q3k/linux
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
linux/drivers/gpu/drm/i915
History
Chris Wilson 0ce907f891 drm/i915: Prevent use of uninitialized pointers along error path. 
X.org hang with [drm:i915_gem_do_execbuffer] *ERROR* in dmesg
  http://bugzilla.kernel.org/show_bug.cgi?id=15114

Matej found he was hitting an error path within i915_gem_do_execbuffer()
that led to the attempt to dereference an uninitialised pointer during
cleanup. This path used to be safe as we used to calloc the object
lists, but this was changed in c8e0f93. Daniel Vetter had also spotted
this error and proposed a similar patch.

[ 6379.732892] [drm:i915_gem_do_execbuffer] *ERROR* Object ffff880098cd6540 appears more than once in object list
[ 6379.740976] [drm:i915_gem_do_execbuffer] *ERROR* Object ffff880098cd6540 appears more than once in object list
[ 6379.740995] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a0
[ 6379.740998] IP: [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741006] PGD babab067 PUD bb435067 PMD 0
[ 6379.741010] Oops: 0002 [#1] PREEMPT SMP
[ 6379.741014] last sysfs file: /sys/devices/pci0000:00/0000:00:1c.2/0000:06:00.0/ieee80211/phy0/rfkill0/state
[ 6379.741017] CPU 1
[ 6379.741021] Pid: 2186, comm: X Not tainted 2.6.33-rc4-00399-g24bc734 #142 M11D/ESPRIMO Mobile M9400
[ 6379.741023] RIP: 0010:[<ffffffff8122ddb5>] [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741027] RSP: 0018:ffff8800b9047b78  EFLAGS: 00213206
[ 6379.741029] RAX: 0000000000000000 RBX: 000000000000004f RCX: ffff880098cac800
[ 6379.741032] RDX: ffff880098caca78 RSI: ffff8800b9047c98 RDI: ffff880098cd6540
[ 6379.741034] RBP: ffff8800b9047c78 R08: ffffffff814b96b5 R09: 0000000000000006
[ 6379.741036] R10: 0000000000000000 R11: 0000000000000003 R12: 000000000000004e
[ 6379.741038] R13: 00000000fffffff7 R14: 0000000000000000 R15: 0000000000000001
[ 6379.741041] FS:  0000000000000000(0000) GS:ffff880001900000(0063) knlGS:00000000f72636c0
[ 6379.741043] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 6379.741041] FS:  0000000000000000(0000) GS:ffff880001900000(0063) knlGS:00000000f72636c0
[ 6379.741043] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 6379.741045] CR2: 00000000000000a0 CR3: 00000000b9000000 CR4: 00000000000006e0
[ 6379.741048] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 6379.741050] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 6379.741052] Process X (pid: 2186, threadinfo ffff8800b9046000, task ffff8800bb5d8000)
[ 6379.741054] Stack:
[ 6379.741055]  ffffc90023f57000 ffffc90023f56fff ffffc90023f56fff ffffc90023f55000
[ 6379.741059] <0> ffff8800b9047c98 ffff8800bb43c840 ffff8800bf1de800 ffff8800bf1de820
[ 6379.741063] <0> ffff8800b9047bd8 ffff880098cac800 0000000000000000 0000000000000002
[ 6379.741068] Call Trace:
[ 6379.741072]  [<ffffffff8122e6cb>] ?  i915_gem_execbuffer+0x6b/0x370
[ 6379.741077]  [<ffffffff810a5f52>] ? __vmalloc_node+0xa2/0xb0
[ 6379.741080]  [<ffffffff8122e6cb>] ?  i915_gem_execbuffer+0x6b/0x370
[ 6379.741083]  [<ffffffff8122e816>] i915_gem_execbuffer+0x1b6/0x370
[ 6379.741086]  [<ffffffff8120cd55>] drm_ioctl+0x1d5/0x460
[ 6379.741089]  [<ffffffff8122e660>] ?  i915_gem_execbuffer+0x0/0x370
[ 6379.741093]  [<ffffffff81248c35>] i915_compat_ioctl+0x45/0x50
[ 6379.741097]  [<ffffffff810f1659>] compat_sys_ioctl+0xa9/0x1570
[ 6379.741102]  [<ffffffff810b1d5c>] ? vfs_read+0x13c/0x1a0
[ 6379.741106]  [<ffffffff81028424>] sysenter_dispatch+0x7/0x2b
[ 6379.741108] Code: 08 85 c0 74 52 31 db 0f 1f 80 00 00 00 00 48 63 c3 48 8b
8d 68 ff ff ff 48 8d 14 c1 48 8b 02 48 85 c0 74 25 48 8b 80 80 00 00 00 <c7> 80
a0 00 00 00 00 00 00 00 48 8b 3a 48 85 ff 74 0c 48 c7 c6
[ 6379.741142] RIP  [<ffffffff8122ddb5>] i915_gem_do_execbuffer+0xba5/0x1260
[ 6379.741145]  RSP <ffff8800b9047b78>
[ 6379.741147] CR2: 00000000000000a0
[ 6379.741159] ---[ end trace 0598809afa4c31db ]---

Reported-by: Matej Laitl <strohel@gmail.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Eric Anholt <eric@anholt.net>
2010-01-25 09:00:38 -08:00
..
dvo.h drm/i915: Change I2C api to pass around i2c_adapters 2009-06-18 15:53:57 -07:00
dvo_ch7xxx.c drm/i915: Replace DRM_DEBUG with DRM_DEBUG_KMS in DVO output code. 2009-11-05 14:47:12 -08:00
dvo_ch7017.c drm/i915: Replace DRM_DEBUG with DRM_DEBUG_KMS in DVO output code. 2009-11-05 14:47:12 -08:00
dvo_ivch.c drm/i915: Replace DRM_DEBUG with DRM_DEBUG_KMS in DVO output code. 2009-11-05 14:47:12 -08:00
dvo_sil164.c drm/i915: Replace DRM_DEBUG with DRM_DEBUG_KMS in DVO output code. 2009-11-05 14:47:12 -08:00
dvo_tfp410.c drm/i915: Replace DRM_DEBUG with DRM_DEBUG_KMS in DVO output code. 2009-11-05 14:47:12 -08:00
i915_debugfs.c drm/i915: remove full registers dump debug 2010-01-06 09:40:14 -08:00
i915_dma.c drm/i915: enable 36bit physical address for hardware status page 2010-01-15 14:50:14 -08:00
i915_drv.c drm/i915: disable LVDS downclock by default 2010-01-15 14:08:01 -08:00
i915_drv.h drm/i915: parse eDP panel color depth from VBT block 2010-01-15 14:12:47 -08:00
i915_gem.c drm/i915: Prevent use of uninitialized pointers along error path. 2010-01-25 09:00:38 -08:00
i915_gem_debug.c drm/i915: Catch up to obj_priv->page_list rename in disabled debug code. 2009-06-22 20:19:39 -07:00
i915_gem_tiling.c drm/i915: execbuf2 support 2010-01-06 09:39:39 -08:00
i915_ioc32.c drm: convert drm_ioctl to unlocked_ioctl 2009-12-18 11:22:31 +10:00
i915_irq.c drm/i915: remove loop in Ironlake interrupt handler 2010-01-15 11:23:49 -08:00
i915_mem.c drm: Remove memory debugging infrastructure. 2009-06-18 13:00:33 -07:00
i915_opregion.c drm/i915: Fix product names and #defines 2009-12-07 14:55:56 -08:00
i915_reg.h drm/i915: Fix the incorrect cursor A bit definition in DSPFW2 register 2010-01-15 14:06:19 -08:00
i915_suspend.c drm/i915: Fix RC6 suspend/resume 2010-01-06 09:39:53 -08:00
i915_trace.h drm/i915: Enable irq to trace batch buffer completion. 2009-09-29 03:15:25 +01:00
i915_trace_points.c drm/i915: Add tracepoints 2009-09-23 01:05:21 +01:00
intel_bios.c drm/i915: parse eDP panel color depth from VBT block 2010-01-15 14:12:47 -08:00
intel_bios.h drm/i915: parse eDP panel color depth from VBT block 2010-01-15 14:12:47 -08:00
intel_crt.c drm/i915: disable hotplug detect before Ironlake CRT detect 2010-01-25 08:52:54 -08:00
intel_display.c drm/i915: fix pixel color depth setting on eDP 2010-01-15 14:13:06 -08:00
intel_dp.c drm/i915: fix eDP pipe mask 2010-01-15 14:13:18 -08:00
intel_drv.h drm/i915: restore render clock gating on resume 2009-12-08 06:32:51 -08:00
intel_dvo.c drm/i915: Set crtc/clone mask in different output devices 2009-08-24 17:01:33 -07:00
intel_fb.c Merge branch 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6 2009-12-10 21:56:47 -08:00
intel_hdmi.c drm/i915: Don't use the child device parsed from VBT to setup HDMI/DP 2010-01-12 14:40:03 -08:00
intel_i2c.c drm/i915: Fix product names and #defines 2009-12-07 14:55:56 -08:00
intel_lvds.c drm/i915: disable LVDS downclock by default 2010-01-15 14:08:01 -08:00
intel_modes.c drm/i915: Change I2C api to pass around i2c_adapters 2009-06-18 15:53:57 -07:00
intel_overlay.c drm/i915: Fix product names and #defines 2009-12-07 14:55:56 -08:00
intel_sdvo.c drm/i915: try another possible DDC bus for the SDVO device with multiple outputs 2010-01-12 14:54:07 -08:00
intel_sdvo_regs.h drm/i915: enable sdvo lvds scaling function. 2009-07-01 11:44:45 -07:00
intel_tv.c drm/i915: disable TV hotplug status check 2010-01-07 10:00:39 -08:00
Makefile Merge remote branch 'anholt/drm-intel-next' into drm-linus 2009-12-08 14:03:47 +10:00