From b19729617929fff8217708f6e960cd85e6f53da2 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Mon, 21 Jul 2014 13:54:41 +1000 Subject: [PATCH] drm/i915: fix psr match conditions screw ups. Not enough brown paper bags, you'll have to share one. (oops below). The initial match condition code was racy (locking is coming I hear). then along came: cd234b0bfd5ab012e42274b24aae420fa1823d58 drm/i915: Do not dereference NULL crtc or fb until after checking Chris made an attempt to fix it, Ben "reviewed" it. Daniel merged it. Then drm/i915: Make use of intel_fb_obj() (v2) 2ff8fde1ea0992dfd735dce94f8cae2aacff8e5c made it worse by removing the obj check later. All in all, my laptop can't barely turn off the display without hitting this. Posted to #intel-gfx out of niceness, but I've merged this already into drm-next. Here's an oops. [ 11.528185] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0 [ 11.528233] IP: [] intel_edp_psr_match_conditions+0x1e/0x2e0 [i915] [ 11.528294] PGD 35bc0067 PUD c997c067 PMD 0 [ 11.528321] Oops: 0000 [#1] SMP [ 11.528916] CPU: 3 PID: 244 Comm: kworker/3:2 Not tainted 3.16.0-rc4+ #17 [ 11.528949] Hardware name: LENOVO 20ARS25701/20ARS25701, BIOS GJET72WW (2.22 ) 02/21/2014 [ 11.529004] Workqueue: events intel_edp_psr_work [i915] [ 11.529031] task: ffff8803079fdaa0 ti: ffff8803079c4000 task.ti: ffff8803079c4000 [ 11.529067] RIP: 0010:[] [] intel_edp_psr_match_conditions+0x1e/0x2e0 [i915] [ 11.529129] RSP: 0018:ffff8803079c7d40 EFLAGS: 00010246 [ 11.529155] RAX: 0000000000000000 RBX: ffff88030c11c000 RCX: c000000000000000 [ 11.529189] RDX: 0000000000000001 RSI: 1df0000000000000 RDI: ffff88030c1190d8 [ 11.529222] RBP: ffff8803079c7d60 R08: ffffffff82691140 R09: 0000000000000000 [ 11.529256] R10: ffff8803079fdaa0 R11: 3e00000000000000 R12: ffff88030c11c728 [ 11.529290] R13: ffff88030c1190d8 R14: ffff88031e2d8e00 R15: 00000000000000c0 [ 11.529324] FS: 0000000000000000(0000) GS:ffff88031e2c0000(0000) knlGS:0000000000000000 [ 11.529361] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 11.529389] CR2: 00000000000000d0 CR3: 00000000c8d9d000 CR4: 00000000001407e0 [ 11.529423] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 11.529457] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 11.529489] Stack: [ 11.529500] ffff88030c119000 ffff88030c11c728 ffff88030c1190d8 ffff88031e2d8e00 [ 11.529541] ffff8803079c7d88 ffffffffa01679b2 ffff880035b29a80 ffff880307909f00 [ 11.529583] ffff88031e2d4740 ffff8803079c7df8 ffffffff810a78ab ffffffff810a7849 [ 11.529624] Call Trace: [ 11.529654] [] intel_edp_psr_work+0x52/0x90 [i915] [ 11.529689] [] process_one_work+0x1db/0x540 [ 11.529719] [] ? process_one_work+0x179/0x540 [ 11.529750] [] worker_thread+0x11d/0x520 [ 11.529779] [] ? create_and_start_worker+0x60/0x60 [ 11.529810] [] kthread+0xe4/0x100 [ 11.529836] [] ? kthread_create_on_node+0x200/0x200 [ 11.529870] [] ret_from_fork+0x7c/0xb0 [ 11.529896] [] ? kthread_create_on_node+0x200/0x200 [ 11.529926] Code: ba 31 13 f0 c9 85 f6 75 84 eb d0 66 90 0f 1f 44 00 00 55 48 89 e5 41 56 41 55 41 54 53 48 8b 87 68 ff ff ff 48 8b 9f 28 ff ff ff <48> 8b 80 d0 00 00 00 4c 8b 63 28 48 8b 40 48 48 85 c0 0f 84 1a [ 11.530110] RIP [] intel_edp_psr_match_conditions+0x1e/0x2e0 [i915] [ 11.530163] RSP [ 11.530180] CR2: 00000000000000d0 Signed-off-by: Dave Airlie --- drivers/gpu/drm/i915/intel_dp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c index c06a62a405b6..30816b3b0742 100644 --- a/drivers/gpu/drm/i915/intel_dp.c +++ b/drivers/gpu/drm/i915/intel_dp.c @@ -1767,9 +1767,9 @@ static bool intel_edp_psr_match_conditions(struct intel_dp *intel_dp) struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp); struct drm_device *dev = dig_port->base.base.dev; struct drm_i915_private *dev_priv = dev->dev_private; - struct drm_crtc *crtc = dig_port->base.base.crtc; - struct intel_crtc *intel_crtc = to_intel_crtc(crtc); - struct drm_i915_gem_object *obj = intel_fb_obj(crtc->primary->fb); + struct drm_crtc *crtc; + struct intel_crtc *intel_crtc; + struct drm_i915_gem_object *obj; struct intel_encoder *intel_encoder = &dp_to_dig_port(intel_dp)->base; dev_priv->psr.source_ok = false; @@ -1802,6 +1802,7 @@ static bool intel_edp_psr_match_conditions(struct intel_dp *intel_dp) return false; } + obj = intel_fb_obj(crtc->primary->fb); if (obj->tiling_mode != I915_TILING_X || obj->fence_reg == I915_FENCE_REG_NONE) { DRM_DEBUG_KMS("PSR condition failed: fb not tiled or fenced\n"); -- 2.20.1