[PATCH] drm/amd/display: Fix null pointer exception while load amdgpu

Rodrigo Siqueira Rodrigo.Siqueira at amd.com
Fri Apr 29 21:53:54 UTC 2022 

From: Sung Joon Kim <sungkim at amd.com>

Recently we got a hard hang during the boot on DCN 3.0.1, which caused
the below null pointer exception:

[ +0.000426] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ +0.000003] #PF: supervisor read access in kernel mode
[ +0.000003] #PF: error_code(0x0000) - not-present page
[ +0.000003] PGD 0 P4D 0
[ +0.000004] Oops: 0000 [#1] PREEMPT SMP NOPTI
[ +0.000005] CPU: 6 PID: 874 Comm: Xorg Not tainted 5.16.0.asdn-apr28+ #15
[ +0.000004] Hardware name: AMD Chachani-VN/Chachani-VN, BIOS WCH2303N 03/03/2022
[ +0.000003] RIP: 0010:resource_map_pool_resources+0x431/0xa70 [amdgpu]
[ +0.000356] Code: c1 4d 89 c8 49 c1 e0 07 4d 01 c8 49 c1 e0 04 4d 01 f0 49 83 b8 f0 01 00 00 00 0f 85 16 02 00 00 49 8b b8 e0 02 00 00 89 45 c0 <48> 8b 17 4c 8b 92 a0 01 00 00 4d 85 d2 74 24 4c 89 4d 88 48 8d 4d
[ +0.000003] RSP: 0018:ffffa92a4142f718 EFLAGS: 00010246
[ +0.000003] RAX: 0000000000000000 RBX: ffff9a0b86d93000 RCX: 0000000000000000
[ +0.000002] RDX: 0000000000000000 RSI: 000000000000554b RDI: 0000000000000000
[ +0.000002] RBP: ffffa92a4142f798 R08: ffff9a0bdb3c0000 R09: 0000000000000000
[ +0.000002] R10: 0000000000000000 R11: 000000000000f000 R12: 0000000000000000
[ +0.000001] R13: ffff9a0b88360000 R14: ffff9a0bdb3c0000 R15: ffff9a0b86273000
[ +0.000003] FS: 00007f4b5641ca40(0000) GS:ffff9a0cb7f80000(0000) knlGS:0000000000000000
[ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ +0.000002] CR2: 0000000000000000 CR3: 0000000102cb2000 CR4: 00000000003506e0
[ +0.000003] Call Trace:
[ +0.000002] <TASK>
[ +0.000004] ? kvmalloc_node+0x5c/0x90
[ +0.000009] dcn20_add_stream_to_ctx+0x1c/0x90 [amdgpu]
[ +0.000330] dcn30_add_stream_to_ctx+0xe/0x10 [amdgpu]
[ +0.000313] dc_add_stream_to_ctx+0x67/0x80 [amdgpu]
[ +0.000300] dm_update_crtc_state+0x4dd/0x6e0 [amdgpu]
[ +0.000320] amdgpu_dm_atomic_check+0x63b/0x1270 [amdgpu]
[ +0.000311] ? __drm_mode_object_add+0x90/0xc0 [drm]
[ +0.000043] ? preempt_count_add+0x74/0xc0
[ +0.000005] ? _raw_spin_lock_irqsave+0x2a/0x60
[ +0.000006] ? _raw_spin_unlock_irqrestore+0x29/0x3d
[ +0.000003] ? drm_connector_list_iter_next+0x8e/0xb0 [drm]
[ +0.000038] drm_atomic_check_only+0x5dd/0xa20 [drm]
[ +0.000044] drm_atomic_commit+0x18/0x60 [drm]
[ +0.000046] drm_client_modeset_commit_atomic+0x1e5/0x220 [drm]
[ +0.000051] drm_client_modeset_commit_locked+0x57/0x160 [drm]
[ +0.000038] __drm_fb_helper_restore_fbdev_mode_unlocked+0x60/0xd0 [drm_kms_helper]
[ +0.000027] drm_fb_helper_set_par+0x40/0x50 [drm_kms_helper]
[ +0.000022] fb_set_var+0x1c8/0x3d0
[ +0.000007] ? __ext4_mark_inode_dirty+0x83/0x210
[ +0.000006] ? __ext4_journal_stop+0x3c/0xb0
[ +0.000008] fbcon_blank+0x228/0x290
[ +0.000007] do_unblank_screen+0xae/0x150
[ +0.000005] vt_ioctl+0xcf4/0x1360
[ +0.000005] ? get_max_files+0x20/0x20
[ +0.000005] ? get_max_files+0x20/0x20
[ +0.000004] ? debug_smp_processor_id+0x17/0x20
[ +0.000004] tty_ioctl+0x373/0x8a0
[ +0.000005] ? __fput+0x123/0x260
[ +0.000004] ? __fget_light+0xc5/0x100
[ +0.000005] __x64_sys_ioctl+0x91/0xc0
[ +0.000005] do_syscall_64+0x3b/0xc0
[ +0.000005] entry_SYSCALL_64_after_hwframe+0x44/0xae

This issue happens because "pipe_ctx->stream_res.tg" needs to be
initialized first before reading its members. This commit fixes this
issue by properly initializing the pointer before accessing the target
data.

Fixes: 9b98e01a28c6 ("drm/amd/display: Add odm seamless boot support")
Cc: Agustin Gutierrez <agustin.gutierrez at amd.com>
Signed-off-by: Sung Joon Kim <sungkim at amd.com>
---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index f292303b75a5..147c6a3c6312 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -2150,12 +2150,18 @@ static int acquire_resource_from_hw_enabled_state(
 	if (!res_ctx->pipe_ctx[tg_inst].stream) {
 		struct pipe_ctx *pipe_ctx = &res_ctx->pipe_ctx[tg_inst];
 
+		pipe_ctx->stream_res.tg = pool->timing_generators[tg_inst];
 		id_src[0] = tg_inst;
 
 		if (pipe_ctx->stream_res.tg->funcs->get_optc_source)
 			pipe_ctx->stream_res.tg->funcs->get_optc_source(pipe_ctx->stream_res.tg,
 					&numPipes, &id_src[0], &id_src[1]);
 
+		if (id_src[0] == 0xf && id_src[1] == 0xf) {
+			id_src[0] = tg_inst;
+			numPipes = 1;
+		}
+
 		for (i = 0; i < numPipes; i++) {
 			//Check if src id invalid
 			if (id_src[i] == 0xf)
-- 
2.25.1

More information about the amd-gfx mailing list