From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
To: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Jörg Otte" <jrg.otte@gmail.com>,
"Daniel Vetter" <daniel.vetter@ffwll.ch>
Cc: David Airlie <airlied@linux.ie>,
DRI <dri-devel@lists.freedesktop.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference
Date: Mon, 13 Jul 2015 07:56:10 +0200 [thread overview]
Message-ID: <55A352FA.1000300@linux.intel.com> (raw)
In-Reply-To: <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
Op 12-07-15 om 18:52 schreef Linus Torvalds:
> On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte <jrg.otte@gmail.com> wrote:
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
>> IP: [<ffffffffbd3447bb>] 0xffffffffbd3447bb
> Ugh. Please enable KALLSYMS to get sane symbols.
>
> But yes, "crtc_state->base.active" is at offset 9 from "crtc_state",
> so it's pretty clearly just that change frm
>
> - if (intel_crtc->active) {
> + if (crtc_state->base.active) {
>
> and "crtc_state" is NULL.
>
> And the code very much knows that crtc_state can be NULL, since it's
> initialized with
>
> crtc_state = state->base.state ?
> intel_atomic_get_crtc_state(state->base.state,
> intel_crtc) : NULL;
>
> Tssk. Daniel? Should I just revert that commit dec4f799d0a4
> ("drm/i915: Use crtc_state->active in primary check_plane func") for
> now, or is there a better fix? Like just checking crtc_state for NULL?
>
> Linus
More symbols would be nice.
With the transitional helpers when crtc_state == NULL you don't want to update the scalers or funny things happen.
Fix is probably something like this:
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index ba9321998a41..830e07b23a15 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -13276,7 +13276,7 @@ intel_check_primary_plane(struct drm_plane *plane,
if (ret)
return ret;
- if (crtc_state->base.active) {
+ if (crtc_state ? crtc_state->base.active || crtc->state->active) {
struct intel_plane_state *old_state =
to_intel_plane_state(plane->state);
WARNING: multiple messages have this Message-ID (diff)
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
To: "Linus Torvalds" <torvalds@linux-foundation.org>,
"Jörg Otte" <jrg.otte@gmail.com>,
"Daniel Vetter" <daniel.vetter@ffwll.ch>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
DRI <dri-devel@lists.freedesktop.org>
Subject: Re: [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference
Date: Mon, 13 Jul 2015 07:56:10 +0200 [thread overview]
Message-ID: <55A352FA.1000300@linux.intel.com> (raw)
In-Reply-To: <CA+55aFxc=Xi1sjM+VFGw9ZR5-awgOy3VkE7goSuEdTJbYWfMGA@mail.gmail.com>
Op 12-07-15 om 18:52 schreef Linus Torvalds:
> On Sun, Jul 12, 2015 at 1:03 AM, Jörg Otte <jrg.otte@gmail.com> wrote:
>> BUG: unable to handle kernel NULL pointer dereference at 0000000000000009
>> IP: [<ffffffffbd3447bb>] 0xffffffffbd3447bb
> Ugh. Please enable KALLSYMS to get sane symbols.
>
> But yes, "crtc_state->base.active" is at offset 9 from "crtc_state",
> so it's pretty clearly just that change frm
>
> - if (intel_crtc->active) {
> + if (crtc_state->base.active) {
>
> and "crtc_state" is NULL.
>
> And the code very much knows that crtc_state can be NULL, since it's
> initialized with
>
> crtc_state = state->base.state ?
> intel_atomic_get_crtc_state(state->base.state,
> intel_crtc) : NULL;
>
> Tssk. Daniel? Should I just revert that commit dec4f799d0a4
> ("drm/i915: Use crtc_state->active in primary check_plane func") for
> now, or is there a better fix? Like just checking crtc_state for NULL?
>
> Linus
More symbols would be nice.
With the transitional helpers when crtc_state == NULL you don't want to update the scalers or funny things happen.
Fix is probably something like this:
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
index ba9321998a41..830e07b23a15 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -13276,7 +13276,7 @@ intel_check_primary_plane(struct drm_plane *plane,
if (ret)
return ret;
- if (crtc_state->base.active) {
+ if (crtc_state ? crtc_state->base.active || crtc->state->active) {
struct intel_plane_state *old_state =
to_intel_plane_state(plane->state);
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
next prev parent reply other threads:[~2015-07-13 5:56 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-12 8:03 [4.2.0-rc1-00201-g59c3cb5] Regression: kernel NULL pointer dereference Jörg Otte
2015-07-12 16:33 ` Jörg Otte
2015-07-12 16:52 ` Linus Torvalds
2015-07-12 16:52 ` Linus Torvalds
2015-07-13 5:56 ` Maarten Lankhorst [this message]
2015-07-13 5:56 ` Maarten Lankhorst
2015-07-13 6:22 ` Daniel Vetter
2015-07-13 6:22 ` Daniel Vetter
2015-07-13 7:23 ` Maarten Lankhorst
2015-07-13 7:23 ` Maarten Lankhorst
2015-07-13 7:42 ` Jörg Otte
2015-07-13 7:58 ` Maarten Lankhorst
2015-07-13 8:50 ` Jörg Otte
2015-07-14 11:00 ` [PATCH] drm/i915: Do not call intel_crtc_disable if the crtc is already disabled Maarten Lankhorst
2015-07-14 11:00 ` Maarten Lankhorst
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55A352FA.1000300@linux.intel.com \
--to=maarten.lankhorst@linux.intel.com \
--cc=airlied@linux.ie \
--cc=daniel.vetter@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=jrg.otte@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.