linux/drivers/gpu/drm/nouveau
Maarten Lankhorst e4604d8fe8 drm/nouveau: fix NULL ptr dereference from nv50_disp_intr()
Op 23-03-13 12:47, Peter Hurley schreef:
> On Tue, 2013-03-19 at 11:13 -0400, Peter Hurley wrote:
>> On vanilla 3.9.0-rc3, I get this 100% repeatable oops after login when
>> the user X session is coming up:
> Perhaps I wasn't clear that this happens on every boot and is a
> regression from 3.8
>
> I'd be happy to help resolve this but time is of the essence; it would
> be a shame to have to revert all of this for 3.9

Well it broke on my system too, so it was easy to fix.

I didn't even need gdm to trigger it!

>8----
This fixes regression caused by 1d7c71a3e2 (drm/nouveau/disp: port vblank handling to event interface),

which causes a oops in the following way:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
IP: [<0000000000000001>] 0x0
PGD 0
Oops: 0010 [#1] PREEMPT SMP
Modules linked in: ip6table_filter ip6_tables ebtable_nat ebtables ...<snip>...
CPU 3
Pid: 0, comm: swapper/3 Not tainted 3.9.0-rc3-xeon #rc3 Dell Inc. Precision WorkStation T5400  /0RW203
RIP: 0010:[<0000000000000001>]  [<0000000000000001>] 0x0
RSP: 0018:ffff8802afcc3d80  EFLAGS: 00010087
RAX: ffff88029f6e5808 RBX: 0000000000000001 RCX: 0000000000000000
RDX: 0000000000000096 RSI: 0000000000000001 RDI: ffff88029f6e5808
RBP: ffff8802afcc3dc8 R08: 0000000000000000 R09: 0000000000000004
R10: 000000000000002c R11: ffff88029e559a98 R12: ffff8802a376cb78
R13: ffff88029f6e57e0 R14: ffff88029f6e57f8 R15: ffff88029f6e5808
FS:  0000000000000000(0000) GS:ffff8802afcc0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000000001 CR3: 000000029fa67000 CR4: 00000000000007e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper/3 (pid: 0, threadinfo ffff8802a355e000, task ffff8802a3535c40)
Stack:
 ffffffffa0159d8a 0000000000000082 ffff88029f6e5820 0000000000000001
 ffff88029f71aa00 0000000000000000 0000000000000000 0000000004000000
 0000000004000000 ffff8802afcc3e38 ffffffffa01843b5 ffff8802afcc3df8
Call Trace:
 <IRQ>
 [<ffffffffa0159d8a>] ? nouveau_event_trigger+0xaa/0xe0 [nouveau]
 [<ffffffffa01843b5>] nv50_disp_intr+0xc5/0x200 [nouveau]
 [<ffffffff816fbacc>] ? _raw_spin_unlock_irqrestore+0x2c/0x50
 [<ffffffff816ff98d>] ? notifier_call_chain+0x4d/0x70
 [<ffffffffa017a105>] nouveau_mc_intr+0xb5/0x110 [nouveau]
 [<ffffffffa01d45ff>] nouveau_irq_handler+0x6f/0x80 [nouveau]
 [<ffffffff810eec95>] handle_irq_event_percpu+0x75/0x260
 [<ffffffff810eeec8>] handle_irq_event+0x48/0x70
 [<ffffffff810f205a>] handle_fasteoi_irq+0x5a/0x100
 [<ffffffff810182f2>] handle_irq+0x22/0x40
 [<ffffffff8170561a>] do_IRQ+0x5a/0xd0
 [<ffffffff816fc2ad>] common_interrupt+0x6d/0x6d
 <EOI>
 [<ffffffff810449b6>] ? native_safe_halt+0x6/0x10
 [<ffffffff8101ea1d>] default_idle+0x3d/0x170
 [<ffffffff8101f736>] cpu_idle+0x116/0x130
 [<ffffffff816e2a06>] start_secondary+0x251/0x258
Code:  Bad RIP value.
RIP  [<0000000000000001>] 0x0
 RSP <ffff8802afcc3d80>
CR2: 0000000000000001
---[ end trace 907323cb8ce6f301 ]---

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@canonical.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
2013-03-29 13:45:04 +10:00
..
core drm/nouveau/core: fix return value of nouveau_object_del() 2013-03-19 15:26:30 +10:00
Kconfig Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next 2013-02-20 17:54:13 +10:00
Makefile drm/nouveau: restore debugfs/vbios.rom support 2013-02-20 20:46:34 +10:00
nouveau_abi16.c drm/nouveau: fix handling empty channel list in ioctl's 2013-03-29 13:44:57 +10:00
nouveau_abi16.h
nouveau_acpi.c drm/nouveau: Add interface to detect optimus and v1 support 2012-11-29 09:57:59 +10:00
nouveau_acpi.h nouveau: ACPI support depends on X86 and X86_PLATFORM_DEVICES 2013-02-20 16:05:16 +10:00
nouveau_agp.c drm/nouveau: Disable AGP on PowerPC again. 2013-03-04 11:46:12 +10:00
nouveau_agp.h
nouveau_backlight.c drm/nouveau: handle backlight_device_register failure 2013-02-20 16:00:39 +10:00
nouveau_bios.c drm/nv50: initial kms support for off-chip TMDS/DP encoders 2013-02-20 16:01:05 +10:00
nouveau_bios.h drm/nouveau: remove some more unnecessary legacy bios code 2013-02-20 16:00:27 +10:00
nouveau_bo.c drm/nv50: use correct tiling methods for m2mf buffer moves 2013-03-11 08:43:09 +10:00
nouveau_bo.h drm/nouveau: use prime helpers 2013-02-08 13:39:09 +10:00
nouveau_calc.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_chan.c drm/nv84-/fence: prepare for emit/sync support of sysram sequences 2013-02-20 16:00:53 +10:00
nouveau_chan.h
nouveau_connector.c drm/nouveau: store i2c port pointer directly in nouveau_encoder 2013-02-20 16:00:56 +10:00
nouveau_connector.h drm/nouveau/gpio: use event interfaces for interrupt signalling 2013-02-20 16:00:50 +10:00
nouveau_crtc.h drm/nouveau: rename nvd0_display to nv50_display to reflect reality since merge 2012-11-29 09:57:58 +10:00
nouveau_debugfs.c drm/nouveau: restore debugfs/vbios.rom support 2013-02-20 20:46:34 +10:00
nouveau_debugfs.h drm/nouveau: restore debugfs/vbios.rom support 2013-02-20 20:46:34 +10:00
nouveau_display.c Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next 2013-02-20 17:54:13 +10:00
nouveau_display.h drm/nouveau/disp: port vblank handling to event interface 2013-02-20 16:00:46 +10:00
nouveau_dma.c
nouveau_dma.h drm/nouveau/fence/nv84-: put processes to sleep while waiting on fences 2013-02-20 16:00:48 +10:00
nouveau_dp.c drm/nv50-/disp: move DP link training to core and train from supervisor 2013-02-20 16:01:02 +10:00
nouveau_drm.c drm/nouveau: fix NULL ptr dereference from nv50_disp_intr() 2013-03-29 13:45:04 +10:00
nouveau_drm.h drm/nouveau: fix NULL ptr dereference from nv50_disp_intr() 2013-03-29 13:45:04 +10:00
nouveau_encoder.h drm/nouveau: store i2c port pointer directly in nouveau_encoder 2013-02-20 16:00:56 +10:00
nouveau_fbcon.c drm/<drivers>: simplify ->fb_probe callback 2013-02-14 00:07:58 +01:00
nouveau_fbcon.h Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_fence.c drm/nv84-/fence: prepare for emit/sync support of sysram sequences 2013-02-20 16:00:53 +10:00
nouveau_fence.h drm/nv84-/fence: prepare for emit/sync support of sysram sequences 2013-02-20 16:00:53 +10:00
nouveau_gem.c Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next 2013-02-20 17:54:13 +10:00
nouveau_gem.h drm/nouveau: use prime helpers 2013-02-08 13:39:09 +10:00
nouveau_hw.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_hw.h Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_hwsq.h
nouveau_ioc32.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_ioctl.h
nouveau_irq.c drm/nv50/disp: move remaining interrupt handling into core 2012-11-29 09:57:52 +10:00
nouveau_irq.h
nouveau_mem.c
nouveau_perf.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nouveau_pm.c drm/nouveau/hwmon: do not expose a buggy temperature if it is unavailable 2013-03-18 11:15:27 +10:00
nouveau_pm.h
nouveau_prime.c drm/nouveau: use prime helpers 2013-02-08 13:39:09 +10:00
nouveau_reg.h
nouveau_sgdma.c
nouveau_ttm.c
nouveau_ttm.h
nouveau_vga.c drm/nouveau: convert to dev_pm_ops 2012-11-29 09:58:00 +10:00
nouveau_vga.h
nouveau_volt.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nv04_crtc.c drm/nouveau: unpin various bo's before destroying 2012-11-29 09:58:11 +10:00
nv04_cursor.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nv04_dac.c drm/nouveau: silence modesetting spam on pre-gf8 chipsets 2012-10-31 10:57:53 +10:00
nv04_dfp.c drm/nouveau: Fix DPMS 1 on G4 Snowball, from snow white to coal black. 2013-02-20 16:00:55 +10:00
nv04_display.c Merge branch 'drm-nouveau-next' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next 2013-02-20 17:54:13 +10:00
nv04_display.h drm/nouveau/disp/nv04: implement a base display object class 2013-02-20 16:00:45 +10:00
nv04_fbcon.c
nv04_fence.c drm/nouveau/fence: make internal hooks part of the context 2013-02-20 16:00:53 +10:00
nv04_pm.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nv04_tv.c drm/nouveau: use i2c encoder helper wrappers 2013-02-17 17:55:43 -05:00
nv10_fence.c drm/nouveau/fence: make internal hooks part of the context 2013-02-20 16:00:53 +10:00
nv10_fence.h drm/nouveau: share fence structures between nv10+ and nv50 implementations 2013-02-20 16:00:34 +10:00
nv17_fence.c drm/nouveau/fence: make internal hooks part of the context 2013-02-20 16:00:53 +10:00
nv17_tv_modes.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nv17_tv.c drm: encapsulate crtc->set_config calls 2013-01-20 15:57:58 +01:00
nv17_tv.h
nv40_pm.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nv50_display.c drm/nv50/kms: prevent lockdep false-positive in page flipping path 2013-03-19 15:26:38 +10:00
nv50_display.h drm/nouveau: rename nvd0_display to nv50_display to reflect reality since merge 2012-11-29 09:57:58 +10:00
nv50_fbcon.c
nv50_fence.c drm/nouveau/fence: make internal hooks part of the context 2013-02-20 16:00:53 +10:00
nv50_pm.c drm/nv50-nvc0: switch to common disp impl, removing previous version 2012-11-29 09:57:58 +10:00
nv84_fence.c drm/nv84-/fence: prepare for emit/sync support of sysram sequences 2013-02-20 16:00:53 +10:00
nva3_pm.c Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2012-10-03 23:29:23 -07:00
nvc0_fbcon.c
nvc0_fence.c drm/nv84-/fence: prepare for emit/sync support of sysram sequences 2013-02-20 16:00:53 +10:00
nvc0_pm.c
nvreg.h