[Intel-gfx] [PATCH] drm/i915: Fix Cherryview oops on boot

Chris Wilson chris at chris-wilson.co.uk
Thu Dec 13 16:12:41 UTC 2018


Do not dereference the LUT blob before checking whether that blob
exists. Or else,

<1>[   13.978684] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
<6>[   13.978718] PGD 0 P4D 0
<4>[   13.978733] Oops: 0000 [#1] PREEMPT SMP PTI
<4>[   13.978750] CPU: 0 PID: 282 Comm: modprobe Not tainted 4.20.0-rc5-CI-CI_DRM_5294+ #1
<4>[   13.978773] Hardware name:  /NUC5CPYB, BIOS PYBSWCEL.86A.0058.2016.1102.1842 11/02/2016
<4>[   13.978932] RIP: 0010:cherryview_load_csc_matrix+0x1e6/0x210 [i915]
<4>[   13.978953] Code: 41 5c 41 5d e9 7b 83 aa e1 41 c1 e4 0d 48 83 bd 00 02 00 00 00 48 8b 85 10 02 00 00 45 89 e5 74 09 ba 01 00 00 00 31 c9 eb 9d <48> 8b 50 48 48 c1 ea 03 81 fa 00 01 00 00 75 07 31 d2 48 85 c0 75
<4>[   13.979001] RSP: 0018:ffffc9000026f840 EFLAGS: 00010246
<4>[   13.979018] RAX: 0000000000000000 RBX: ffff888165500000 RCX: 7885fe6200000000
<4>[   13.979039] RDX: 0000000000000020 RSI: ffff88816553a008 RDI: ffff888165464a88
<4>[   13.979060] RBP: ffff888165464a88 R08: 000000000ed0e429 R09: 0000000000000001
<4>[   13.979080] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000004000
<4>[   13.979101] R13: 0000000000004000 R14: ffff888165500000 R15: ffff888165464a88
<4>[   13.979122] FS:  00007fb69c4f3540(0000) GS:ffff88817ba00000(0000) knlGS:0000000000000000
<4>[   13.979146] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[   13.979163] CR2: 0000000000000048 CR3: 000000016d7fa000 CR4: 00000000001006f0
<4>[   13.979184] Call Trace:
<4>[   13.979302]  intel_update_crtc+0x18f/0x2b0 [i915]
<4>[   13.979421]  intel_update_crtcs+0x49/0x60 [i915]
<4>[   13.979538]  intel_atomic_commit_tail+0x1ea/0xd70 [i915]
<4>[   13.979657]  ? intel_atomic_commit_ready+0x3f/0x50 [i915]
<4>[   13.979762]  ? __i915_sw_fence_complete+0x1a0/0x250 [i915]
<4>[   13.979884]  intel_atomic_commit+0x244/0x330 [i915]
<4>[   13.980002]  intel_initial_commit+0xb6/0x140 [i915]
<4>[   13.980127]  intel_modeset_init+0x7a1/0x1880 [i915]
<4>[   13.980235]  i915_driver_load+0xcbb/0x15c0 [i915]
<4>[   13.980257]  ? __pm_runtime_resume+0x4f/0x80
<4>[   13.980277]  ? _raw_spin_unlock_irqrestore+0x4c/0x60
<4>[   13.980296]  ? lockdep_hardirqs_on+0xe0/0x1b0
<4>[   13.980401]  i915_pci_probe+0x29/0xa0 [i915]
<4>[   13.980421]  pci_device_probe+0xa1/0x130
<4>[   13.980440]  really_probe+0xf3/0x3e0
<4>[   13.980456]  driver_probe_device+0x10a/0x120
<4>[   13.980474]  __driver_attach+0xdb/0x100
<4>[   13.980489]  ? driver_probe_device+0x120/0x120
<4>[   13.980505]  ? driver_probe_device+0x120/0x120
<4>[   13.980522]  bus_for_each_dev+0x74/0xc0
<4>[   13.980539]  bus_add_driver+0x15f/0x250
<4>[   13.980554]  ? 0xffffffffa0348000
<4>[   13.980568]  driver_register+0x56/0xe0
<4>[   13.980583]  ? 0xffffffffa0348000
<4>[   13.980597]  do_one_initcall+0x58/0x2e0
<4>[   13.980615]  ? do_init_module+0x1d/0x1ea
<4>[   13.980631]  ? rcu_read_lock_sched_held+0x6f/0x80
<4>[   13.980649]  ? kmem_cache_alloc_trace+0x264/0x290
<4>[   13.980668]  do_init_module+0x56/0x1ea
<4>[   13.980685]  load_module+0x227a/0x29c0
<4>[   13.980715]  ? __se_sys_finit_module+0xd3/0xf0
<4>[   13.980731]  __se_sys_finit_module+0xd3/0xf0
<4>[   13.980756]  do_syscall_64+0x55/0x190
<4>[   13.980772]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
<4>[   13.980789] RIP: 0033:0x7fb69c019839
<4>[   13.980804] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48
<4>[   13.980851] RSP: 002b:00007ffdc112e3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
<4>[   13.980875] RAX: ffffffffffffffda RBX: 000055c689fe0b30 RCX: 00007fb69c019839
<4>[   13.980895] RDX: 0000000000000000 RSI: 000055c689a05d2e RDI: 0000000000000000
<4>[   13.980916] RBP: 000055c689a05d2e R08: 0000000000000000 R09: 0000000000000000
<4>[   13.980936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
<4>[   13.980957] R13: 000055c689fe0c60 R14: 0000000000040000 R15: 000055c689fe0b30
<4>[   13.980986] Modules linked in: i915(+) snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm pinctrl_cherryview prime_numbers
<4>[   13.981027] CR2: 0000000000000048

Fixes: 302da0cdf784 ("drm/i915: Use intel_ types more consistently for color management code (v2)")
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109054
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
Cc: Matt Roper <matthew.d.roper at intel.com>
Cc: Ville Syrjälä <ville.syrjala at linux.intel.com>
---
 drivers/gpu/drm/i915/intel_color.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/i915/intel_color.c b/drivers/gpu/drm/i915/intel_color.c
index 1d572e83db7f..37fd9ddf762e 100644
--- a/drivers/gpu/drm/i915/intel_color.c
+++ b/drivers/gpu/drm/i915/intel_color.c
@@ -74,14 +74,17 @@
 #define ILK_CSC_COEFF_1_0		\
 	((7 << 12) | ILK_CSC_COEFF_FP(CTM_COEFF_1_0, 8))
 
-static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state)
+static bool lut_is_legacy(struct drm_property_blob *lut)
 {
-	int lut_length = drm_color_lut_size(crtc_state->base.gamma_lut);
+	return drm_color_lut_size(lut) == LEGACY_LUT_LENGTH;
+}
 
+static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state)
+{
 	return !crtc_state->base.degamma_lut &&
 		!crtc_state->base.ctm &&
 		crtc_state->base.gamma_lut &&
-		lut_length == LEGACY_LUT_LENGTH;
+		lut_is_legacy(crtc_state->base.gamma_lut);
 }
 
 /*
-- 
2.20.0



More information about the Intel-gfx mailing list