| Message ID | 1424193281-30401-1-git-send-email-ckeepax@opensource.wolfsonmicro.com (mailing list archive) |
|---|---|
| State | Not Applicable, archived |
| Headers | show |
On 2015? 02? 18? 02:14, Charles Keepax wrote: > The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the > use of the enabled flag, which means that the code may attempt to call > win_enable on a NULL crtc. This results in the following oops on Hmm... it's strange. plane->funcs->destroy() is called prior to crtc->funcs->destroy() so it should be exynos_crtc is not NULL. However, it seems there is any corner case we didn't catch up. Applied. Thanks, Inki Dae > Arndale: > > [ 1.673479] Unable to handle kernel NULL pointer dereference at virtual address 00000368 > [ 1.681500] pgd = c0004000 > [ 1.684154] [00000368] *pgd=00000000 > [ 1.687713] Internal error: Oops: 5 [#1] PREEMPT SMP ARM > [ 1.693012] Modules linked in: > [ 1.696045] CPU: 1 PID: 1 Comm: swapper/0 Not tainted > 3.19.0-07545-g57485fa #1907 > [ 1.703524] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) > (....) > [ 2.014803] [<c02f9cfc>] (exynos_plane_destroy) from [<c02e61b4>] (drm_mode_config_cleanup+0x168/0x20c) > [ 2.024178] [<c02e61b4>] (drm_mode_config_cleanup) from [<c02f66fc>] (exynos_drm_load+0xac/0x12c) > > This patch adds in a check to ensure exynos_crtc is not NULL before it > is dereferenced. > > Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com> > --- > drivers/gpu/drm/exynos/exynos_drm_plane.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/drivers/gpu/drm/exynos/exynos_drm_plane.c b/drivers/gpu/drm/exynos/exynos_drm_plane.c > index 2dfb847..78fc0a1 100644 > --- a/drivers/gpu/drm/exynos/exynos_drm_plane.c > +++ b/drivers/gpu/drm/exynos/exynos_drm_plane.c > @@ -176,7 +176,7 @@ static int exynos_disable_plane(struct drm_plane *plane) > struct exynos_drm_plane *exynos_plane = to_exynos_plane(plane); > struct exynos_drm_crtc *exynos_crtc = to_exynos_crtc(plane->crtc); > > - if (exynos_crtc->ops->win_disable) > + if (exynos_crtc && exynos_crtc->ops->win_disable) > exynos_crtc->ops->win_disable(exynos_crtc, > exynos_plane->zpos); > > -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Mar 06, 2015 at 10:13:42PM +0900, Inki Dae wrote: > On 2015? 02? 18? 02:14, Charles Keepax wrote: > > The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the > > use of the enabled flag, which means that the code may attempt to call > > win_enable on a NULL crtc. This results in the following oops on > > Hmm... it's strange. plane->funcs->destroy() is called prior to > crtc->funcs->destroy() so it should be exynos_crtc is not NULL. However, > it seems there is any corner case we didn't catch up. > > Applied. Thanks, it seems the offending path in an error path, looks like Arndale is missing some required DT setting which causes exynos_drm_load to fail: [ 1.638109] of_graph_get_next_endpoint(): no port node found in /dp-controller@145B0000 [ 1.646424] exynos-drm exynos-drm: bound 14400000.fimd (ops fimd_component_ops) [ 1.652704] /dp-controller@145B0000: could not find display-timings node [ 1.659323] /dp-controller@145B0000: no timings specified [ 1.664709] [drm:exynos_dp_bind] *ERROR* failed: of_get_videomode() : -22 [ 1.671485] exynos-drm exynos-drm: failed to bind 145b0000.dp-controller (ops exynos_dp_ops): -22 Which ends up calling exynos_plane_destroy as part of the clean up: [ 1.698655] [<c0015db4>] (unwind_backtrace) from [<c00121cc>] (show_stack+0x20/0x24) [ 1.706385] [<c00121cc>] (show_stack) from [<c0528230>] (dump_stack+0x78/0xc4) [ 1.713588] [<c0528230>] (dump_stack) from [<c02f72ec>] (exynos_disable_plane+0x2c/0x60) [ 1.721660] [<c02f72ec>] (exynos_disable_plane) from [<c02f733c>] (exynos_plane_destroy+0x1c/0x30) [ 1.730605] [<c02f733c>] (exynos_plane_destroy) from [<c02e37c4>] (drm_mode_config_cleanup+0x168/0x20c) [ 1.739982] [<c02e37c4>] (drm_mode_config_cleanup) from [<c02f3d18>] (exynos_drm_load+0xac/0x12c) [ 1.748832] [<c02f3d18>] (exynos_drm_load) from [<c02dc074>] (drm_dev_register+0xb0/0x110) [ 1.757075] [<c02dc074>] (drm_dev_register) from [<c02ddc88>] (drm_platform_init+0x50/0xe0) [ 1.765405] [<c02ddc88>] (drm_platform_init) from [<c02f3a08>] (exynos_drm_bind+0x20/0x28) [ 1.773655] [<c02f3a08>] (exynos_drm_bind) from [<c02fe664>] (try_to_bring_up_master.part.1+0xd8/0x114) [ 1.783027] [<c02fe664>] (try_to_bring_up_master.part.1) from [<c02fe754>] (component_master_add_with_match+0xb4/0x134) [ 1.793792] [<c02fe754>] (component_master_add_with_match) from [<c02f3e94>] (exynos_drm_platform_probe+0xfc/0x124) [ 1.804207] [<c02f3e94>] (exynos_drm_platform_probe) from [<c0304a44>] (platform_drv_probe+0x58/0xb4) [ 1.813411] [<c0304a44>] (platform_drv_probe) from [<c0302fa8>] (driver_probe_device+0x11c/0x23c) [ 1.822261] [<c0302fa8>] (driver_probe_device) from [<c0303164>] (__driver_attach+0x9c/0xa0) [ 1.830679] [<c0303164>] (__driver_attach) from [<c03014a0>] (bus_for_each_dev+0x64/0x98) [ 1.838838] [<c03014a0>] (bus_for_each_dev) from [<c0302a4c>] (driver_attach+0x2c/0x30) [ 1.846824] [<c0302a4c>] (driver_attach) from [<c030269c>] (bus_add_driver+0xe8/0x1e4) [ 1.854722] [<c030269c>] (bus_add_driver) from [<c0303ad8>] (driver_register+0x88/0x104) [ 1.862794] [<c0303ad8>] (driver_register) from [<c03048ac>] (__platform_driver_register+0x58/0x6c) [ 1.871827] [<c03048ac>] (__platform_driver_register) from [<c02f3f84>] (exynos_drm_init+0xc8/0x124) [ 1.880936] [<c02f3f84>] (exynos_drm_init) from [<c00089f4>] (do_one_initcall+0x90/0x1e0) [ 1.889096] [<c00089f4>] (do_one_initcall) from [<c08b2e24>] (kernel_init_freeable+0x114/0x1e0) [ 1.897779] [<c08b2e24>] (kernel_init_freeable) from [<c05235ac>] (kernel_init+0x18/0xfc) [ 1.905934] [<c05235ac>] (kernel_init) from [<c000efa0>] (ret_from_fork+0x14/0x34) Hope that helps some, afraid I am not really familiar enough with the graphics stack to chase that down much more though. Thanks, Charles -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2015? 03? 06? 23:04, Charles Keepax wrote: > On Fri, Mar 06, 2015 at 10:13:42PM +0900, Inki Dae wrote: >> On 2015? 02? 18? 02:14, Charles Keepax wrote: >>> The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the >>> use of the enabled flag, which means that the code may attempt to call >>> win_enable on a NULL crtc. This results in the following oops on >> >> Hmm... it's strange. plane->funcs->destroy() is called prior to >> crtc->funcs->destroy() so it should be exynos_crtc is not NULL. However, >> it seems there is any corner case we didn't catch up. >> >> Applied. > > Thanks, it seems the offending path in an error path, looks like > Arndale is missing some required DT setting which causes > exynos_drm_load to fail: Right. With quick look, it seems that this issue is incurred because it tried to access plane->crtc object to call win_disable callback of FIMD driver before mode_set callback is called: plane->crtc would be set by mode_set callback so if it has no pair of encoder and crtc then the plane can never point a crtc object created by FIMD driver. Thanks, Inki Dae > > [ 1.638109] of_graph_get_next_endpoint(): no port node found in /dp-controller@145B0000 > [ 1.646424] exynos-drm exynos-drm: bound 14400000.fimd (ops fimd_component_ops) > [ 1.652704] /dp-controller@145B0000: could not find display-timings node > [ 1.659323] /dp-controller@145B0000: no timings specified > [ 1.664709] [drm:exynos_dp_bind] *ERROR* failed: of_get_videomode() : -22 > [ 1.671485] exynos-drm exynos-drm: failed to bind 145b0000.dp-controller (ops exynos_dp_ops): -22 > > Which ends up calling exynos_plane_destroy as part of the clean up: > > [ 1.698655] [<c0015db4>] (unwind_backtrace) from [<c00121cc>] (show_stack+0x20/0x24) > [ 1.706385] [<c00121cc>] (show_stack) from [<c0528230>] (dump_stack+0x78/0xc4) > [ 1.713588] [<c0528230>] (dump_stack) from [<c02f72ec>] (exynos_disable_plane+0x2c/0x60) > [ 1.721660] [<c02f72ec>] (exynos_disable_plane) from [<c02f733c>] (exynos_plane_destroy+0x1c/0x30) > [ 1.730605] [<c02f733c>] (exynos_plane_destroy) from [<c02e37c4>] (drm_mode_config_cleanup+0x168/0x20c) > [ 1.739982] [<c02e37c4>] (drm_mode_config_cleanup) from [<c02f3d18>] (exynos_drm_load+0xac/0x12c) > [ 1.748832] [<c02f3d18>] (exynos_drm_load) from [<c02dc074>] (drm_dev_register+0xb0/0x110) > [ 1.757075] [<c02dc074>] (drm_dev_register) from [<c02ddc88>] (drm_platform_init+0x50/0xe0) > [ 1.765405] [<c02ddc88>] (drm_platform_init) from [<c02f3a08>] (exynos_drm_bind+0x20/0x28) > [ 1.773655] [<c02f3a08>] (exynos_drm_bind) from [<c02fe664>] (try_to_bring_up_master.part.1+0xd8/0x114) > [ 1.783027] [<c02fe664>] (try_to_bring_up_master.part.1) from [<c02fe754>] (component_master_add_with_match+0xb4/0x134) > [ 1.793792] [<c02fe754>] (component_master_add_with_match) from [<c02f3e94>] (exynos_drm_platform_probe+0xfc/0x124) > [ 1.804207] [<c02f3e94>] (exynos_drm_platform_probe) from [<c0304a44>] (platform_drv_probe+0x58/0xb4) > [ 1.813411] [<c0304a44>] (platform_drv_probe) from [<c0302fa8>] (driver_probe_device+0x11c/0x23c) > [ 1.822261] [<c0302fa8>] (driver_probe_device) from [<c0303164>] (__driver_attach+0x9c/0xa0) > [ 1.830679] [<c0303164>] (__driver_attach) from [<c03014a0>] (bus_for_each_dev+0x64/0x98) > [ 1.838838] [<c03014a0>] (bus_for_each_dev) from [<c0302a4c>] (driver_attach+0x2c/0x30) > [ 1.846824] [<c0302a4c>] (driver_attach) from [<c030269c>] (bus_add_driver+0xe8/0x1e4) > [ 1.854722] [<c030269c>] (bus_add_driver) from [<c0303ad8>] (driver_register+0x88/0x104) > [ 1.862794] [<c0303ad8>] (driver_register) from [<c03048ac>] (__platform_driver_register+0x58/0x6c) > [ 1.871827] [<c03048ac>] (__platform_driver_register) from [<c02f3f84>] (exynos_drm_init+0xc8/0x124) > [ 1.880936] [<c02f3f84>] (exynos_drm_init) from [<c00089f4>] (do_one_initcall+0x90/0x1e0) > [ 1.889096] [<c00089f4>] (do_one_initcall) from [<c08b2e24>] (kernel_init_freeable+0x114/0x1e0) > [ 1.897779] [<c08b2e24>] (kernel_init_freeable) from [<c05235ac>] (kernel_init+0x18/0xfc) > [ 1.905934] [<c05235ac>] (kernel_init) from [<c000efa0>] (ret_from_fork+0x14/0x34) > > Hope that helps some, afraid I am not really familiar enough with > the graphics stack to chase that down much more though. > > Thanks, > Charles > -- > To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/gpu/drm/exynos/exynos_drm_plane.c b/drivers/gpu/drm/exynos/exynos_drm_plane.c index 2dfb847..78fc0a1 100644 --- a/drivers/gpu/drm/exynos/exynos_drm_plane.c +++ b/drivers/gpu/drm/exynos/exynos_drm_plane.c @@ -176,7 +176,7 @@ static int exynos_disable_plane(struct drm_plane *plane) struct exynos_drm_plane *exynos_plane = to_exynos_plane(plane); struct exynos_drm_crtc *exynos_crtc = to_exynos_crtc(plane->crtc); - if (exynos_crtc->ops->win_disable) + if (exynos_crtc && exynos_crtc->ops->win_disable) exynos_crtc->ops->win_disable(exynos_crtc, exynos_plane->zpos);
The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the use of the enabled flag, which means that the code may attempt to call win_enable on a NULL crtc. This results in the following oops on Arndale: [ 1.673479] Unable to handle kernel NULL pointer dereference at virtual address 00000368 [ 1.681500] pgd = c0004000 [ 1.684154] [00000368] *pgd=00000000 [ 1.687713] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 1.693012] Modules linked in: [ 1.696045] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 3.19.0-07545-g57485fa #1907 [ 1.703524] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) (....) [ 2.014803] [<c02f9cfc>] (exynos_plane_destroy) from [<c02e61b4>] (drm_mode_config_cleanup+0x168/0x20c) [ 2.024178] [<c02e61b4>] (drm_mode_config_cleanup) from [<c02f66fc>] (exynos_drm_load+0xac/0x12c) This patch adds in a check to ensure exynos_crtc is not NULL before it is dereferenced. Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com> --- drivers/gpu/drm/exynos/exynos_drm_plane.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)