto carp; > > - /* if there's no extensions, we're done */ > + /* if there's no extensions or no connector, we're done */ > valid_extensions = edid[0x7e]; > if (valid_extensions == 0) > return (struct edid *)edid; > @@ -2010,8 +2039,6 @@ struct edid *drm_do_get_edid(struct drm_connector *connector, > > return (struct edid *)edid; > > -carp: > - connector_bad_edid(connector, edid, 1); > out: > kfree(edid); > return NULL; Gr{oetje,eeting}s, Geert
Hi, On Mon, Oct 4, 2021 at 8:42 AM Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > - if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL) > > + edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data, > > + &connector->edid_corrupt, > > + &connector->null_edid_counter); > > + if (IS_ERR_OR_NULL(edid)) { > > + if (IS_ERR(edid)) > > So edid is an error code, not a valid pointer... > > > + connector_bad_edid(connector, edid, 1); > > ... while connector_bad_edid() expects edid to be a valid pointer, > causing a crash: > > Unable to handle kernel NULL pointer dereference at virtual address Sigh. Thanks for the report and analysis. I guess I don't have any displays reporting invalid EDIDs to test with. Hopefully this will help: https://lore.kernel.org/r/20211004092100.1.Ic90a5ebd44c75db963112be167a03cc96f9fb249@changeid/ -Doug
Hi Doug, On Mon, Oct 4, 2021 at 6:26 PM Doug Anderson <dianders@chromium.org> wrote: > On Mon, Oct 4, 2021 at 8:42 AM Geert Uytterhoeven <geert@linux-m68k.org> wrote: > > > - if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL) > > > + edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data, > > > + &connector->edid_corrupt, > > > + &connector->null_edid_counter); > > > + if (IS_ERR_OR_NULL(edid)) { > > > + if (IS_ERR(edid)) > > > > So edid is an error code, not a valid pointer... > > > > > + connector_bad_edid(connector, edid, 1); > > > > ... while connector_bad_edid() expects edid to be a valid pointer, > > causing a crash: > > > > Unable to handle kernel NULL pointer dereference at virtual address > > Sigh. Thanks for the report and analysis. I guess I don't have any > displays reporting invalid EDIDs to test with. Hopefully this will > help: It doesn't happen all the time. Looks like my EDID is only invalid after a reset needed to resolve an s2ram crash in the adv7511 driver... > https://lore.kernel.org/r/20211004092100.1.Ic90a5ebd44c75db963112be167a03cc96f9fb249@changeid/ Thanks for the quick fix! Gr{oetje,eeting}s, Geert
diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c index 6325877c5fd6..520fe1391769 100644 --- a/drivers/gpu/drm/drm_edid.c +++ b/drivers/gpu/drm/drm_edid.c @@ -1905,6 +1905,44 @@ int drm_add_override_edid_modes(struct drm_connector *connector) } EXPORT_SYMBOL(drm_add_override_edid_modes); +static struct edid *drm_do_get_edid_base_block( + int (*get_edid_block)(void *data, u8 *buf, unsigned int block, + size_t len), + void *data, bool *edid_corrupt, int *null_edid_counter) +{ + int i; + void *edid; + + edid = kmalloc(EDID_LENGTH, GFP_KERNEL); + if (edid == NULL) + return NULL; + + /* base block fetch */ + for (i = 0; i < 4; i++) { + if (get_edid_block(data, edid, 0, EDID_LENGTH)) + goto out; + if (drm_edid_block_valid(edid, 0, false, edid_corrupt)) + break; + if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) { + if (null_edid_counter) + (*null_edid_counter)++; + goto carp; + } + } + if (i == 4) + goto carp; + + return edid; + +carp: + kfree(edid); + return ERR_PTR(-EINVAL); + +out: + kfree(edid); + return NULL; +} + /** * drm_do_get_edid - get EDID data using a custom EDID block read function * @connector: connector we're probing @@ -1938,25 +1976,16 @@ struct edid *drm_do_get_edid(struct drm_connector *connector, if (override) return override; - if ((edid = kmalloc(EDID_LENGTH, GFP_KERNEL)) == NULL) + edid = (u8 *)drm_do_get_edid_base_block(get_edid_block, data, + &connector->edid_corrupt, + &connector->null_edid_counter); + if (IS_ERR_OR_NULL(edid)) { + if (IS_ERR(edid)) + connector_bad_edid(connector, edid, 1); return NULL; - - /* base block fetch */ - for (i = 0; i < 4; i++) { - if (get_edid_block(data, edid, 0, EDID_LENGTH)) - goto out; - if (drm_edid_block_valid(edid, 0, false, - &connector->edid_corrupt)) - break; - if (i == 0 && drm_edid_is_zero(edid, EDID_LENGTH)) { - connector->null_edid_counter++; - goto carp; - } } - if (i == 4) - goto carp; - /* if there's no extensions, we're done */ + /* if there's no extensions or no connector, we're done */ valid_extensions = edid[0x7e]; if (valid_extensions == 0) return (struct edid *)edid; @@ -2010,8 +2039,6 @@ struct edid *drm_do_get_edid(struct drm_connector *connector, return (struct edid *)edid; -carp: - connector_bad_edid(connector, edid, 1); out: kfree(edid); return NULL;