diff mbox series

drm/modes: Prevent division by zero htotal

Message ID 1548228539-3061-1-git-send-email-tina.zhang@intel.com (mailing list archive)
State New, archived
Headers show
Series drm/modes: Prevent division by zero htotal | expand

Commit Message

Zhang, Tina Jan. 23, 2019, 7:28 a.m. UTC
This patch prevents division by zero htotal.

Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Cc: Adam Jackson <ajax@redhat.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
---
 drivers/gpu/drm/drm_modes.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Daniel Vetter Jan. 23, 2019, 10:56 a.m. UTC | #1
On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote:
> This patch prevents division by zero htotal.

How did you manage to get here with htotal == 0? This needs backtraces
(or if this is just about static checkers, a mention of that).
-Daniel

> 
> Signed-off-by: Tina Zhang <tina.zhang@intel.com>
> Cc: Adam Jackson <ajax@redhat.com>
> Cc: Dave Airlie <airlied@redhat.com>
> Cc: Daniel Vetter <daniel@ffwll.ch>
> ---
>  drivers/gpu/drm/drm_modes.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
> index adce9a2..59b92b1 100644
> --- a/drivers/gpu/drm/drm_modes.c
> +++ b/drivers/gpu/drm/drm_modes.c
> @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct drm_display_mode *mode)
>  	if (mode->hsync)
>  		return mode->hsync;
>  
> -	if (mode->htotal < 0)
> +	if (mode->htotal <= 0)
>  		return 0;
>  
>  	calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
> -- 
> 2.7.4
>
Zhang, Tina Jan. 24, 2019, 7:11 a.m. UTC | #2
> -----Original Message-----
> From: Daniel Vetter [mailto:daniel.vetter@ffwll.ch] On Behalf Of Daniel Vetter
> Sent: Wednesday, January 23, 2019 6:56 PM
> To: Zhang, Tina <tina.zhang@intel.com>
> Cc: intel-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org; Adam
> Jackson <ajax@redhat.com>; Dave Airlie <airlied@redhat.com>; Daniel Vetter
> <daniel@ffwll.ch>
> Subject: Re: [PATCH] drm/modes: Prevent division by zero htotal
> 
> On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote:
> > This patch prevents division by zero htotal.
> 
> How did you manage to get here with htotal == 0? This needs backtraces (or if
> this is just about static checkers, a mention of that).
> -Daniel

In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe
(a.k.a htotal=0), then we met the following kernel panic:

[   32.832048] divide error: 0000 [#1] SMP PTI
[   32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33
[   32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014
[   32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40
[   32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
[   32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
[   32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
[   32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
[   32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
[   32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
[   32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
[   32.836004] FS:  0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
[   32.836004] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
[   32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   32.836004] Call Trace:
[   32.836004]  intel_mode_from_pipe_config+0x72/0x90
[   32.836004]  intel_modeset_setup_hw_state+0x569/0xf90
[   32.836004]  intel_modeset_init+0x905/0x1db0
[   32.836004]  i915_driver_load+0xb8c/0x1120
[   32.836004]  i915_pci_probe+0x4d/0xb0
[   32.836004]  local_pci_probe+0x44/0xa0
[   32.836004]  ? pci_assign_irq+0x27/0x130
[   32.836004]  pci_device_probe+0x102/0x1c0
[   32.836004]  driver_probe_device+0x2b8/0x480
[   32.836004]  __driver_attach+0x109/0x110
[   32.836004]  ? driver_probe_device+0x480/0x480
[   32.836004]  bus_for_each_dev+0x67/0xc0
[   32.836004]  ? klist_add_tail+0x3b/0x70
[   32.836004]  bus_add_driver+0x1e8/0x260
[   32.836004]  driver_register+0x5b/0xe0
[   32.836004]  ? mipi_dsi_bus_init+0x11/0x11
[   32.836004]  do_one_initcall+0x4d/0x1eb
[   32.836004]  kernel_init_freeable+0x197/0x237
[   32.836004]  ? rest_init+0xd0/0xd0
[   32.836004]  kernel_init+0xa/0x110
[   32.836004]  ret_from_fork+0x35/0x40
[   32.836004] Modules linked in:
[   32.859183] ---[ end trace 525608b0ed0e8665 ]---
[   32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40
[   32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
[   32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
[   32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
[   32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
[   32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
[   32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
[   32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
[   32.868075] FS:  0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
[   32.868983] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
[   32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b

Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0.

Thanks.

BR,
Tina
> 
> >
> > Signed-off-by: Tina Zhang <tina.zhang@intel.com>
> > Cc: Adam Jackson <ajax@redhat.com>
> > Cc: Dave Airlie <airlied@redhat.com>
> > Cc: Daniel Vetter <daniel@ffwll.ch>
> > ---
> >  drivers/gpu/drm/drm_modes.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
> > index adce9a2..59b92b1 100644
> > --- a/drivers/gpu/drm/drm_modes.c
> > +++ b/drivers/gpu/drm/drm_modes.c
> > @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct
> drm_display_mode *mode)
> >  	if (mode->hsync)
> >  		return mode->hsync;
> >
> > -	if (mode->htotal < 0)
> > +	if (mode->htotal <= 0)
> >  		return 0;
> >
> >  	calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
> > --
> > 2.7.4
> >
> 
> --
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch
Daniel Vetter Jan. 24, 2019, 9:59 a.m. UTC | #3
On Thu, Jan 24, 2019 at 07:11:53AM +0000, Zhang, Tina wrote:
> 
> 
> > -----Original Message-----
> > From: Daniel Vetter [mailto:daniel.vetter@ffwll.ch] On Behalf Of Daniel Vetter
> > Sent: Wednesday, January 23, 2019 6:56 PM
> > To: Zhang, Tina <tina.zhang@intel.com>
> > Cc: intel-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org; Adam
> > Jackson <ajax@redhat.com>; Dave Airlie <airlied@redhat.com>; Daniel Vetter
> > <daniel@ffwll.ch>
> > Subject: Re: [PATCH] drm/modes: Prevent division by zero htotal
> > 
> > On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote:
> > > This patch prevents division by zero htotal.
> > 
> > How did you manage to get here with htotal == 0? This needs backtraces (or if
> > this is just about static checkers, a mention of that).
> > -Daniel
> 
> In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe
> (a.k.a htotal=0), then we met the following kernel panic:
> 
> [   32.832048] divide error: 0000 [#1] SMP PTI
> [   32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33
> [   32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014
> [   32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40
> [   32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
> [   32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
> [   32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
> [   32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
> [   32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
> [   32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
> [   32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
> [   32.836004] FS:  0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
> [   32.836004] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
> [   32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [   32.836004] Call Trace:
> [   32.836004]  intel_mode_from_pipe_config+0x72/0x90
> [   32.836004]  intel_modeset_setup_hw_state+0x569/0xf90
> [   32.836004]  intel_modeset_init+0x905/0x1db0
> [   32.836004]  i915_driver_load+0xb8c/0x1120
> [   32.836004]  i915_pci_probe+0x4d/0xb0
> [   32.836004]  local_pci_probe+0x44/0xa0
> [   32.836004]  ? pci_assign_irq+0x27/0x130
> [   32.836004]  pci_device_probe+0x102/0x1c0
> [   32.836004]  driver_probe_device+0x2b8/0x480
> [   32.836004]  __driver_attach+0x109/0x110
> [   32.836004]  ? driver_probe_device+0x480/0x480
> [   32.836004]  bus_for_each_dev+0x67/0xc0
> [   32.836004]  ? klist_add_tail+0x3b/0x70
> [   32.836004]  bus_add_driver+0x1e8/0x260
> [   32.836004]  driver_register+0x5b/0xe0
> [   32.836004]  ? mipi_dsi_bus_init+0x11/0x11
> [   32.836004]  do_one_initcall+0x4d/0x1eb
> [   32.836004]  kernel_init_freeable+0x197/0x237
> [   32.836004]  ? rest_init+0xd0/0xd0
> [   32.836004]  kernel_init+0xa/0x110
> [   32.836004]  ret_from_fork+0x35/0x40
> [   32.836004] Modules linked in:
> [   32.859183] ---[ end trace 525608b0ed0e8665 ]---
> [   32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40
> [   32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
> [   32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
> [   32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
> [   32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
> [   32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
> [   32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
> [   32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
> [   32.868075] FS:  0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
> [   32.868983] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [   32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
> [   32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [   32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [   32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
> 
> Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0.

Hm ok, makes sense. And drm_mode_vrefresh also has that check. I'll add
your backtrace and merge the patch.

Thanks, Daniel

> 
> Thanks.
> 
> BR,
> Tina
> > 
> > >
> > > Signed-off-by: Tina Zhang <tina.zhang@intel.com>
> > > Cc: Adam Jackson <ajax@redhat.com>
> > > Cc: Dave Airlie <airlied@redhat.com>
> > > Cc: Daniel Vetter <daniel@ffwll.ch>
> > > ---
> > >  drivers/gpu/drm/drm_modes.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
> > > index adce9a2..59b92b1 100644
> > > --- a/drivers/gpu/drm/drm_modes.c
> > > +++ b/drivers/gpu/drm/drm_modes.c
> > > @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct
> > drm_display_mode *mode)
> > >  	if (mode->hsync)
> > >  		return mode->hsync;
> > >
> > > -	if (mode->htotal < 0)
> > > +	if (mode->htotal <= 0)
> > >  		return 0;
> > >
> > >  	calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
> > > --
> > > 2.7.4
> > >
> > 
> > --
> > Daniel Vetter
> > Software Engineer, Intel Corporation
> > http://blog.ffwll.ch
diff mbox series

Patch

diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
index adce9a2..59b92b1 100644
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -751,7 +751,7 @@  int drm_mode_hsync(const struct drm_display_mode *mode)
 	if (mode->hsync)
 		return mode->hsync;
 
-	if (mode->htotal < 0)
+	if (mode->htotal <= 0)
 		return 0;
 
 	calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */