Radeon atombios power state can cause NULL pointer dereference

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

My Packard Bell Dot M/A laptop (ATI x1200/rs690m) fails during resume:

[   73.033179] BUG: unable to handle kernel NULL pointer dereference at
0000000000000020 [   73.033184] IP: [<ffffffffa0418dc3>]
radeon_pm_resume+0xda/0x137 [radeon] [   73.033227] PGD 0 
[   73.033231] Oops: 0000 [#1] SMP 
[   73.033236] CPU 0 
[   73.033238] Modules linked in: cryptd aes_x86_64 aes_generic uinput
loop snd_hda_codec_realtek arc4 ath9k joydev snd_hda_intel radeon
ath9k_common ath9k_hw snd_hda_codec ath ttm snd_hwdep uvcvideo
drm_kms_helper mac80211 videodev snd_pcm snd_page_alloc snd_seq
snd_seq_device snd_timer drm v4l2_compat_ioctl32 media cfg80211
edac_mce_amd mperf acerhdf acer_wmi snd sp5100_tco sparse_keymap pcspkr
edac_core rfkill soundcore i2c_piix4 i2c_algo_bit k8temp psmouse
i2c_core evdev serio_raw video wmi shpchp processor ac battery
power_supply button ext4 crc16 jbd2 mbcache sg sd_mod crc_t10dif
ata_generic ahci libahci pata_atiixp libata ohci_hcd ehci_hcd usbcore
scsi_mod thermal thermal_sys r8169 mii usb_common [last unloaded:
scsi_wait_scan] [   73.033304] [   73.033310] Pid: 154, comm:
kworker/u:6 Not tainted 3.2.0-4-amd64 #1 Debian 3.2.41-2+deb7u2 Packard
Bell     DOTMA           /SJM11-YK [   73.033317] RIP:
0010:[<ffffffffa0418dc3>]  [<ffffffffa0418dc3>]
radeon_pm_resume+0xda/0x137 [radeon] [   73.033347] RSP:
0018:ffff880037631db0  EFLAGS: 00010297 [   73.033350] RAX:
ffff88006b8fa1d0 RBX: ffff88003715c000 RCX: 0000000000000000
[   73.033354] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff88003715d3a8 [   73.033358] RBP: ffff88003715d3a8 R08:
0000000000000002 R09: 0000000000000028 [   73.033362] R10:
0000000000001700 R11: 0000000000001700 R12: 0000000000000000
[   73.033366] R13: ffffffff8142db90 R14: ffff88006d733c05 R15:
ffff88006b6156d0 [   73.033372] FS:  00007f96cf0ea700(0000)
GS:ffff88006fc00000(0000) knlGS:0000000000000000 [   73.033376] CS:
0010 DS: 0000 ES: 0000 CR0: 000000008005003b [   73.033380] CR2:
0000000000000020 CR3: 0000000001605000 CR4: 00000000000006f0
[   73.033385] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000 [   73.033389] DR3: 0000000000000000 DR6:
00000000ffff0ff0 DR7: 0000000000000400 [   73.033394] Process
kworker/u:6 (pid: 154, threadinfo ffff880037630000, task
ffff8800375415d0) [   73.033397] Stack: [   73.033399]
ffff88006b737000 ffff88003715c000 ffff88006b737000 ffffffffa03d5a26
[   73.033406]  ffff88006cc57090 0000000000000000 0000000000000000
ffffffff81255b88 [   73.033411]  ffff880037631d2c ffff88006cc57090
ffff88006cc570f0 0000000000000000 [   73.033417] Call Trace:
[   73.033439]  [<ffffffffa03d5a26>] ? radeon_resume_kms+0x82/0x114
[radeon] [   73.033448]  [<ffffffff81255b88>] ? pm_op+0xa1/0x141
[   73.033455]  [<ffffffff81255f4c>] ? device_resume+0xa2/0xfc
[   73.033461]  [<ffffffff81255fba>] ? async_resume+0x14/0x38
[   73.033469]  [<ffffffff810648cc>] ? async_run_entry_fn+0x96/0x142
[   73.033475]  [<ffffffff8105b22d>] ? process_one_work+0x161/0x264
[   73.033484]  [<ffffffff81059b3e>] ? need_to_create_worker+0x9/0x1c
[   73.033489]  [<ffffffff8105c1ee>] ? worker_thread+0xc2/0x145
[   73.033495]  [<ffffffff8105c12c>] ?
manage_workers.isra.25+0x15b/0x15b [   73.033502]
[<ffffffff8105f329>] ? kthread+0x76/0x7e [   73.033509]
[<ffffffff81354b34>] ? kernel_thread_helper+0x4/0x10 [   73.033515]
[<ffffffff8105f2b3>] ? kthread_worker_fn+0x139/0x139 [   73.033521]
[<ffffffff81354b30>] ? gs_change+0x13/0x13 [   73.033523] Code: 14 00
00 8b 93 38 14 00 00 89 83 14 14 00 00 48 6b c0 30 48 03 83 08 14 00 00
89 93 2c 14 00 00 83 bb 48 14 00 00 01 48 8b 50 08 <8b> 52 20 66 89 93
30 14 00 00 48 8b 40 08 66 8b 40 22 66 89 83 [   73.033565] RIP
[<ffffffffa0418dc3>] radeon_pm_resume+0xda/0x137 [radeon]
[   73.033593]  RSP <ffff880037631db0> [   73.033596] CR2:
0000000000000020

Digging a little bit, the issue can be highlighted with this patch:

--- drivers/gpu/drm/radeon/radeon_atombios.c.orig	2013-05-23
21:54:50.514665155 +0200
+++ drivers/gpu/drm/radeon/radeon_atombios.c	2013-05-24
00:20:43.149263167 +0200
@@ -2159,6 +2159,7 @@ static int radeon_atombios_parse_power_t
 	}
 	/* last mode is usually default */
 	if (rdev->pm.default_power_state_index == -1) {
+		WARN_ON(state_index == 0);
 		rdev->pm.power_state[state_index - 1].type =
 			POWER_STATE_TYPE_DEFAULT;
 		rdev->pm.default_power_state_index = state_index - 1;

In my case, the laptop report 0 for memory clock for all power states.
At the end of the for loop, state_index still equals 0, leading to a
wrong access in the rdev->pm.power_state array.
When switching memory clock in async mode (instead of sync mode)
within the bios, the laptop correctly reports its value (ie 333MHz).

Regards,
Clement
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux