[PATCH for v4.8-rc6] drm/i915: fix pointer dereference in intel_dvo_init
Stefan Christ
contact at stefanchrist.eu
Mon Sep 12 19:02:04 UTC 2016
Loading the module i915 on my IBM Thinkpad X40 fails in the function
intel_dvo_init(). The function tries to cleanup the struct drm_encoder
that was never initialized. This happens when all intel_dvo_devices
failed to be probed in the for loop. The backtrace was:
BUG: unable to handle kernel NULL pointer dereference at 00000104
IP: [<c14b89d0>] mutex_lock+0x0/0xa
*pde = 00000000
Oops: 0002 [#1] PREEMPT
Modules linked in: i915(+)
CPU: 0 PID: 189 Comm: systemd-udevd Not tainted 4.8.0-rc1 #20
Hardware name: IBM 2371H4G/2371H4G, BIOS 1UETD1WW (2.06 ) 03/01/2006
task: f5e86a00 task.stack: f5e6a000
EIP: 0060:[<c14b89d0>] EFLAGS: 00010282 CPU: 0
EIP is at mutex_lock+0x0/0xa
EAX: 00000104 EBX: f5c7ae80 ECX: 00000000 EDX: f5c7ae80
ESI: 00000000 EDI: f5ce8480 EBP: f5e6bd20 ESP: f5e6bccc
DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
CR0: 80050033 CR2: b6d4a004 CR3: 35ea2000 CR4: 00000690
Stack:
c130a63e f5ce8480 00000000 c1300678 f5ce8480 00000002 f8386f55 f83c8bd4
007dcc00 f5ce8504 f5eb109c f83e28c4 f83e28e8 f6768000 f5eb0000 808b0000
90026000 00061100 00000001 f5eb0000 f5c67800 f5e6bd70 f83a9cf6 00000008
Call Trace:
[<c130a63e>] ? drm_modeset_lock_all+0x35/0x87
[<c1300678>] ? drm_encoder_cleanup+0x10/0x55
[<f8386f55>] ? gen2_write16+0x71/0x71 [i915]
[<f83c8bd4>] ? intel_dvo_init+0x31c/0x33a [i915]
[<f83a9cf6>] ? intel_modeset_init+0xda6/0xfd2 [i915]
[<f83cbdd0>] ? intel_setup_gmbus+0xa4/0x231 [i915]
[<f834959f>] ? i915_driver_load+0xdb8/0xf05 [i915]
[<c127b6b1>] ? pci_device_probe+0x63/0xb2
[<c1314ed1>] ? driver_probe_device+0xde/0x1ef
[<c1315037>] ? __driver_attach+0x55/0x70
[<c1313b5f>] ? bus_for_each_dev+0x50/0x5a
[<c1314ae8>] ? driver_attach+0x14/0x17
[<c1314fe2>] ? driver_probe_device+0x1ef/0x1ef
[<c13147a3>] ? bus_add_driver+0xaa/0x191
[<c1315610>] ? driver_register+0x6f/0xa4
[<f8423000>] ? 0xf8423000
[<c100045e>] ? do_one_initcall+0x79/0xee
[<c10a4ef5>] ? kfree+0xa7/0xcf
[<c10a45c7>] ? kmem_cache_alloc+0x5e/0x82
[<c107c255>] ? do_init_module+0x17/0x194
[<c107c283>] ? do_init_module+0x45/0x194
[<c106457b>] ? load_module+0x12e2/0x16ae
[<c10acdc1>] ? kernel_read_file+0xe2/0x15b
[<c1064a4a>] ? SyS_finit_module+0x5d/0x69
[<c1000e6b>] ? do_fast_syscall_32+0x91/0xf2
[<c14ba207>] ? sysenter_past_esp+0x40/0x6a
Code: 0d 4c e0 67 c1 74 09 eb 0c e8 0d 82 b4 ff eb a5 e8 06 82 b4 ff 83 c4 14 5b 5e 5f c3 e9 40 ff ff ff ba ff ff ff 7f e9 36 ff ff ff <ff> 08 79 05 e8 d9 05 00 00 c3 ff 00 7f 05 e8 84 05 00 00 c3 8b
EIP: [<c14b89d0>] mutex_lock+0x0/0xa SS:ESP 0068:f5e6bccc
CR2: 0000000000000104
---[ end trace 27c6bec7dc5672b3 ]---
Signed-off-by: Stefan Christ <contact at stefanchrist.eu>
---
Hi,
trying out the recent release candiate of the linux kernel 4.8, namely v4.8-rc1
and v4.8-rc6, I see this regression on my IBM Thinkpad X40. My video hardware is
$ lspci
00:02.0 VGA compatible controller: Intel Corporation 82852/855GM Integrated Graphics Device (rev 02)
00:02.1 Display controller: Intel Corporation 82852/855GM Integrated Graphics Device (rev 02)
If you need it, I can post the full dmesg output and my kernel configuration.
Kind regards,
Stefan Christ
---
drivers/gpu/drm/i915/intel_dvo.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c
index 47bdf9d..f14c8e0 100644
--- a/drivers/gpu/drm/i915/intel_dvo.c
+++ b/drivers/gpu/drm/i915/intel_dvo.c
@@ -554,7 +554,9 @@ void intel_dvo_init(struct drm_device *dev)
return;
}
- drm_encoder_cleanup(&intel_encoder->base);
+ /* Only call cleanup if the encoder was initialized in the loop. */
+ if (intel_encoder->base.dev)
+ drm_encoder_cleanup(&intel_encoder->base);
kfree(intel_dvo);
kfree(intel_connector);
}
--
2.7.3
More information about the dri-devel
mailing list