[PATCH] drm/amd/display: Fix null pointer exception while load amdgpu

Gutierrez, Agustin Agustin.Gutierrez at amd.com
Fri Apr 29 22:06:26 UTC 2022 

[AMD Official Use Only - General]

+review

-----Original Message-----
From: Siqueira, Rodrigo <Rodrigo.Siqueira at amd.com>
Sent: April 29, 2022 5:54 PM
To: Wentland, Harry <Harry.Wentland at amd.com>; Li, Sun peng (Leo) <Sunpeng.Li at amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira at amd.com>; Deucher, Alexander <Alexander.Deucher at amd.com>; Koenig, Christian <Christian.Koenig at amd.com>
Cc: amd-gfx at lists.freedesktop.org; Kim, Sung joon <Sungjoon.Kim at amd.com>; Gutierrez, Agustin <Agustin.Gutierrez at amd.com>
Subject: [PATCH] drm/amd/display: Fix null pointer exception while load amdgpu

From: Sung Joon Kim <sungkim at amd.com>

Recently we got a hard hang during the boot on DCN 3.0.1, which caused the below null pointer exception:

[ +0.000426] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ +0.000003] #PF: supervisor read access in kernel mode [ +0.000003] #PF: error_code(0x0000) - not-present page [ +0.000003] PGD 0 P4D 0 [ +0.000004] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000005] CPU: 6 PID: 874 Comm: Xorg Not tainted 5.16.0.asdn-apr28+ #15 [ +0.000004] Hardware name: AMD Chachani-VN/Chachani-VN, BIOS WCH2303N 03/03/2022 [ +0.000003] RIP: 0010:resource_map_pool_resources+0x431/0xa70 [amdgpu] [ +0.000356] Code: c1 4d 89 c8 49 c1 e0 07 4d 01 c8 49 c1 e0 04 4d 01 f0 49 83 b8 f0 01 00 00 00 0f 85 16 02 00 00 49 8b b8 e0 02 00 00 89 45 c0 <48> 8b 17 4c 8b 92 a0 01 00 00 4d 85 d2 74 24 4c 89 4d 88 48 8d 4d [ +0.000003] RSP: 0018:ffffa92a4142f718 EFLAGS: 00010246 [ +0.000003] RAX: 0000000000000000 RBX: ffff9a0b86d93000 RCX: 0000000000000000 [ +0.000002] RDX: 0000000000000000 RSI: 000000000000554b RDI: 0000000000000000 [ +0.000002] RBP: ffffa92a4142f798 R08: ffff9a0bdb3c0000 R09: 0000000000000000 [ +0.000002] R10: 0000000000000000 R11: 000000000000f000 R12: 0000000000000000 [ +0.000001] R13: ffff9a0b88360000 R14: ffff9a0bdb3c0000 R15: ffff9a0b86273000 [ +0.000003] FS: 00007f4b5641ca40(0000) GS:ffff9a0cb7f80000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000002] CR2: 0000000000000000 CR3: 0000000102cb2000 CR4: 00000000003506e0 [ +0.000003] Call Trace:
[ +0.000002] <TASK>
[ +0.000004] ? kvmalloc_node+0x5c/0x90
[ +0.000009] dcn20_add_stream_to_ctx+0x1c/0x90 [amdgpu] [ +0.000330] dcn30_add_stream_to_ctx+0xe/0x10 [amdgpu] [ +0.000313] dc_add_stream_to_ctx+0x67/0x80 [amdgpu] [ +0.000300] dm_update_crtc_state+0x4dd/0x6e0 [amdgpu] [ +0.000320] amdgpu_dm_atomic_check+0x63b/0x1270 [amdgpu] [ +0.000311] ? __drm_mode_object_add+0x90/0xc0 [drm] [ +0.000043] ? preempt_count_add+0x74/0xc0 [ +0.000005] ? _raw_spin_lock_irqsave+0x2a/0x60 [ +0.000006] ? _raw_spin_unlock_irqrestore+0x29/0x3d
[ +0.000003] ? drm_connector_list_iter_next+0x8e/0xb0 [drm] [ +0.000038] drm_atomic_check_only+0x5dd/0xa20 [drm] [ +0.000044] drm_atomic_commit+0x18/0x60 [drm] [ +0.000046] drm_client_modeset_commit_atomic+0x1e5/0x220 [drm] [ +0.000051] drm_client_modeset_commit_locked+0x57/0x160 [drm] [ +0.000038] __drm_fb_helper_restore_fbdev_mode_unlocked+0x60/0xd0 [drm_kms_helper] [ +0.000027] drm_fb_helper_set_par+0x40/0x50 [drm_kms_helper] [ +0.000022] fb_set_var+0x1c8/0x3d0 [ +0.000007] ? __ext4_mark_inode_dirty+0x83/0x210
[ +0.000006] ? __ext4_journal_stop+0x3c/0xb0 [ +0.000008] fbcon_blank+0x228/0x290 [ +0.000007] do_unblank_screen+0xae/0x150 [ +0.000005] vt_ioctl+0xcf4/0x1360 [ +0.000005] ? get_max_files+0x20/0x20 [ +0.000005] ? get_max_files+0x20/0x20 [ +0.000004] ? debug_smp_processor_id+0x17/0x20 [ +0.000004] tty_ioctl+0x373/0x8a0 [ +0.000005] ? __fput+0x123/0x260 [ +0.000004] ? __fget_light+0xc5/0x100 [ +0.000005] __x64_sys_ioctl+0x91/0xc0 [ +0.000005] do_syscall_64+0x3b/0xc0 [ +0.000005] entry_SYSCALL_64_after_hwframe+0x44/0xae

This issue happens because "pipe_ctx->stream_res.tg" needs to be initialized first before reading its members. This commit fixes this issue by properly initializing the pointer before accessing the target data.

Fixes: 9b98e01a28c6 ("drm/amd/display: Add odm seamless boot support")
Cc: Agustin Gutierrez <agustin.gutierrez at amd.com>
Signed-off-by: Sung Joon Kim <sungkim at amd.com>
---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index f292303b75a5..147c6a3c6312 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -2150,12 +2150,18 @@ static int acquire_resource_from_hw_enabled_state(
        if (!res_ctx->pipe_ctx[tg_inst].stream) {
                struct pipe_ctx *pipe_ctx = &res_ctx->pipe_ctx[tg_inst];

+               pipe_ctx->stream_res.tg = pool->timing_generators[tg_inst];
                id_src[0] = tg_inst;

                if (pipe_ctx->stream_res.tg->funcs->get_optc_source)
                        pipe_ctx->stream_res.tg->funcs->get_optc_source(pipe_ctx->stream_res.tg,
                                        &numPipes, &id_src[0], &id_src[1]);

+               if (id_src[0] == 0xf && id_src[1] == 0xf) {
+                       id_src[0] = tg_inst;
+                       numPipes = 1;
+               }
+
                for (i = 0; i < numPipes; i++) {
                        //Check if src id invalid
                        if (id_src[i] == 0xf)
--
2.25.1

Reviewed-by: Agustin Gutierrez <agustin.gutierrez at amd.com>

More information about the amd-gfx mailing list