| Message ID | 1548228539-3061-1-git-send-email-tina.zhang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/modes: Prevent division by zero htotal | expand |
On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote: > This patch prevents division by zero htotal. How did you manage to get here with htotal == 0? This needs backtraces (or if this is just about static checkers, a mention of that). -Daniel > > Signed-off-by: Tina Zhang <tina.zhang@intel.com> > Cc: Adam Jackson <ajax@redhat.com> > Cc: Dave Airlie <airlied@redhat.com> > Cc: Daniel Vetter <daniel@ffwll.ch> > --- > drivers/gpu/drm/drm_modes.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c > index adce9a2..59b92b1 100644 > --- a/drivers/gpu/drm/drm_modes.c > +++ b/drivers/gpu/drm/drm_modes.c > @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct drm_display_mode *mode) > if (mode->hsync) > return mode->hsync; > > - if (mode->htotal < 0) > + if (mode->htotal <= 0) > return 0; > > calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */ > -- > 2.7.4 >
> -----Original Message----- > From: Daniel Vetter [mailto:daniel.vetter@ffwll.ch] On Behalf Of Daniel Vetter > Sent: Wednesday, January 23, 2019 6:56 PM > To: Zhang, Tina <tina.zhang@intel.com> > Cc: intel-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org; Adam > Jackson <ajax@redhat.com>; Dave Airlie <airlied@redhat.com>; Daniel Vetter > <daniel@ffwll.ch> > Subject: Re: [PATCH] drm/modes: Prevent division by zero htotal > > On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote: > > This patch prevents division by zero htotal. > > How did you manage to get here with htotal == 0? This needs backtraces (or if > this is just about static checkers, a mention of that). > -Daniel In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe (a.k.a htotal=0), then we met the following kernel panic: [ 32.832048] divide error: 0000 [#1] SMP PTI [ 32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33 [ 32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014 [ 32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40 [ 32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66 [ 32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206 [ 32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000 [ 32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0 [ 32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330 [ 32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000 [ 32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800 [ 32.836004] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000 [ 32.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0 [ 32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.836004] Call Trace: [ 32.836004] intel_mode_from_pipe_config+0x72/0x90 [ 32.836004] intel_modeset_setup_hw_state+0x569/0xf90 [ 32.836004] intel_modeset_init+0x905/0x1db0 [ 32.836004] i915_driver_load+0xb8c/0x1120 [ 32.836004] i915_pci_probe+0x4d/0xb0 [ 32.836004] local_pci_probe+0x44/0xa0 [ 32.836004] ? pci_assign_irq+0x27/0x130 [ 32.836004] pci_device_probe+0x102/0x1c0 [ 32.836004] driver_probe_device+0x2b8/0x480 [ 32.836004] __driver_attach+0x109/0x110 [ 32.836004] ? driver_probe_device+0x480/0x480 [ 32.836004] bus_for_each_dev+0x67/0xc0 [ 32.836004] ? klist_add_tail+0x3b/0x70 [ 32.836004] bus_add_driver+0x1e8/0x260 [ 32.836004] driver_register+0x5b/0xe0 [ 32.836004] ? mipi_dsi_bus_init+0x11/0x11 [ 32.836004] do_one_initcall+0x4d/0x1eb [ 32.836004] kernel_init_freeable+0x197/0x237 [ 32.836004] ? rest_init+0xd0/0xd0 [ 32.836004] kernel_init+0xa/0x110 [ 32.836004] ret_from_fork+0x35/0x40 [ 32.836004] Modules linked in: [ 32.859183] ---[ end trace 525608b0ed0e8665 ]--- [ 32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40 [ 32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66 [ 32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206 [ 32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000 [ 32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0 [ 32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330 [ 32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000 [ 32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800 [ 32.868075] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000 [ 32.868983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0 [ 32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0. Thanks. BR, Tina > > > > > Signed-off-by: Tina Zhang <tina.zhang@intel.com> > > Cc: Adam Jackson <ajax@redhat.com> > > Cc: Dave Airlie <airlied@redhat.com> > > Cc: Daniel Vetter <daniel@ffwll.ch> > > --- > > drivers/gpu/drm/drm_modes.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c > > index adce9a2..59b92b1 100644 > > --- a/drivers/gpu/drm/drm_modes.c > > +++ b/drivers/gpu/drm/drm_modes.c > > @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct > drm_display_mode *mode) > > if (mode->hsync) > > return mode->hsync; > > > > - if (mode->htotal < 0) > > + if (mode->htotal <= 0) > > return 0; > > > > calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */ > > -- > > 2.7.4 > > > > -- > Daniel Vetter > Software Engineer, Intel Corporation > http://blog.ffwll.ch
On Thu, Jan 24, 2019 at 07:11:53AM +0000, Zhang, Tina wrote: > > > > -----Original Message----- > > From: Daniel Vetter [mailto:daniel.vetter@ffwll.ch] On Behalf Of Daniel Vetter > > Sent: Wednesday, January 23, 2019 6:56 PM > > To: Zhang, Tina <tina.zhang@intel.com> > > Cc: intel-gfx@lists.freedesktop.org; dri-devel@lists.freedesktop.org; Adam > > Jackson <ajax@redhat.com>; Dave Airlie <airlied@redhat.com>; Daniel Vetter > > <daniel@ffwll.ch> > > Subject: Re: [PATCH] drm/modes: Prevent division by zero htotal > > > > On Wed, Jan 23, 2019 at 03:28:59PM +0800, Tina Zhang wrote: > > > This patch prevents division by zero htotal. > > > > How did you manage to get here with htotal == 0? This needs backtraces (or if > > this is just about static checkers, a mention of that). > > -Daniel > > In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe > (a.k.a htotal=0), then we met the following kernel panic: > > [ 32.832048] divide error: 0000 [#1] SMP PTI > [ 32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33 > [ 32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014 > [ 32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40 > [ 32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66 > [ 32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206 > [ 32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000 > [ 32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0 > [ 32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330 > [ 32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000 > [ 32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800 > [ 32.836004] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000 > [ 32.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0 > [ 32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 32.836004] Call Trace: > [ 32.836004] intel_mode_from_pipe_config+0x72/0x90 > [ 32.836004] intel_modeset_setup_hw_state+0x569/0xf90 > [ 32.836004] intel_modeset_init+0x905/0x1db0 > [ 32.836004] i915_driver_load+0xb8c/0x1120 > [ 32.836004] i915_pci_probe+0x4d/0xb0 > [ 32.836004] local_pci_probe+0x44/0xa0 > [ 32.836004] ? pci_assign_irq+0x27/0x130 > [ 32.836004] pci_device_probe+0x102/0x1c0 > [ 32.836004] driver_probe_device+0x2b8/0x480 > [ 32.836004] __driver_attach+0x109/0x110 > [ 32.836004] ? driver_probe_device+0x480/0x480 > [ 32.836004] bus_for_each_dev+0x67/0xc0 > [ 32.836004] ? klist_add_tail+0x3b/0x70 > [ 32.836004] bus_add_driver+0x1e8/0x260 > [ 32.836004] driver_register+0x5b/0xe0 > [ 32.836004] ? mipi_dsi_bus_init+0x11/0x11 > [ 32.836004] do_one_initcall+0x4d/0x1eb > [ 32.836004] kernel_init_freeable+0x197/0x237 > [ 32.836004] ? rest_init+0xd0/0xd0 > [ 32.836004] kernel_init+0xa/0x110 > [ 32.836004] ret_from_fork+0x35/0x40 > [ 32.836004] Modules linked in: > [ 32.859183] ---[ end trace 525608b0ed0e8665 ]--- > [ 32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40 > [ 32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66 > [ 32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206 > [ 32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000 > [ 32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0 > [ 32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330 > [ 32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000 > [ 32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800 > [ 32.868075] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000 > [ 32.868983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0 > [ 32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b > > Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0. Hm ok, makes sense. And drm_mode_vrefresh also has that check. I'll add your backtrace and merge the patch. Thanks, Daniel > > Thanks. > > BR, > Tina > > > > > > > > Signed-off-by: Tina Zhang <tina.zhang@intel.com> > > > Cc: Adam Jackson <ajax@redhat.com> > > > Cc: Dave Airlie <airlied@redhat.com> > > > Cc: Daniel Vetter <daniel@ffwll.ch> > > > --- > > > drivers/gpu/drm/drm_modes.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c > > > index adce9a2..59b92b1 100644 > > > --- a/drivers/gpu/drm/drm_modes.c > > > +++ b/drivers/gpu/drm/drm_modes.c > > > @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct > > drm_display_mode *mode) > > > if (mode->hsync) > > > return mode->hsync; > > > > > > - if (mode->htotal < 0) > > > + if (mode->htotal <= 0) > > > return 0; > > > > > > calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */ > > > -- > > > 2.7.4 > > > > > > > -- > > Daniel Vetter > > Software Engineer, Intel Corporation > > http://blog.ffwll.ch
diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c index adce9a2..59b92b1 100644 --- a/drivers/gpu/drm/drm_modes.c +++ b/drivers/gpu/drm/drm_modes.c @@ -751,7 +751,7 @@ int drm_mode_hsync(const struct drm_display_mode *mode) if (mode->hsync) return mode->hsync; - if (mode->htotal < 0) + if (mode->htotal <= 0) return 0; calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
This patch prevents division by zero htotal. Signed-off-by: Tina Zhang <tina.zhang@intel.com> Cc: Adam Jackson <ajax@redhat.com> Cc: Dave Airlie <airlied@redhat.com> Cc: Daniel Vetter <daniel@ffwll.ch> --- drivers/gpu/drm/drm_modes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)