From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751469AbbGMGTk (ORCPT <rfc822;w@1wt.eu>);
	Mon, 13 Jul 2015 02:19:40 -0400
Received: from mail-wi0-f173.google.com ([209.85.212.173]:34187 "EHLO
	mail-wi0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751114AbbGMGTj (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 13 Jul 2015 02:19:39 -0400
Date: Mon, 13 Jul 2015 08:22:22 +0200
From: Daniel Vetter <daniel@ffwll.ch>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: =?iso-8859-1?Q?J=F6rg?= Otte <jrg.otte@gmail.com>,
        Daniel Vetter <daniel.vetter@ffwll.ch>,
        David Airlie <airlied@linux.ie>, DRI <dri-devel@lists.freedesktop.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer
 dereference
Message-ID: <20150713062222.GG3736@phenom.ffwll.local>
Mail-Followup-To: Linus Torvalds <torvalds@linux-foundation.org>,
	=?iso-8859-1?Q?J=F6rg?= Otte <jrg.otte@gmail.com>,
	David Airlie <airlied@linux.ie>,
	DRI <dri-devel@lists.freedesktop.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
References: <CADDKRnB8D3H_61BCe1gD7TXQt1eRniGTfqPESnK0jM4HE16oCg@mail.gmail.com>
 <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
X-Operating-System: Linux phenom 4.2.0-rc1+ 
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Jul 12, 2015 at 09:52:51AM -0700, Linus Torvalds wrote:
> On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte <jrg.otte@gmail.com> wrote:
> >
> > BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
> > IP: [<ffffffffbd3447bb>] 0xffffffffbd3447bb
> 
> Ugh. Please enable KALLSYMS to get sane symbols.
> 
> But yes, "crtc_state->base.active" is at offset 9 from "crtc_state",
> so it's pretty clearly just that change frm
> 
> -       if (intel_crtc->active) {
> +       if (crtc_state->base.active) {
> 
> and "crtc_state" is NULL.
> 
> And the code very much knows that crtc_state can be NULL, since it's
> initialized with
> 
>         crtc_state = state->base.state ?
>                 intel_atomic_get_crtc_state(state->base.state,
> intel_crtc) : NULL;
> 
> Tssk. Daniel? Should I just revert that commit dec4f799d0a4
> ("drm/i915: Use crtc_state->active in primary check_plane func") for
> now, or is there a better fix? Like just checking crtc_state for NULL?

Indeed embarrassing. I've missed that we still have 1 caller left that's
using the transitional helpers, and those don't fill out
plane_state->state backpointers to the global atomic update since there is
no global atomic update for transitional helpers. Below diff should fix
this - we need to preferentially check crts_state->active and if that's
not set intel_crtc->active should yield the right result for the one
remaining caller (it's in the crtc_disable paths).

For cheap excuses why i915 is so crap in 4.2: Thanks to a hipshot decision
to transition to a different QA team ("we'll do this in 1 week without
upfront planing") I essentially don't have proper QA support for 1-2
months by now. The other trouble in this area specifically is that this
code is already completely changed in -next again, so any testing done on
integration trees (like -next or drm-intel-nightly) won't test any patches
for 4.2.
-Daniel

Oh and Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> in case you
decide to apply this right away.
---
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index ba9321998a41..85ac6d85dc39 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -13276,7 +13276,7 @@ intel_check_primary_plane(struct drm_plane *plane,
 	if (ret)
 		return ret;
 
-	if (crtc_state->base.active) {
+	if (crtc_state ? crtc_state->base.active : intel_crtc->active) {
 		struct intel_plane_state *old_state =
 			to_intel_plane_state(plane->state);
 
-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel Vetter <daniel@ffwll.ch>
Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer
 dereference
Date: Mon, 13 Jul 2015 08:22:22 +0200
Message-ID: <20150713062222.GG3736@phenom.ffwll.local>
References: <CADDKRnB8D3H_61BCe1gD7TXQt1eRniGTfqPESnK0jM4HE16oCg@mail.gmail.com>
 <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail-wi0-f175.google.com (mail-wi0-f175.google.com
 [209.85.212.175])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 266E86E4A1
 for <dri-devel@lists.freedesktop.org>; Sun, 12 Jul 2015 23:19:40 -0700 (PDT)
Received: by widjy10 with SMTP id jy10so59337960wid.1
 for <dri-devel@lists.freedesktop.org>; Sun, 12 Jul 2015 23:19:38 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, DRI <dri-devel@lists.freedesktop.org>, =?iso-8859-1?Q?J=F6rg?= Otte <jrg.otte@gmail.com>
List-Id: dri-devel@lists.freedesktop.org

T24gU3VuLCBKdWwgMTIsIDIwMTUgYXQgMDk6NTI6NTFBTSAtMDcwMCwgTGludXMgVG9ydmFsZHMg
d3JvdGU6Cj4gT24gU3VuLCBKdWwgMTIsIDIwMTUgYXQgMTowMyBBTSwgSsO2cmcgT3R0ZSA8anJn
Lm90dGVAZ21haWwuY29tPiB3cm90ZToKPiA+Cj4gPiBCVUc6IHVuYWJsZSB0byBoYW5kbGUga2Vy
bmVsIE5VTEwgcG9pbnRlciBkZXJlZmVyZW5jZSBhdCAwMDAwMDAwMDAwMDAwMDA5Cj4gPiBJUDog
WzxmZmZmZmZmZmJkMzQ0N2JiPl0gMHhmZmZmZmZmZmJkMzQ0N2JiCj4gCj4gVWdoLiBQbGVhc2Ug
ZW5hYmxlIEtBTExTWU1TIHRvIGdldCBzYW5lIHN5bWJvbHMuCj4gCj4gQnV0IHllcywgImNydGNf
c3RhdGUtPmJhc2UuYWN0aXZlIiBpcyBhdCBvZmZzZXQgOSBmcm9tICJjcnRjX3N0YXRlIiwKPiBz
byBpdCdzIHByZXR0eSBjbGVhcmx5IGp1c3QgdGhhdCBjaGFuZ2UgZnJtCj4gCj4gLSAgICAgICBp
ZiAoaW50ZWxfY3J0Yy0+YWN0aXZlKSB7Cj4gKyAgICAgICBpZiAoY3J0Y19zdGF0ZS0+YmFzZS5h
Y3RpdmUpIHsKPiAKPiBhbmQgImNydGNfc3RhdGUiIGlzIE5VTEwuCj4gCj4gQW5kIHRoZSBjb2Rl
IHZlcnkgbXVjaCBrbm93cyB0aGF0IGNydGNfc3RhdGUgY2FuIGJlIE5VTEwsIHNpbmNlIGl0J3MK
PiBpbml0aWFsaXplZCB3aXRoCj4gCj4gICAgICAgICBjcnRjX3N0YXRlID0gc3RhdGUtPmJhc2Uu
c3RhdGUgPwo+ICAgICAgICAgICAgICAgICBpbnRlbF9hdG9taWNfZ2V0X2NydGNfc3RhdGUoc3Rh
dGUtPmJhc2Uuc3RhdGUsCj4gaW50ZWxfY3J0YykgOiBOVUxMOwo+IAo+IFRzc2suIERhbmllbD8g
U2hvdWxkIEkganVzdCByZXZlcnQgdGhhdCBjb21taXQgZGVjNGY3OTlkMGE0Cj4gKCJkcm0vaTkx
NTogVXNlIGNydGNfc3RhdGUtPmFjdGl2ZSBpbiBwcmltYXJ5IGNoZWNrX3BsYW5lIGZ1bmMiKSBm
b3IKPiBub3csIG9yIGlzIHRoZXJlIGEgYmV0dGVyIGZpeD8gTGlrZSBqdXN0IGNoZWNraW5nIGNy
dGNfc3RhdGUgZm9yIE5VTEw/CgpJbmRlZWQgZW1iYXJyYXNzaW5nLiBJJ3ZlIG1pc3NlZCB0aGF0
IHdlIHN0aWxsIGhhdmUgMSBjYWxsZXIgbGVmdCB0aGF0J3MKdXNpbmcgdGhlIHRyYW5zaXRpb25h
bCBoZWxwZXJzLCBhbmQgdGhvc2UgZG9uJ3QgZmlsbCBvdXQKcGxhbmVfc3RhdGUtPnN0YXRlIGJh
Y2twb2ludGVycyB0byB0aGUgZ2xvYmFsIGF0b21pYyB1cGRhdGUgc2luY2UgdGhlcmUgaXMKbm8g
Z2xvYmFsIGF0b21pYyB1cGRhdGUgZm9yIHRyYW5zaXRpb25hbCBoZWxwZXJzLiBCZWxvdyBkaWZm
IHNob3VsZCBmaXgKdGhpcyAtIHdlIG5lZWQgdG8gcHJlZmVyZW50aWFsbHkgY2hlY2sgY3J0c19z
dGF0ZS0+YWN0aXZlIGFuZCBpZiB0aGF0J3MKbm90IHNldCBpbnRlbF9jcnRjLT5hY3RpdmUgc2hv
dWxkIHlpZWxkIHRoZSByaWdodCByZXN1bHQgZm9yIHRoZSBvbmUKcmVtYWluaW5nIGNhbGxlciAo
aXQncyBpbiB0aGUgY3J0Y19kaXNhYmxlIHBhdGhzKS4KCkZvciBjaGVhcCBleGN1c2VzIHdoeSBp
OTE1IGlzIHNvIGNyYXAgaW4gNC4yOiBUaGFua3MgdG8gYSBoaXBzaG90IGRlY2lzaW9uCnRvIHRy
YW5zaXRpb24gdG8gYSBkaWZmZXJlbnQgUUEgdGVhbSAoIndlJ2xsIGRvIHRoaXMgaW4gMSB3ZWVr
IHdpdGhvdXQKdXBmcm9udCBwbGFuaW5nIikgSSBlc3NlbnRpYWxseSBkb24ndCBoYXZlIHByb3Bl
ciBRQSBzdXBwb3J0IGZvciAxLTIKbW9udGhzIGJ5IG5vdy4gVGhlIG90aGVyIHRyb3VibGUgaW4g
dGhpcyBhcmVhIHNwZWNpZmljYWxseSBpcyB0aGF0IHRoaXMKY29kZSBpcyBhbHJlYWR5IGNvbXBs
ZXRlbHkgY2hhbmdlZCBpbiAtbmV4dCBhZ2Fpbiwgc28gYW55IHRlc3RpbmcgZG9uZSBvbgppbnRl
Z3JhdGlvbiB0cmVlcyAobGlrZSAtbmV4dCBvciBkcm0taW50ZWwtbmlnaHRseSkgd29uJ3QgdGVz
dCBhbnkgcGF0Y2hlcwpmb3IgNC4yLgotRGFuaWVsCgpPaCBhbmQgU2lnbmVkLW9mZi1ieTogRGFu
aWVsIFZldHRlciA8ZGFuaWVsLnZldHRlckBpbnRlbC5jb20+IGluIGNhc2UgeW91CmRlY2lkZSB0
byBhcHBseSB0aGlzIHJpZ2h0IGF3YXkuCi0tLQpkaWZmIC0tZ2l0IGEvZHJpdmVycy9ncHUvZHJt
L2k5MTUvaW50ZWxfZGlzcGxheS5jIGIvZHJpdmVycy9ncHUvZHJtL2k5MTUvaW50ZWxfZGlzcGxh
eS5jCmluZGV4IGJhOTMyMTk5OGE0MS4uODVhYzZkODVkYzM5IDEwMDY0NAotLS0gYS9kcml2ZXJz
L2dwdS9kcm0vaTkxNS9pbnRlbF9kaXNwbGF5LmMKKysrIGIvZHJpdmVycy9ncHUvZHJtL2k5MTUv
aW50ZWxfZGlzcGxheS5jCkBAIC0xMzI3Niw3ICsxMzI3Niw3IEBAIGludGVsX2NoZWNrX3ByaW1h
cnlfcGxhbmUoc3RydWN0IGRybV9wbGFuZSAqcGxhbmUsCiAJaWYgKHJldCkKIAkJcmV0dXJuIHJl
dDsKIAotCWlmIChjcnRjX3N0YXRlLT5iYXNlLmFjdGl2ZSkgeworCWlmIChjcnRjX3N0YXRlID8g
Y3J0Y19zdGF0ZS0+YmFzZS5hY3RpdmUgOiBpbnRlbF9jcnRjLT5hY3RpdmUpIHsKIAkJc3RydWN0
IGludGVsX3BsYW5lX3N0YXRlICpvbGRfc3RhdGUgPQogCQkJdG9faW50ZWxfcGxhbmVfc3RhdGUo
cGxhbmUtPnN0YXRlKTsKIAotLSAKRGFuaWVsIFZldHRlcgpTb2Z0d2FyZSBFbmdpbmVlciwgSW50
ZWwgQ29ycG9yYXRpb24KaHR0cDovL2Jsb2cuZmZ3bGwuY2gKX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVsIG1haWxpbmcgbGlzdApkcmktZGV2
ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0cy5mcmVlZGVza3RvcC5vcmcvbWFp
bG1hbi9saXN0aW5mby9kcmktZGV2ZWwK