subject:"\[Intel\-gfx\] \[PATCH for v4.8\-rc6\] drm\/i915\: fix pointer dereference in intel_dvo

[Intel-gfx] [PATCH for v4.8-rc6] drm/i915: fix pointer dereference in intel_dvo_init

2016-09-13 Thread Stefan Christ

Loading the module i915 on my IBM Thinkpad X40 fails in the function
intel_dvo_init(). The function tries to cleanup the struct drm_encoder
that was never initialized. This happens when all intel_dvo_devices
failed to be probed in the for loop. The backtrace was:

BUG: unable to handle kernel NULL pointer dereference at 0104
IP: [] mutex_lock+0x0/0xa
*pde = 
Oops: 0002 [#1] PREEMPT
Modules linked in: i915(+)
CPU: 0 PID: 189 Comm: systemd-udevd Not tainted 4.8.0-rc1 #20
Hardware name: IBM 2371H4G/2371H4G, BIOS 1UETD1WW (2.06 ) 03/01/2006
task: f5e86a00 task.stack: f5e6a000
EIP: 0060:[] EFLAGS: 00010282 CPU: 0
EIP is at mutex_lock+0x0/0xa
EAX: 0104 EBX: f5c7ae80 ECX:  EDX: f5c7ae80
ESI:  EDI: f5ce8480 EBP: f5e6bd20 ESP: f5e6bccc
 DS: 007b ES: 007b FS:  GS: 0033 SS: 0068
CR0: 80050033 CR2: b6d4a004 CR3: 35ea2000 CR4: 0690
Stack:
 c130a63e f5ce8480  c1300678 f5ce8480 0002 f8386f55 f83c8bd4
 007dcc00 f5ce8504 f5eb109c f83e28c4 f83e28e8 f6768000 f5eb 808b
 90026000 00061100 0001 f5eb f5c67800 f5e6bd70 f83a9cf6 0008
Call Trace:
 [] ? drm_modeset_lock_all+0x35/0x87
 [] ? drm_encoder_cleanup+0x10/0x55
 [] ? gen2_write16+0x71/0x71 [i915]
 [] ? intel_dvo_init+0x31c/0x33a [i915]
 [] ? intel_modeset_init+0xda6/0xfd2 [i915]
 [] ? intel_setup_gmbus+0xa4/0x231 [i915]
 [] ? i915_driver_load+0xdb8/0xf05 [i915]
 [] ? pci_device_probe+0x63/0xb2
 [] ? driver_probe_device+0xde/0x1ef
 [] ? __driver_attach+0x55/0x70
 [] ? bus_for_each_dev+0x50/0x5a
 [] ? driver_attach+0x14/0x17
 [] ? driver_probe_device+0x1ef/0x1ef
 [] ? bus_add_driver+0xaa/0x191
 [] ? driver_register+0x6f/0xa4
 [] ? 0xf8423000
 [] ? do_one_initcall+0x79/0xee
 [] ? kfree+0xa7/0xcf
 [] ? kmem_cache_alloc+0x5e/0x82
 [] ? do_init_module+0x17/0x194
 [] ? do_init_module+0x45/0x194
 [] ? load_module+0x12e2/0x16ae
 [] ? kernel_read_file+0xe2/0x15b
 [] ? SyS_finit_module+0x5d/0x69
 [] ? do_fast_syscall_32+0x91/0xf2
 [] ? sysenter_past_esp+0x40/0x6a
Code: 0d 4c e0 67 c1 74 09 eb 0c e8 0d 82 b4 ff eb a5 e8 06 82 b4 ff 83 c4 
14 5b 5e 5f c3 e9 40 ff ff ff ba ff ff ff 7f e9 36 ff ff ff  08 79 05 e8 d9 
05 00 00 c3 ff 00 7f 05 e8 84 05 00 00 c3 8b
EIP: [] mutex_lock+0x0/0xa SS:ESP 0068:f5e6bccc
CR2: 0104
---[ end trace 27c6bec7dc5672b3 ]---

Signed-off-by: Stefan Christ 
---
Hi,

trying out the recent release candiate of the linux kernel 4.8, namely v4.8-rc1
and v4.8-rc6, I see this regression on my IBM Thinkpad X40. My video hardware is

   $ lspci
   00:02.0 VGA compatible controller: Intel Corporation 82852/855GM Integrated 
Graphics Device (rev 02)
   00:02.1 Display controller: Intel Corporation 82852/855GM Integrated 
Graphics Device (rev 02)

If you need it, I can post the full dmesg output and my kernel configuration.

Kind regards,
Stefan Christ
---
 drivers/gpu/drm/i915/intel_dvo.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c
index 47bdf9d..f14c8e0 100644
--- a/drivers/gpu/drm/i915/intel_dvo.c
+++ b/drivers/gpu/drm/i915/intel_dvo.c
@@ -554,7 +554,9 @@ void intel_dvo_init(struct drm_device *dev)
return;
}
 
-   drm_encoder_cleanup(_encoder->base);
+   /* Only call cleanup if the encoder was initialized in the loop. */
+   if (intel_encoder->base.dev)
+   drm_encoder_cleanup(_encoder->base);
kfree(intel_dvo);
kfree(intel_connector);
 }
-- 
2.7.3

___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

Re: [Intel-gfx] [PATCH for v4.8-rc6] drm/i915: fix pointer dereference in intel_dvo_init

2016-09-13 Thread Jani Nikula

On Mon, 12 Sep 2016, Stefan Christ  wrote:
> Loading the module i915 on my IBM Thinkpad X40 fails in the function
> intel_dvo_init(). The function tries to cleanup the struct drm_encoder
> that was never initialized. This happens when all intel_dvo_devices
> failed to be probed in the for loop. The backtrace was:

This is already fixed by

commit 8a07fed44b126f48020f122b9e6bf05d8c48f281
Author: Chris Wilson 
Date:   Tue Aug 23 10:25:58 2016 +0100

drm/i915/dvo: Remove dangling call to drm_encoder_cleanup()

in drm-intel-fixes and drm-fixes, headed to v4.8-rc7.

Thanks,
Jani.


-- 
Jani Nikula, Intel Open Source Technology Center
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx

[Intel-gfx] [PATCH for v4.8-rc6] drm/i915: fix pointer dereference in intel_dvo_init

Re: [Intel-gfx] [PATCH for v4.8-rc6] drm/i915: fix pointer dereference in intel_dvo_init

2 matches

Site Navigation

Mail list logo

Footer information