Hello,
Trinity discovered oopses with the i915 colorkey ioctls, reproducible
on my system with this:
#include <unistd.h>
#include <inttypes.h>
#include <drm/i915_drm.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <stdio.h>
#define GET DRM_IOWR(DRM_COMMAND_BASE + DRM_I915_GET_SPRITE_COLORKEY,
struct drm_intel_sprite_colorkey)
int main(int argc, char **argv)
{
int fd = open(argv[1], O_RDWR);
if (fd < 0) {
perror("open");
return 1;
}
for (int i=0; i < 128; ++i) {
printf("get=%d\n", i);
struct drm_intel_sprite_colorkey colorkey = { .plane_id = i };
ioctl(fd, GET, &colorkey);
}
for (int i=0; i < 128; ++i) {
printf("set=%d\n", i);
struct drm_intel_sprite_colorkey colorkey = { .plane_id = i };
ioctl(fd, DRM_IOCTL_I915_SET_SPRITE_COLORKEY, &colorkey);
}
return 0;
}
$ ./main /dev/dri/card0
get=0
get=1
get=2
get=3
get=4
get=5
get=6
get=7
get=8
get=9
get=10
get=11
get=12
get=13
get=14
get=15
get=16
get=17
[ 40.467123] BUG: unable to handle kernel NULL pointer dereference
at (null)
[ 40.475012] IP: [< (null)>] (null)
[ 40.480094] PGD 1728cd067 PUD 17163c067 PMD 0
[ 40.484589] Oops: 0010 [#1] SMP KASAN
[ 40.488297] CPU: 0 PID: 2198 Comm: main Not tainted 4.0.0-rc5+ #87
[ 40.501666] task: ffff8800c66cd380 ti: ffff880172790000 task.ti:
ffff880172790000
[ 40.509179] RIP: 0010:[<0000000000000000>] [< (null)>]
(null)
[ 40.516702] RSP: 0018:ffff880172797d30 EFLAGS: 00010246
[ 40.522037] RAX: ffffed002e7acbe2 RBX: ffff88017401d000 RCX: 0000000000000007
[ 40.529200] RDX: 0000000000000000 RSI: ffff880172797dd8 RDI: ffff880173d65c00
[ 40.536361] RBP: ffff880172797d68 R08: 0000000000000000 R09: 0000000000000000
[ 40.543523] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 40.550686] R13: ffff880173d65cd8 R14: ffff880172797dd8 R15: ffff880173d65c00
[ 40.557852] FS: 00007f09a72e6700(0000) GS:ffff880175c00000(0000)
knlGS:0000000000000000
[ 40.565976] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 40.571744] CR2: 0000000000000000 CR3: 000000017261c000 CR4: 00000000000406f0
[ 40.578907] Stack:
[ 40.580926] ffffffff81b4a437 ffff880172797d68 ffff88017401d000
ffff880171470000
[ 40.588394] 0000000000000014 fffffffffffffff2 ffffffff8271c400
ffff880172797e88
[ 40.595864] ffffffff818acbbc ffff880172797e18 ffffffff8165d7c2
ffffffff8165d660
[ 40.603335] Call Trace:
[ 40.605797] [<ffffffff81b4a437>] ? intel_sprite_get_colorkey+0x97/0xc0
[ 40.612438] [<ffffffff818acbbc>] drm_ioctl+0x27c/0x890
[ 40.617687] [<ffffffff8165d7c2>] ? avc_has_perm+0x182/0x320
[ 40.623371] [<ffffffff8165d660>] ? avc_has_perm+0x20/0x320
[ 40.628966] [<ffffffff81b4a3a0>] ? intel_sprite_set_colorkey+0x260/0x260
[ 40.635785] [<ffffffff8165ffac>] ? inode_has_perm.isra.28+0x7c/0xa0
[ 40.642169] [<ffffffff825dfe5b>] ? _raw_spin_unlock_irq+0x2b/0x40
[ 40.648376] [<ffffffff812f8caf>] do_vfs_ioctl+0x3cf/0x720
[ 40.653887] [<ffffffff81660caa>] ? selinux_file_ioctl+0x6a/0x130
[ 40.660008] [<ffffffff812f9081>] SyS_ioctl+0x81/0xa0
[ 40.665083] [<ffffffff825e0ab2>] system_call_fastpath+0x12/0x17
[ 40.671112] Code: Bad RIP value.
[ 40.674465] RIP [< (null)>] (null)
[ 40.679634] RSP <ffff880172797d30>
[ 40.683134] CR2: 0000000000000000
[ 40.686498] ---[ end trace 9292d9b4aba8dfe9 ]---
--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
