On Fri, 20 May 2016, Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@xxxxxxxxx> wrote: > In commit f9476a6c6d0c ("drm/i915: Refactor platform specifics out of > intel_get_shared_dpll()"), the ibx_get_dpll() function lacked an error > check, that can lead to a NULL pointer dereference when trying to enable > pipe C. > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000068 > IP: [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915] > PGD cec87067 PUD d30ce067 PMD 0 > Oops: 0000 [#1] PREEMPT SMP > Modules linked in: snd_hda_intel i915 drm_kms_helper drm intel_gtt sch_fq_codel cfg80211 binfmt_misc i2c_algo_bit cfbfillrect syscopyarea cfbimgblt sysfillrect sysimgblt fb_sys_fops cfbcopyarea intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp agpgart kvm_intel snd_hda_codec_hdmi kvm iTCO_wdt snd_hda_codec_realtek snd_hda_codec_generic irqbypass aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse pcspkr snd_hda_codec i2c_i801 snd_hwdep snd_hda_core snd_pcm snd_timer lpc_ich mfd_core snd soundcore wmi evdev tpm_tis tpm [last unloaded: drm] > CPU: 3 PID: 5810 Comm: kms_flip Tainted: G U W 4.6.0-test+ #3 > Hardware name: /DZ77BH-55K, BIOS BHZ7710H.86A.0100.2013.0517.0942 05/17/2013 > task: ffff8800d3908040 ti: ffff8801166c8000 task.ti: ffff8801166c8000 > RIP: 0010:[<ffffffffa0482275>] [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915] > RSP: 0018:ffff8801166cba60 EFLAGS: 00010246 > RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002 > RDX: 0000000000000001 RSI: ffff8800d07f1bf8 RDI: 0000000000000000 > RBP: ffff8801166cba88 R08: 0000000000000002 R09: ffff8800d32e5698 > R10: 0000000000000001 R11: ffff8800cc89ac88 R12: ffff8800d07f1bf8 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > FS: 00007f4c3fc8d8c0(0000) GS:ffff88011bcc0000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 0000000000000068 CR3: 00000000d3b4c000 CR4: 00000000001406e0 > Stack: > 0000000000000000 ffff8800d07f1bf8 0000000000000000 ffff8800d04c0000 > 0000000000000000 ffff8801166cbaa8 ffffffffa04823a7 ffff8800d07f1bf8 > ffff8800d32e5698 ffff8801166cbab8 ffffffffa04840cf ffff8801166cbaf0 > Call Trace: > [<ffffffffa04823a7>] ibx_get_dpll+0x47/0xa0 [i915] > [<ffffffffa04840cf>] intel_get_shared_dpll+0x1f/0x50 [i915] > [<ffffffffa046d080>] ironlake_crtc_compute_clock+0x280/0x430 [i915] > [<ffffffffa0472ac0>] intel_crtc_atomic_check+0x240/0x320 [i915] > [<ffffffffa03da18e>] drm_atomic_helper_check_planes+0x14e/0x1d0 [drm_kms_helper] > [<ffffffffa0474a0c>] intel_atomic_check+0x5dc/0x1110 [i915] > [<ffffffffa029d3aa>] drm_atomic_check_only+0x14a/0x660 [drm] > [<ffffffffa029d086>] ? drm_atomic_set_crtc_for_connector+0x96/0x100 [drm] > [<ffffffffa029d8d7>] drm_atomic_commit+0x17/0x60 [drm] > [<ffffffffa03dc3b7>] restore_fbdev_mode+0x237/0x260 [drm_kms_helper] > [<ffffffffa029c65a>] ? drm_modeset_lock_all_ctx+0x9a/0xb0 [drm] > [<ffffffffa03de9b3>] drm_fb_helper_restore_fbdev_mode_unlocked+0x33/0x80 [drm_kms_helper] > [<ffffffffa03dea2d>] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper] > [<ffffffffa03de93a>] drm_fb_helper_hotplug_event+0xaa/0xf0 [drm_kms_helper] > [<ffffffffa03de9d6>] drm_fb_helper_restore_fbdev_mode_unlocked+0x56/0x80 [drm_kms_helper] > [<ffffffffa0490f72>] intel_fbdev_restore_mode+0x22/0x80 [i915] > [<ffffffffa04ba45e>] i915_driver_lastclose+0xe/0x20 [i915] > [<ffffffffa02810de>] drm_lastclose+0x2e/0x130 [drm] > [<ffffffffa028148c>] drm_release+0x2ac/0x4b0 [drm] > [<ffffffff811a6b2d>] __fput+0xed/0x1f0 > [<ffffffff811a6c6e>] ____fput+0xe/0x10 > [<ffffffff81079156>] task_work_run+0x76/0xb0 > [<ffffffff8105aaab>] do_exit+0x3ab/0xc60 > [<ffffffff810a145f>] ? trace_hardirqs_on_caller+0x12f/0x1c0 > [<ffffffff8105c67e>] do_group_exit+0x4e/0xc0 > [<ffffffff8105c704>] SyS_exit_group+0x14/0x20 > [<ffffffff8158bb25>] entry_SYSCALL_64_fastpath+0x18/0xa8 > Code: 14 80 48 8d 34 90 b8 01 00 00 00 d3 e0 09 04 b3 5b 41 5c 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 fe 41 55 41 54 53 <44> 8b 67 68 48 89 f3 48 8b be 08 02 00 00 4c 8b 2e e8 15 9d fd > RIP [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915] > RSP <ffff8801166cba60> > CR2: 0000000000000068 > > Cc: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> > Reported-by: Ville Syrjälä <ville.syrjala@xxxxxxxxxxxxxxx> > Fixes: f9476a6c6d0c ("drm/i915: Refactor platform specifics out of intel_get_shared_dpll()") The scripts are dim, and don't yet handle a lone Fixes: line. Please also add the relevant Cc. In this case, $ dim fixes f9476a6c6d0c Fixes: f9476a6c6d0c ("drm/i915: Refactor platform specifics out of intel_get_shared_dpll()") Cc: drm-intel-fixes@xxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@xxxxxxxxx> > --- > drivers/gpu/drm/i915/intel_dpll_mgr.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/i915/intel_dpll_mgr.c b/drivers/gpu/drm/i915/intel_dpll_mgr.c > index f988adb..1e3d091 100644 > --- a/drivers/gpu/drm/i915/intel_dpll_mgr.c > +++ b/drivers/gpu/drm/i915/intel_dpll_mgr.c > @@ -366,6 +366,9 @@ ibx_get_dpll(struct intel_crtc *crtc, struct intel_crtc_state *crtc_state, > DPLL_ID_PCH_PLL_B); > } > > + if (!pll) > + return NULL; > + > /* reference the pll */ > intel_reference_shared_dpll(pll, crtc_state); -- Jani Nikula, Intel Open Source Technology Center _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/intel-gfx