Bug#597636: linux-image-2.6.32-5-amd64: Unable to login with this kernel

Mon, 27 Sep 2010 08:03:28 -0700 

On Sun, Sep 26, 2010 at 9:46 PM, Ben Hutchings <[email protected]> wrote:
> Alex,
>
> Moorthi Pichumani reports that radeon crashes at startup in a Debian
> kernel.  This has drm from 2.6.33 with backported fixes.  The oops
> message shows it's trying to write through a null pointer in
> r600_ioctl_wait_idle().  I thought this might be due to the bug you
> fixed in commit 87cbf8f "drm/radeon/kms: fix a regression on r7xx AGP
> due to the HDP flush fix", but this is not an AGP device.  Any other
> ideas?
>
> The bug report is at <http://bugs.debian.org/597636>.
> Our kernel source is <git://git.debian.org/kernel/linux-2.6.git#squeeze>.
>

The attached patch should fix it.

Alex

> Ben.
>
> --
> Ben Hutchings
> Once a job is fouled up, anything done to improve it makes it worse.
>

From 1c9b3a143a9ddd64c390dfeb757a8f6d12b70c90 Mon Sep 17 00:00:00 2001
From: Alex Deucher <[email protected]>
Date: Mon, 27 Sep 2010 10:53:34 -0400
Subject: [PATCH] drm/radeon/kms: fix potential segfault in r600_ioctl_wait_idle

radeon_gem_wait_idle_ioctl can apparently get called prior to
the vram page being set up or even if accel if false, so make
sure it's valid before using it.

Should fix:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597636
https://bugs.freedesktop.org/show_bug.cgi?id=29834

Signed-off-by: Alex Deucher <[email protected]>
Cc: [email protected]
---
 drivers/gpu/drm/radeon/r600.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
index 30a51c3..31f45af 100644
--- a/drivers/gpu/drm/radeon/r600.c
+++ b/drivers/gpu/drm/radeon/r600.c
@@ -3491,7 +3491,8 @@ void r600_ioctl_wait_idle(struct radeon_device *rdev, struct radeon_bo *bo)
 	/* r7xx hw bug.  write to HDP_DEBUG1 followed by fb read
 	 * rather than write to HDP_REG_COHERENCY_FLUSH_CNTL
 	 */
-	if ((rdev->family >= CHIP_RV770) && (rdev->family <= CHIP_RV740)) {
+	if ((rdev->family >= CHIP_RV770) && (rdev->family <= CHIP_RV740) &&
+	    rdev->vram_scratch.ptr) {
 		void __iomem *ptr = (void *)rdev->vram_scratch.ptr;
 		u32 tmp;
 
-- 
1.7.1.1

Reply via email to