From a489334941d450c5212ccd821fb11102e910be69 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Thu, 13 Dec 2018 16:12:41 +0000 Subject: [PATCH] drm/i915: Fix Cherryview oops on boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not dereference the LUT blob before checking whether that blob exists. Or else, <1>[ 13.978684] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048 <6>[ 13.978718] PGD 0 P4D 0 <4>[ 13.978733] Oops: 0000 [#1] PREEMPT SMP PTI <4>[ 13.978750] CPU: 0 PID: 282 Comm: modprobe Not tainted 4.20.0-rc5-CI-CI_DRM_5294+ #1 <4>[ 13.978773] Hardware name: /NUC5CPYB, BIOS PYBSWCEL.86A.0058.2016.1102.1842 11/02/2016 <4>[ 13.978932] RIP: 0010:cherryview_load_csc_matrix+0x1e6/0x210 [i915] <4>[ 13.978953] Code: 41 5c 41 5d e9 7b 83 aa e1 41 c1 e4 0d 48 83 bd 00 02 00 00 00 48 8b 85 10 02 00 00 45 89 e5 74 09 ba 01 00 00 00 31 c9 eb 9d <48> 8b 50 48 48 c1 ea 03 81 fa 00 01 00 00 75 07 31 d2 48 85 c0 75 <4>[ 13.979001] RSP: 0018:ffffc9000026f840 EFLAGS: 00010246 <4>[ 13.979018] RAX: 0000000000000000 RBX: ffff888165500000 RCX: 7885fe6200000000 <4>[ 13.979039] RDX: 0000000000000020 RSI: ffff88816553a008 RDI: ffff888165464a88 <4>[ 13.979060] RBP: ffff888165464a88 R08: 000000000ed0e429 R09: 0000000000000001 <4>[ 13.979080] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000004000 <4>[ 13.979101] R13: 0000000000004000 R14: ffff888165500000 R15: ffff888165464a88 <4>[ 13.979122] FS: 00007fb69c4f3540(0000) GS:ffff88817ba00000(0000) knlGS:0000000000000000 <4>[ 13.979146] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 13.979163] CR2: 0000000000000048 CR3: 000000016d7fa000 CR4: 00000000001006f0 <4>[ 13.979184] Call Trace: <4>[ 13.979302] intel_update_crtc+0x18f/0x2b0 [i915] <4>[ 13.979421] intel_update_crtcs+0x49/0x60 [i915] <4>[ 13.979538] intel_atomic_commit_tail+0x1ea/0xd70 [i915] <4>[ 13.979657] ? intel_atomic_commit_ready+0x3f/0x50 [i915] <4>[ 13.979762] ? __i915_sw_fence_complete+0x1a0/0x250 [i915] <4>[ 13.979884] intel_atomic_commit+0x244/0x330 [i915] <4>[ 13.980002] intel_initial_commit+0xb6/0x140 [i915] <4>[ 13.980127] intel_modeset_init+0x7a1/0x1880 [i915] <4>[ 13.980235] i915_driver_load+0xcbb/0x15c0 [i915] <4>[ 13.980257] ? __pm_runtime_resume+0x4f/0x80 <4>[ 13.980277] ? _raw_spin_unlock_irqrestore+0x4c/0x60 <4>[ 13.980296] ? lockdep_hardirqs_on+0xe0/0x1b0 <4>[ 13.980401] i915_pci_probe+0x29/0xa0 [i915] <4>[ 13.980421] pci_device_probe+0xa1/0x130 <4>[ 13.980440] really_probe+0xf3/0x3e0 <4>[ 13.980456] driver_probe_device+0x10a/0x120 <4>[ 13.980474] __driver_attach+0xdb/0x100 <4>[ 13.980489] ? driver_probe_device+0x120/0x120 <4>[ 13.980505] ? driver_probe_device+0x120/0x120 <4>[ 13.980522] bus_for_each_dev+0x74/0xc0 <4>[ 13.980539] bus_add_driver+0x15f/0x250 <4>[ 13.980554] ? 0xffffffffa0348000 <4>[ 13.980568] driver_register+0x56/0xe0 <4>[ 13.980583] ? 0xffffffffa0348000 <4>[ 13.980597] do_one_initcall+0x58/0x2e0 <4>[ 13.980615] ? do_init_module+0x1d/0x1ea <4>[ 13.980631] ? rcu_read_lock_sched_held+0x6f/0x80 <4>[ 13.980649] ? kmem_cache_alloc_trace+0x264/0x290 <4>[ 13.980668] do_init_module+0x56/0x1ea <4>[ 13.980685] load_module+0x227a/0x29c0 <4>[ 13.980715] ? __se_sys_finit_module+0xd3/0xf0 <4>[ 13.980731] __se_sys_finit_module+0xd3/0xf0 <4>[ 13.980756] do_syscall_64+0x55/0x190 <4>[ 13.980772] entry_SYSCALL_64_after_hwframe+0x49/0xbe <4>[ 13.980789] RIP: 0033:0x7fb69c019839 <4>[ 13.980804] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1f f6 2c 00 f7 d8 64 89 01 48 <4>[ 13.980851] RSP: 002b:00007ffdc112e3a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 <4>[ 13.980875] RAX: ffffffffffffffda RBX: 000055c689fe0b30 RCX: 00007fb69c019839 <4>[ 13.980895] RDX: 0000000000000000 RSI: 000055c689a05d2e RDI: 0000000000000000 <4>[ 13.980916] RBP: 000055c689a05d2e R08: 0000000000000000 R09: 0000000000000000 <4>[ 13.980936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 <4>[ 13.980957] R13: 000055c689fe0c60 R14: 0000000000040000 R15: 000055c689fe0b30 <4>[ 13.980986] Modules linked in: i915(+) snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm pinctrl_cherryview prime_numbers <4>[ 13.981027] CR2: 0000000000000048 Fixes: 302da0cdf784 ("drm/i915: Use intel_ types more consistently for color management code (v2)") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109054 Signed-off-by: Chris Wilson Cc: Matt Roper Cc: Ville Syrjälä Reviewed-by: Matt Roper Signed-off-by: Matt Roper Link: https://patchwork.freedesktop.org/patch/msgid/20181213161241.3461-1-chris@chris-wilson.co.uk --- drivers/gpu/drm/i915/intel_color.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_color.c b/drivers/gpu/drm/i915/intel_color.c index 1d572e83db7f..37fd9ddf762e 100644 --- a/drivers/gpu/drm/i915/intel_color.c +++ b/drivers/gpu/drm/i915/intel_color.c @@ -74,14 +74,17 @@ #define ILK_CSC_COEFF_1_0 \ ((7 << 12) | ILK_CSC_COEFF_FP(CTM_COEFF_1_0, 8)) -static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state) +static bool lut_is_legacy(struct drm_property_blob *lut) { - int lut_length = drm_color_lut_size(crtc_state->base.gamma_lut); + return drm_color_lut_size(lut) == LEGACY_LUT_LENGTH; +} +static bool crtc_state_is_legacy_gamma(struct intel_crtc_state *crtc_state) +{ return !crtc_state->base.degamma_lut && !crtc_state->base.ctm && crtc_state->base.gamma_lut && - lut_length == LEGACY_LUT_LENGTH; + lut_is_legacy(crtc_state->base.gamma_lut); } /* -- GitLab