• Ander Conselvan de Oliveira's avatar
    drm/i915: Fix NULL pointer deference when out of PLLs in IVB · 143aaef8
    Ander Conselvan de Oliveira authored
    In commit f9476a6c ("drm/i915: Refactor platform specifics out of
    intel_get_shared_dpll()"), the ibx_get_dpll() function lacked an error
    check, that can lead to a NULL pointer dereference when trying to enable
    three pipes.
    
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
    IP: [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915]
    PGD cec87067 PUD d30ce067 PMD 0
    Oops: 0000 [#1] PREEMPT SMP
    Modules linked in: snd_hda_intel i915 drm_kms_helper drm intel_gtt sch_fq_codel cfg80211 binfmt_misc i2c_algo_bit cfbfillrect syscopyarea cfbimgblt sysfillrect sysimgblt fb_sys_fops cfbcopyarea intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp agpgart kvm_intel snd_hda_codec_hdmi kvm iTCO_wdt snd_hda_codec_realtek snd_hda_codec_generic irqbypass aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd psmouse pcspkr snd_hda_codec i2c_i801 snd_hwdep snd_hda_core snd_pcm snd_timer lpc_ich mfd_core snd soundcore wmi evdev tpm_tis tpm [last unloaded: drm]
    CPU: 3 PID: 5810 Comm: kms_flip Tainted: G     U  W       4.6.0-test+ #3
    Hardware name:                  /DZ77BH-55K, BIOS BHZ7710H.86A.0100.2013.0517.0942 05/17/2013
    task: ffff8800d3908040 ti: ffff8801166c8000 task.ti: ffff8801166c8000
    RIP: 0010:[<ffffffffa0482275>]  [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915]
    RSP: 0018:ffff8801166cba60  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000002
    RDX: 0000000000000001 RSI: ffff8800d07f1bf8 RDI: 0000000000000000
    RBP: ffff8801166cba88 R08: 0000000000000002 R09: ffff8800d32e5698
    R10: 0000000000000001 R11: ffff8800cc89ac88 R12: ffff8800d07f1bf8
    R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
    FS:  00007f4c3fc8d8c0(0000) GS:ffff88011bcc0000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000068 CR3: 00000000d3b4c000 CR4: 00000000001406e0
    Stack:
     0000000000000000 ffff8800d07f1bf8 0000000000000000 ffff8800d04c0000
     0000000000000000 ffff8801166cbaa8 ffffffffa04823a7 ffff8800d07f1bf8
     ffff8800d32e5698 ffff8801166cbab8 ffffffffa04840cf ffff8801166cbaf0
    Call Trace:
     [<ffffffffa04823a7>] ibx_get_dpll+0x47/0xa0 [i915]
     [<ffffffffa04840cf>] intel_get_shared_dpll+0x1f/0x50 [i915]
     [<ffffffffa046d080>] ironlake_crtc_compute_clock+0x280/0x430 [i915]
     [<ffffffffa0472ac0>] intel_crtc_atomic_check+0x240/0x320 [i915]
     [<ffffffffa03da18e>] drm_atomic_helper_check_planes+0x14e/0x1d0 [drm_kms_helper]
     [<ffffffffa0474a0c>] intel_atomic_check+0x5dc/0x1110 [i915]
     [<ffffffffa029d3aa>] drm_atomic_check_only+0x14a/0x660 [drm]
     [<ffffffffa029d086>] ? drm_atomic_set_crtc_for_connector+0x96/0x100 [drm]
     [<ffffffffa029d8d7>] drm_atomic_commit+0x17/0x60 [drm]
     [<ffffffffa03dc3b7>] restore_fbdev_mode+0x237/0x260 [drm_kms_helper]
     [<ffffffffa029c65a>] ? drm_modeset_lock_all_ctx+0x9a/0xb0 [drm]
     [<ffffffffa03de9b3>] drm_fb_helper_restore_fbdev_mode_unlocked+0x33/0x80 [drm_kms_helper]
     [<ffffffffa03dea2d>] drm_fb_helper_set_par+0x2d/0x50 [drm_kms_helper]
     [<ffffffffa03de93a>] drm_fb_helper_hotplug_event+0xaa/0xf0 [drm_kms_helper]
     [<ffffffffa03de9d6>] drm_fb_helper_restore_fbdev_mode_unlocked+0x56/0x80 [drm_kms_helper]
     [<ffffffffa0490f72>] intel_fbdev_restore_mode+0x22/0x80 [i915]
     [<ffffffffa04ba45e>] i915_driver_lastclose+0xe/0x20 [i915]
     [<ffffffffa02810de>] drm_lastclose+0x2e/0x130 [drm]
     [<ffffffffa028148c>] drm_release+0x2ac/0x4b0 [drm]
     [<ffffffff811a6b2d>] __fput+0xed/0x1f0
     [<ffffffff811a6c6e>] ____fput+0xe/0x10
     [<ffffffff81079156>] task_work_run+0x76/0xb0
     [<ffffffff8105aaab>] do_exit+0x3ab/0xc60
     [<ffffffff810a145f>] ? trace_hardirqs_on_caller+0x12f/0x1c0
     [<ffffffff8105c67e>] do_group_exit+0x4e/0xc0
     [<ffffffff8105c704>] SyS_exit_group+0x14/0x20
     [<ffffffff8158bb25>] entry_SYSCALL_64_fastpath+0x18/0xa8
    Code: 14 80 48 8d 34 90 b8 01 00 00 00 d3 e0 09 04 b3 5b 41 5c 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 49 89 fe 41 55 41 54 53 <44> 8b 67 68 48 89 f3 48 8b be 08 02 00 00 4c 8b 2e e8 15 9d fd
    RIP  [<ffffffffa0482275>] intel_reference_shared_dpll+0x15/0x100 [i915]
     RSP <ffff8801166cba60>
    CR2: 0000000000000068
    
    Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
    Cc: drm-intel-fixes@lists.freedesktop.org
    Reported-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
    Fixes: f9476a6c ("drm/i915: Refactor platform specifics out of intel_get_shared_dpll()")
    Signed-off-by: default avatarAnder Conselvan de Oliveira <ander.conselvan.de.oliveira@intel.com>
    Reviewed-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
    Tested-by: default avatarVille Syrjälä <ville.syrjala@linux.intel.com>
    Link: http://patchwork.freedesktop.org/patch/msgid/1463748426-5956-1-git-send-email-ander.conselvan.de.oliveira@intel.com
    (cherry picked from commit bb143165)
    Signed-off-by: default avatarJani Nikula <jani.nikula@intel.com>
    143aaef8
intel_dpll_mgr.c 45.6 KB