Re: page fault trap in connector_bad_edid with new drm code

Tue, 09 Jun 2020 07:07:12 -0700 

On Tue, Jun 09, 2020 at 04:59:17PM +1000, Jonathan Gray wrote:

> On Tue, Jun 09, 2020 at 08:12:17AM +0200, Otto Moerbeek wrote:
> > On Tue, Jun 09, 2020 at 08:01:12AM +0200, Otto Moerbeek wrote:
> > 
> > > On Mon, Jun 08, 2020 at 09:46:23PM +0200, Mark Kettenis wrote:
> > > 
> > > > > Date: Mon, 8 Jun 2020 20:27:22 +0200
> > > > > From: Otto Moerbeek <[email protected]>
> > > > > 
> > > > > Hi.
> > > > > 
> > > > > a page fault trap happens if I boot my Thnkpad X1 6th generation in 
> > > > > the dock
> > > > > or put it in the dock afterwards. The dock has two DP monitors 
> > > > > connected.
> > > > > 
> > > > > If I change connector_bad_edid() to return immediately things seems to
> > > > > work ok.
> > > > > 
> > > > >       -Otto
> > > > > 
> > > > > summary of trace:
> > > > > 
> > > > > connector_bad_edid+0x4d
> > > > > drm_do_get_edid+0x382
> > > > > drm_get_edid+0x6b
> > > > > intel_hmi_set_edid+0xad
> > > > > intel_hdmi_detect+0xb1
> > > > > drm_helper_probe_detect+0x108
> > > > > intel_encoder_hotplug+0x7f
> > > > > intel_ddi_hotplug+0x54
> > > > > i915_hotplug_work_func+0x245
> > > > > tasq_thread+0x8d
> > > > > 
> > > > > full trace:
> > > > > 
> > > > > https://www.drijf.net/openbsd/IMG_20200608_154513.jpg
> > > > 
> > > > Not sure what kernel you're using.  But the instruction in that image
> > > > doesn't eist in connector_bad_edid in the kernel I just built.
> > > > 
> > > 
> > > Strange, I do have it.  /usr/src/sys/dev/pci/drm/drm_edid.c contains
> > > no version marker, but it's md5 is 3d889f9e1cb3c66cdb4eb49e9319d947
> > > 
> > > objdump -d snippet:
> > > 
> > > 
> > > 0000000000003830 <connector_bad_edid>:
> > >     3830:       4c 8b 1d 00 00 00 00    mov    0(%rip),%r11        #
> > > 3837 <connector_bad_edid+0x7>
> > >     3837:       4c 33 1c 24             xor    (%rsp),%r11
> > >     383b:       55                      push   %rbp
> > >     383c:       48 89 e5                mov    %rsp,%rbp
> > >     383f:       57                      push   %rdi
> > >     3840:       56                      push   %rsi
> > >     3841:       52                      push   %rdx
> > >     3842:       57                      push   %rdi
> > >     3843:       41 53                   push   %r11
> > >     3845:       41 57                   push   %r15
> > >     3847:       41 56                   push   %r14
> > >     3849:       41 55                   push   %r13
> > >     384b:       41 54                   push   %r12
> > >     384d:       53                      push   %rbx
> > >     384e:       48 83 ec 20             sub    $0x20,%rsp
> > >     3852:       41 89 d7                mov    %edx,%r15d
> > >     3855:       0f b6 46 7e             movzbl 0x7e(%rsi),%eax
> > >     3859:       48 c1 e0 07             shl    $0x7,%rax
> > >     385d:       48 89 75 a8             mov    
> > > %rsi,0xffffffffffffffa8(%rbp)
> > >     3861:       48 01 f0                add    %rsi,%rax
> > >     3864:       31 d2                   xor    %edx,%edx
> > >     3866:       b9 03 00 00 00          mov    $0x3,%ecx
> > >     386b:       eb 10                   jmp    387d 
> > > <connector_bad_edid+0x4d>
> > >     386d:       cc                      int3
> > >     386e:       cc                      int3
> > >     386f:       cc                      int3
> > >     3870:       0f b6 34 08             movzbl (%rax,%rcx,1),%esi
> > >     3874:       01 f2                   add    %esi,%edx
> > >     3876:       0f b6 d2                movzbl %dl,%edx
> > >     3879:       48 83 c1 04             add    $0x4,%rcx
> > >     387d:       0f b6 74 08 fd          movzbl 
> > > 0xfffffffffffffffd(%rax,%rcx,1),%esi
> > >     3882:       01 d6                   add    %edx,%esi
> > >     3884:       0f b6 54 08 fe          movzbl 
> > > 0xfffffffffffffffe(%rax,%rcx,1),%edx
> > >     3889:       01 f2                   add    %esi,%edx
> > >     388b:       0f b6 f2                movzbl %dl,%esi
> > >     388e:       0f b6 54 08 ff          movzbl 
> > > 0xffffffffffffffff(%rax,%rcx,1),%edx
> > >     3893:       01 f2                   add    %esi,%edx
> > >     3895:       48 83 f9 7f             cmp    $0x7f,%rcx
> > >     3899:       75 d5                   jne    3870 
> > > <connector_bad_edid+0x40>
> > > ...
> > > 
> > 
> > This looks like an inlined unrolled version of drm_edid_block_checksum()
> 
> gdb points to drm_edid_block_checksum() as well
> 
> 0xffffffff819966ed <+77>:    movzbl -0x3(%rax,%rcx,1),%esi
> 
> (gdb) info line *0xffffffff819966ed
> Line 1597 of "/sys/dev/pci/drm/drm_edid.c"
>    starts at address 0xffffffff819966ed <connector_bad_edid+77>
>    and ends at 0xffffffff819966fb <connector_bad_edid+91>.
> 
> > 
> > My guess is num_of_ext > num_blocks, will verify later when I'm at the 
> > machine.
> > 
> >     -Otto
> 

Indeed. the diff below works for me,

        -Otto

Index: drm_edid.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/drm/drm_edid.c,v
retrieving revision 1.27
diff -u -p -r1.27 drm_edid.c
--- drm_edid.c  8 Jun 2020 04:47:58 -0000       1.27
+++ drm_edid.c  9 Jun 2020 14:04:21 -0000
@@ -1807,6 +1807,9 @@ static void connector_bad_edid(struct dr
        int i;
        u8 num_of_ext = edid[0x7e];
 
+       if (num_of_ext > num_blocks)
+               num_of_ext = num_blocks;
+
        /* Calculate real checksum for the last edid extension block data */
        connector->real_edid_checksum =
                drm_edid_block_checksum(edid + num_of_ext * EDID_LENGTH);

Reply via email to