On Thu, Dec 13, 2018 at 04:12:41PM +0000, Chris Wilson wrote: > Do not dereference the LUT blob before checking whether that blob > exists. Or else, > > <1>[ 13.978684] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 > <6>[ 13.978718] PGD 0 P4D 0 > <4>[ 13.978733] Oops: 0000 [#1] PREEMPT SMP PTI > <4>[ 13.978750] CPU: 0 PID: 282 Comm: modprobe Not tainted 4.20.0-rc5-CI-CI_DRM_5294+ #1 > <4>[ 13.978773] Hardware name: /NUC5CPYB, BIOS PYBSWCEL.86A.0058.2016.1102.1842 11/02/2016 > <4>[ 13.978932] RIP: 0010:cherryview_load_csc_matrix+0x1e6/0x210 [i915] > <4>[ 13.978953] Code: 41 5c 41 5d e9 7b 83 aa e1 41 c1 e4 0d 48 83 bd 00 02 00 00 00 48 8b 85 10 02 00 00 45 89 e5 74 09 ba 01 00 00 00 31 c9 eb 9d <48> 8b 50 48 48 c1 ea 03 81 fa 00 01 00 00 75 07 31 d2 48 85 c0 75 > <4>[ 13.979001] RSP: 0018:ffffc9000026f840 EFLAGS: 00010246 > <4>[ 13.979018] RAX: 0000000000000000 RBX: ffff888165500000 RCX: 7885fe6200000000 > <4>[ 13.979039] RDX: 0000000000000020 RSI: ffff88816553a008 RDI: ffff888165464a88 > <4>[ 13.979060] RBP: ffff888165464a88 R08: 000000000ed0e429 R09: 0000000000000001 > <4>[ 13.979080] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000004000 > <4>[ 13.979101] R13: 0000000000004000 R14: ffff888165500000 R15: ffff888165464a88 > <4>[ 13.979122] FS: 00007fb69c4f3540(0000) GS:ffff88817ba00000(0000) knlGS:0000000000000000 > <4>[ 13.979146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > <4>[ 13.979163] CR2: 0000000000000048 CR3: 000000016d7fa000 CR4: 00000000001006f0 > <4>[ 13.979184] Call Trace: > <4>[ 13.979302] intel_update_crtc+0x18f/0x2b0 [i915] > <4>[ 13.979421] intel_update_crtcs+0x49/0x60 [i915] > <4>[ 13.979538] intel_atomic_commit_tail+0x1ea/0xd70 [i915] > <4>[ 13.979657] ? intel_atomic_commit_ready+0x3f/0x50 [i915] > <4>[ 13.979762] ? __i915_sw_fence_complete+0x1a0/0x250 [i915] > <4>[ 13.979884] intel_atomic_commit+0x244/0x330 [i915] > <4>[ 13.980002] intel_initial_commit+0xb6/0x140 [i915] > <4>[ 13.980127] intel_modeset_init+0x7a1/0x1880 [i915] > <4>[ 13.980235] i915_driver_load+0xcbb/0x15c0 [i915] > <4>[ 13.980257] ? __pm_runtime_resume+0x4f/0x80 > <4>[ 13.980277] ? _raw_spin_unlock_irqrestore+0x4c/0x60 > <4>[ 13.980296] ? lockdep_hardirqs_on+0xe0/0x1b0 > <4>[ 13.980401] i915_pci_probe+0x29/0xa0 [i915] > <4>[ 13.980421] pci_device_probe+0xa1/0x130 > <4>[ 13.980440] really_probe+0xf3/0x3e0 > <4>[ 13.980456] driver_probe_device+0x10a/0x120 > <4>[ 13.980474] __driver_attach+0xdb/0x100 > <4>[ 13.980489] ? driver_probe_device+0x120/0x120 > <4>[ 13.980505] ? driver_probe_device+0x120/0x120 > <4>[ 13.980522] bus_for_each_dev+0x74/0xc0 > <4>[ 13.980539] bus_add_driver+0x15f/0x250 > <4>[ 13.980554] ? 0xffffffffa0348000 > <4>[ 13.980568] driver_register+0x56/0xe0 > <4>[ 13.980583] ? 0xffffffffa0348000 > <4>[ 13.980597] do_one_initcall+0x58/0x2e0 > <4>[ 13.980615] ? do_init_module+0x1d/0x1ea > <4>[ 13.980631] ? rcu_read_lock_sched_held+0x6f/0x80 > <4>[ 13.980649] ? kmem_cache_alloc_trace+0x264/0x290 > <4>[ 13.980668] do_init_module+0x56/0x1ea > <4>[ 13.980685] load_module+0x227a/0x29c0 > <4>[ 13.980715] ? __se_sys_finit_module+0xd3/0xf0 > <4>[ 13.980731] __se_sys_finit_module+0xd3/0xf0 > <4>[ 13.980756] do_syscall_64+0x55/0x190 > <4>[ 13.980772] entry_SYSCALL_64_after_hwframe+0x49/0xbe > <4>[ 13.980789] RIP: 0033:0x7fb69c019839 > <4>[ 13.980804] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48 > <4>[ 13.980851] RSP: 002b:00007ffdc112e3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 > <4>[ 13.980875] RAX: ffffffffffffffda RBX: 000055c689fe0b30 RCX: 00007fb69c019839 > <4>[ 13.980895] RDX: 0000000000000000 RSI: 000055c689a05d2e RDI: 0000000000000000 > <4>[ 13.980916] RBP: 000055c689a05d2e R08: 0000000000000000 R09: 0000000000000000 > <4>[ 13.980936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 > <4>[ 13.980957] R13: 000055c689fe0c60 R14: 0000000000040000 R15: 000055c689fe0b30 > <4>[ 13.980986] Modules linked in: i915(+) snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm pinctrl_cherryview prime_numbers > <4>[ 13.981027] CR2: 0000000000000048 > > Fixes: 302da0cdf784 ("drm/i915: Use intel_ types more consistently for color management code (v2)") > Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109054 > Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx> > Cc: Matt Roper <matthew.d.roper@xxxxxxxxx> > Cc: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> Reviewed-by: Matt Roper <matthew.d.roper@xxxxxxxxx> Pushed to dinq; thanks for the patch. Matt > --- > drivers/gpu/drm/i915/intel_color.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/drivers/gpu/drm/i915/intel_color.c b/drivers/gpu/drm/i915/intel_color.c > index 1d572e83db7f..37fd9ddf762e 100644 > --- a/drivers/gpu/drm/i915/intel_color.c > +++ b/drivers/gpu/drm/i915/intel_color.c > @@ -74,14 +74,17 @@ > #define ILK_CSC_COEFF_1_0 \ > ((7 << 12) | ILK_CSC_COEFF_FP(CTM_COEFF_1_0, 8)) > > -static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state) > +static bool lut_is_legacy(struct drm_property_blob *lut) > { > - int lut_length = drm_color_lut_size(crtc_state->base.gamma_lut); > + return drm_color_lut_size(lut) == LEGACY_LUT_LENGTH; > +} > > +static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state) > +{ > return !crtc_state->base.degamma_lut && > !crtc_state->base.ctm && > crtc_state->base.gamma_lut && > - lut_length == LEGACY_LUT_LENGTH; > + lut_is_legacy(crtc_state->base.gamma_lut); > } > > /* > -- > 2.20.0 > -- Matt Roper Graphics Software Engineer IoTG Platform Enabling & Development Intel Corporation (916) 356-2795 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx