On Thu, Oct 05, 2017 at 04:15:20PM +0200, Maarten Lankhorst wrote: > crtc_state_is_legacy also checks for CTM, which was missing from > intel_color_check. By using the same condition for commit and check > we reduce the chance of mismatches. > > This was spotted by KASAN while trying to rework kms_color igt test. > > [ 72.008660] ================================================================== > [ 72.009326] BUG: KASAN: slab-out-of-bounds in bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915] > [ 72.009519] Read of size 2 at addr ffff880220216e50 by task kms_color/1158 > [ 72.009900] CPU: 2 PID: 1158 Comm: kms_color Tainted: G U W 4.14.0-rc3-patser+ #5281 > [ 72.009921] Hardware name: GIGABYTE GB-BKi3A-7100/MFLP3AP-00, BIOS F1 07/27/2016 > [ 72.009941] Call Trace: > [ 72.009968] dump_stack+0xc5/0x151 > [ 72.009996] ? _atomic_dec_and_lock+0x10f/0x10f > [ 72.010024] ? show_regs_print_info+0x3c/0x3c > [ 72.010072] print_address_description+0x7f/0x240 > [ 72.010108] kasan_report+0x216/0x370 > [ 72.010308] ? bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915] > [ 72.010349] __asan_load2+0x74/0x80 > [ 72.010552] bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915] > [ 72.010772] broadwell_load_luts+0x1f0/0x300 [i915] > [ 72.010997] intel_color_load_luts+0x36/0x40 [i915] > [ 72.011205] intel_begin_crtc_commit+0xa1/0x310 [i915] > [ 72.011283] drm_atomic_helper_commit_planes_on_crtc+0xa6/0x320 [drm_kms_helper] > [ 72.011316] ? wait_for_completion_io+0x460/0x460 > [ 72.011524] intel_update_crtc+0xe3/0x100 [i915] > [ 72.011720] skl_update_crtcs+0x360/0x3f0 [i915] > [ 72.011945] ? intel_update_crtcs+0xf0/0xf0 [i915] > [ 72.012010] ? drm_atomic_helper_wait_for_dependencies+0x3d9/0x400 [drm_kms_helper] > [ 72.012231] intel_atomic_commit_tail+0x8db/0x1500 [i915] > [ 72.012273] ? __lock_is_held+0x9c/0xc0 > [ 72.012494] ? skl_update_crtcs+0x3f0/0x3f0 [i915] > [ 72.012518] ? find_next_bit+0xb/0x10 > [ 72.012544] ? cpumask_next+0x1a/0x20 > [ 72.012745] ? i915_sw_fence_complete+0x9d/0xe0 [i915] > [ 72.012938] ? __i915_sw_fence_complete+0x5d0/0x5d0 [i915] > [ 72.013176] intel_atomic_commit+0x528/0x570 [i915] > [ 72.013280] ? drm_atomic_get_property+0xc00/0xc00 [drm] > [ 72.013466] ? intel_atomic_commit_tail+0x1500/0x1500 [i915] > [ 72.013496] ? kmem_cache_alloc_trace+0x266/0x280 > [ 72.013714] ? intel_atomic_commit_tail+0x1500/0x1500 [i915] > [ 72.013812] drm_atomic_commit+0x77/0x80 [drm] > [ 72.013911] set_property_atomic+0x14a/0x210 [drm] > [ 72.014015] ? drm_object_property_get_value+0x70/0x70 [drm] > [ 72.014080] ? mutex_unlock+0xd/0x10 > [ 72.014292] ? intel_atomic_commit_tail+0x1500/0x1500 [i915] > [ 72.014379] drm_mode_obj_set_property_ioctl+0x1cf/0x310 [drm] > [ 72.014481] ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm] > [ 72.014510] ? lock_release+0x6c0/0x6c0 > [ 72.014602] ? drm_is_current_master+0x46/0x60 [drm] > [ 72.014706] drm_ioctl_kernel+0x148/0x1d0 [drm] > [ 72.014799] ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm] > [ 72.014898] ? drm_ioctl_permit+0x100/0x100 [drm] > [ 72.014936] ? kasan_check_write+0x14/0x20 > [ 72.015039] drm_ioctl+0x441/0x660 [drm] > [ 72.015129] ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm] > [ 72.015235] ? drm_getstats+0x20/0x20 [drm] > [ 72.015287] ? ___might_sleep+0x159/0x340 > [ 72.015311] ? find_held_lock+0xcf/0xf0 > [ 72.015341] ? __schedule_bug+0x110/0x110 > [ 72.015405] do_vfs_ioctl+0xa88/0xb10 > [ 72.015449] ? ioctl_preallocate+0x1a0/0x1a0 > [ 72.015487] ? selinux_capable+0x20/0x20 > [ 72.015525] ? rcu_dynticks_momentary_idle+0x40/0x40 > [ 72.015607] SyS_ioctl+0x4e/0x80 > [ 72.015647] entry_SYSCALL_64_fastpath+0x18/0xad > [ 72.015670] RIP: 0033:0x7ff74a3d04d7 > [ 72.015691] RSP: 002b:00007ffc594bec08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 > [ 72.015734] RAX: ffffffffffffffda RBX: ffffffff8718f54a RCX: 00007ff74a3d04d7 > [ 72.015756] RDX: 00007ffc594bec40 RSI: 00000000c01864ba RDI: 0000000000000003 > [ 72.015777] RBP: ffff880211c0ff98 R08: 0000000000000086 R09: 0000000000000000 > [ 72.015799] R10: 00007ff74a691b58 R11: 0000000000000246 R12: 0000000000000355 > [ 72.015821] R13: 00000000ff00eb00 R14: 0000000000000a00 R15: 00007ff746082000 > [ 72.015857] ? trace_hardirqs_off_caller+0xfa/0x110 > > Signed-off-by: Maarten Lankhorst <maarten.lankhorst@xxxxxxxxxxxxxxx> > --- > drivers/gpu/drm/i915/intel_color.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/drivers/gpu/drm/i915/intel_color.c b/drivers/gpu/drm/i915/intel_color.c > index ff9ecd211abb..c53266725eef 100644 > --- a/drivers/gpu/drm/i915/intel_color.c > +++ b/drivers/gpu/drm/i915/intel_color.c > @@ -632,12 +632,10 @@ int intel_color_check(struct drm_crtc *crtc, > return 0; > > /* > - * We also allow no degamma lut and a gamma lut at the legacy > + * We also allow no degamma lut/ctm and a gamma lut at the legacy > * size (256 entries). > */ > - if (!crtc_state->degamma_lut && > - crtc_state->gamma_lut && > - crtc_state->gamma_lut->length == LEGACY_LUT_LENGTH) > + if (crtc_state_is_legacy(crtc_state)) crtc_state_is_legacy is a bit a confusing function name imo. I think renaming it to crtc_state_is_legacy_gamma would be much clearer. With that changed (in the entire file ofc, same patch): Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx> > return 0; > > return -EINVAL; > -- > 2.14.1 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/intel-gfx -- Daniel Vetter Software Engineer, Intel Corporation http://blog.ffwll.ch _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx