Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752026AbdGLXWT (ORCPT ); Wed, 12 Jul 2017 19:22:19 -0400 Received: from mail-pf0-f176.google.com ([209.85.192.176]:33410 "EHLO mail-pf0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751046AbdGLXWQ (ORCPT ); Wed, 12 Jul 2017 19:22:16 -0400 Date: Wed, 12 Jul 2017 16:22:13 -0700 From: Matthias Kaehlcke To: Josh Poimboeuf Cc: Chris J Arges , Borislav Petkov , Thomas Gleixner , Ingo Molnar , "H . Peter Anvin" , x86@kernel.org, linux-kernel@vger.kernel.org, Douglas Anderson , Michael Davidson , Greg Hackmann , Nick Desaulniers , Stephen Hines , Kees Cook , Arnd Bergmann , Bernhard.Rosenkranzer@linaro.org Subject: Re: [PATCH] Revert "x86/uaccess: Add stack frame output operand in get_user() inline asm" Message-ID: <20170712232213.GE95735@google.com> References: <20170712212744.23660-1-mka@chromium.org> <20170712221242.puv5illztsla4nph@treble> <20170712222040.GD95735@google.com> <20170712223547.fyra43dizqooosbs@treble> <20170712223630.gb237t4vhrqeu5zd@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20170712223630.gb237t4vhrqeu5zd@treble> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 74033 Lines: 1491 El Wed, Jul 12, 2017 at 05:36:30PM -0500 Josh Poimboeuf ha dit: > On Wed, Jul 12, 2017 at 05:35:47PM -0500, Josh Poimboeuf wrote: > > On Wed, Jul 12, 2017 at 03:20:40PM -0700, Matthias Kaehlcke wrote: > > > > This is admittedly an awkward way of achieving this goal, but it's the > > > > only way I know how to do it with GCC. > > > > > > > > What extra instruction does clang add? > > > > > > I was looking at the get_user() call in drm_mode_setcrtc(). The code > > > generated by clang without the patch is: > > > > > > if (get_user(out_id, &set_connectors_ptr[i])) { > > > ffffffff81386955: 4a 8d 04 bd 00 00 00 lea 0x0(,%r15,4),%rax > > > ffffffff8138695c: 00 > > > ffffffff8138695d: 49 03 06 add (%r14),%rax > > > ffffffff81386960: e8 2b a5 f0 ff callq ffffffff81290e90 <__get_user_4> > > > > > > And with the patch: > > > > > > if (get_user(out_id, &set_connectors_ptr[i])) { > > > ffffffff81386a56: 4a 8d 04 bd 00 00 00 lea 0x0(,%r15,4),%rax > > > ffffffff81386a5d: 00 > > > ffffffff81386a5e: 49 03 06 add (%r14),%rax > > > ffffffff81386a61: 48 8b 64 24 28 mov 0x28(%rsp),%rsp > > > ffffffff81386a66: e8 15 a5 f0 ff callq > > > ffffffff81290f80 <__get_user_4> > > > > Hm, that seems odd. Can you sure the disassembly for the whole > > function? > > Er, share :-) Sure, please find below the disassemblies with and without the patch. The exact extra instruction differs from the one above, the disassembly above is from a debug session with some 'random' kernel version (bisect), the ones below from a v4.12ish kernel. At the bottom you also find a log of a double faults observed with the patch. If you are interested in building the kernel with clang yourself I can provide instructions, it is fairly painless nowadays as long as you have a recent version of clang (a somewhat older version should also do for this issue with some extra kernel patches). With f05058c4d652: ffffffff81367550 : * Returns: * Zero on success, negative errno on failure. */ int drm_mode_setcrtc(struct drm_device *dev, void *data, struct drm_file *file_priv) { ffffffff81367550: e8 db 71 2e 00 callq ffffffff8164e730 <__fentry__> ffffffff81367555: 55 push %rbp ffffffff81367556: 48 89 e5 mov %rsp,%rbp ffffffff81367559: 41 57 push %r15 ffffffff8136755b: 41 56 push %r14 ffffffff8136755d: 41 55 push %r13 ffffffff8136755f: 41 54 push %r12 ffffffff81367561: 53 push %rbx ffffffff81367562: 48 81 ec c0 00 00 00 sub $0xc0,%rsp ffffffff81367569: 49 89 f6 mov %rsi,%r14 ffffffff8136756c: 48 89 fb mov %rdi,%rbx #define DRM_SWITCH_POWER_DYNAMIC_OFF 3 static __inline__ int drm_core_check_feature(struct drm_device *dev, int feature) { return ((dev->driver->driver_features & feature) ? 1 : 0); ffffffff8136756f: 48 8b 43 20 mov 0x20(%rbx),%rax uint32_t __user *set_connectors_ptr; struct drm_modeset_acquire_ctx ctx; int ret; int i; if (!drm_core_check_feature(dev, DRIVER_MODESET)) ffffffff81367573: f6 80 81 01 00 00 20 testb $0x20,0x181(%rax) ffffffff8136757a: 75 09 jne ffffffff81367585 ffffffff8136757c: 6a ea pushq $0xffffffffffffffea ffffffff8136757e: 41 5c pop %r12 ffffffff81367580: e9 d5 04 00 00 jmpq ffffffff81367a5a ffffffff81367585: 6a de pushq $0xffffffffffffffde ffffffff81367587: 41 5c pop %r12 /* * Universal plane src offsets are only 16.16, prevent havoc for * drivers using universal plane code internally. */ if (crtc_req->x & 0xffff0000 || crtc_req->y & 0xffff0000) ffffffff81367589: 41 81 7e 14 ff ff 00 cmpl $0xffff,0x14(%r14) ffffffff81367590: 00 ffffffff81367591: 0f 87 c3 04 00 00 ja ffffffff81367a5a ffffffff81367597: 41 81 7e 18 ff ff 00 cmpl $0xffff,0x18(%r14) ffffffff8136759e: 00 ffffffff8136759f: 0f 87 b5 04 00 00 ja ffffffff81367a5a return -ERANGE; crtc = drm_crtc_find(dev, crtc_req->crtc_id); ffffffff813675a5: 41 8b 76 0c mov 0xc(%r14),%esi ffffffff813675a9: 48 89 df mov %rbx,%rdi ffffffff813675ac: e8 15 fe ff ff callq ffffffff813673c6 ffffffff813675b1: 49 89 c5 mov %rax,%r13 if (!crtc) { ffffffff813675b4: 4d 85 ed test %r13,%r13 ffffffff813675b7: 0f 84 7d 04 00 00 je ffffffff81367a3a ffffffff813675bd: 48 89 5d b0 mov %rbx,-0x50(%rbp) DRM_DEBUG_KMS("Unknown CRTC ID %d\n", crtc_req->crtc_id); return -ENOENT; } DRM_DEBUG_KMS("[CRTC:%d:%s]\n", crtc->base.id, crtc->name); ffffffff813675c1: 41 8b 4d 78 mov 0x78(%r13),%ecx ffffffff813675c5: 4d 8b 45 20 mov 0x20(%r13),%r8 ffffffff813675c9: 6a 04 pushq $0x4 ffffffff813675cb: 5e pop %rsi ffffffff813675cc: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff813675d3: 48 c7 c2 e8 55 9b 81 mov $0xffffffff819b55e8,%rdx ffffffff813675da: 31 c0 xor %eax,%eax ffffffff813675dc: e8 45 c6 ff ff callq ffffffff81363c26 mutex_lock(&crtc->dev->mode_config.mutex); ffffffff813675e1: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff813675e5: 48 81 c7 b0 02 00 00 add $0x2b0,%rdi ffffffff813675ec: e8 b2 3c 2e 00 callq ffffffff8164b2a3 ffffffff813675f1: 48 8d 9d 38 ff ff ff lea -0xc8(%rbp),%rbx drm_modeset_acquire_init(&ctx, 0); ffffffff813675f8: 31 f6 xor %esi,%esi ffffffff813675fa: 48 89 df mov %rbx,%rdi ffffffff813675fd: e8 ef 7d 00 00 callq ffffffff8136f3f1 ffffffff81367602: 49 8d 46 24 lea 0x24(%r14),%rax ffffffff81367606: 48 89 45 a0 mov %rax,-0x60(%rbp) ffffffff8136760a: 31 c0 xor %eax,%eax ffffffff8136760c: 48 89 45 c0 mov %rax,-0x40(%rbp) ffffffff81367610: 31 c0 xor %eax,%eax ffffffff81367612: 48 89 45 d0 mov %rax,-0x30(%rbp) ffffffff81367616: 31 c0 xor %eax,%eax ffffffff81367618: 48 89 45 c8 mov %rax,-0x38(%rbp) ffffffff8136761c: 45 31 ff xor %r15d,%r15d ffffffff8136761f: 48 89 45 a8 mov %rax,-0x58(%rbp) ffffffff81367623: 4c 89 6d b8 mov %r13,-0x48(%rbp) ffffffff81367627: e9 0a 03 00 00 jmpq ffffffff81367936 ffffffff8136762c: 48 8d 9d 38 ff ff ff lea -0xc8(%rbp),%rbx } } kfree(connector_set); drm_mode_destroy(dev, mode); if (ret == -EDEADLK) { drm_modeset_backoff(&ctx); ffffffff81367633: 48 89 df mov %rbx,%rdi ffffffff81367636: e8 88 7e 00 00 callq ffffffff8136f4c3 ffffffff8136763b: e9 f6 02 00 00 jmpq ffffffff81367936 goto out; if (crtc_req->mode_valid) { /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { if (!crtc->primary->fb) { ffffffff81367640: 49 8b 85 98 00 00 00 mov 0x98(%r13),%rax ffffffff81367647: 48 8b 98 b0 00 00 00 mov 0xb0(%rax),%rbx ffffffff8136764e: 48 85 db test %rbx,%rbx ffffffff81367651: 0f 84 19 01 00 00 je ffffffff81367770 * * This function increments the framebuffer's reference count. */ static inline void drm_framebuffer_get(struct drm_framebuffer *fb) { drm_mode_object_get(&fb->base); ffffffff81367657: 48 8d 7b 18 lea 0x18(%rbx),%rdi ffffffff8136765b: e8 97 de 00 00 callq ffffffff813754f7 ffffffff81367660: 48 89 5d d0 mov %rbx,-0x30(%rbp) ffffffff81367664: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff81367668: 48 8b 5d b0 mov -0x50(%rbp),%rbx ret = -ENOENT; goto out; } } mode = drm_mode_create(dev); ffffffff8136766c: 48 89 df mov %rbx,%rdi ffffffff8136766f: e8 32 08 00 00 callq ffffffff81367ea6 if (!mode) { ffffffff81367674: 48 85 c0 test %rax,%rax ffffffff81367677: 74 38 je ffffffff813676b1 ffffffff81367679: 48 89 c1 mov %rax,%rcx ret = -ENOMEM; goto out; } ret = drm_mode_convert_umode(mode, &crtc_req->mode); ffffffff8136767c: 48 89 4d c0 mov %rcx,-0x40(%rbp) ffffffff81367680: 48 89 c7 mov %rax,%rdi ffffffff81367683: 48 8b 75 a0 mov -0x60(%rbp),%rsi ffffffff81367687: e8 3a 1b 00 00 callq ffffffff813691c6 ffffffff8136768c: 41 89 c4 mov %eax,%r12d if (ret) { ffffffff8136768f: 45 85 e4 test %r12d,%r12d ffffffff81367692: 74 2c je ffffffff813676c0 DRM_DEBUG_KMS("Invalid mode\n"); ffffffff81367694: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff8136769b: 48 c7 c2 1c 7b 9b 81 mov $0xffffffff819b7b1c,%rdx ffffffff813676a2: 31 c0 xor %eax,%eax ffffffff813676a4: 6a 04 pushq $0x4 ffffffff813676a6: 5e pop %rsi ffffffff813676a7: e8 7a c5 ff ff callq ffffffff81363c26 ffffffff813676ac: e9 a0 02 00 00 jmpq ffffffff81367951 ffffffff813676b1: 31 c0 xor %eax,%eax ffffffff813676b3: 48 89 45 c0 mov %rax,-0x40(%rbp) ffffffff813676b7: 6a f4 pushq $0xfffffffffffffff4 ffffffff813676b9: 41 5c pop %r12 ffffffff813676bb: e9 91 02 00 00 jmpq ffffffff81367951 * Drivers not implementing the universal planes API use a * default formats list provided by the DRM core which doesn't * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ffffffff813676c0: 49 8b bd 98 00 00 00 mov 0x98(%r13),%rdi ffffffff813676c7: 80 bf a4 00 00 00 00 cmpb $0x0,0xa4(%rdi) ffffffff813676ce: 0f 84 cf 00 00 00 je ffffffff813677a3 &format_name)); goto out; } } ret = drm_crtc_check_viewport(crtc, crtc_req->x, crtc_req->y, ffffffff813676d4: 41 8b 76 14 mov 0x14(%r14),%esi ffffffff813676d8: 41 8b 56 18 mov 0x18(%r14),%edx ffffffff813676dc: 4c 89 ef mov %r13,%rdi ffffffff813676df: 48 8b 4d c0 mov -0x40(%rbp),%rcx ffffffff813676e3: 4c 8b 45 d0 mov -0x30(%rbp),%r8 ffffffff813676e7: e8 de fd ff ff callq ffffffff813674ca ffffffff813676ec: 41 89 c4 mov %eax,%r12d mode, fb); if (ret) ffffffff813676ef: 45 85 e4 test %r12d,%r12d ffffffff813676f2: 0f 85 59 02 00 00 jne ffffffff81367951 goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff813676f8: 41 8b 4e 08 mov 0x8(%r14),%ecx ffffffff813676fc: 48 8b 45 c0 mov -0x40(%rbp),%rax ffffffff81367700: 48 85 c0 test %rax,%rax ffffffff81367703: 74 1e je ffffffff81367723 ffffffff81367705: 85 c9 test %ecx,%ecx ffffffff81367707: 75 1a jne ffffffff81367723 DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ffffffff81367709: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff81367710: 48 c7 c2 43 7b 9b 81 mov $0xffffffff819b7b43,%rdx ffffffff81367717: 31 c0 xor %eax,%eax ffffffff81367719: 6a 04 pushq $0x4 ffffffff8136771b: 5e pop %rsi ffffffff8136771c: e8 05 c5 ff ff callq ffffffff81363c26 ffffffff81367721: eb 44 jmp ffffffff81367767 if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff81367723: 48 85 c0 test %rax,%rax ffffffff81367726: 0f 95 c0 setne %al DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0 && (!mode || !fb)) { ffffffff81367729: 48 83 7d d0 00 cmpq $0x0,-0x30(%rbp) ffffffff8136772e: 0f 95 c2 setne %dl if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff81367731: 85 c9 test %ecx,%ecx DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0 && (!mode || !fb)) { ffffffff81367733: 74 1e je ffffffff81367753 ffffffff81367735: 20 d0 and %dl,%al ffffffff81367737: 75 1a jne ffffffff81367753 DRM_DEBUG_KMS("Count connectors is %d but no mode or fb set\n", ffffffff81367739: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff81367740: 48 c7 c2 67 7b 9b 81 mov $0xffffffff819b7b67,%rdx ffffffff81367747: 31 c0 xor %eax,%eax ffffffff81367749: 6a 04 pushq $0x4 ffffffff8136774b: 5e pop %rsi ffffffff8136774c: e8 d5 c4 ff ff callq ffffffff81363c26 ffffffff81367751: eb 14 jmp ffffffff81367767 if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff81367753: 85 c9 test %ecx,%ecx crtc_req->count_connectors); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0) { ffffffff81367755: 74 3e je ffffffff81367795 u32 out_id; /* Avoid unbounded kernel memory allocation */ if (crtc_req->count_connectors > config->num_connector) { ffffffff81367757: 48 8b 45 b0 mov -0x50(%rbp),%rax ffffffff8136775b: 3b 88 10 04 00 00 cmp 0x410(%rax),%ecx ffffffff81367761: 0f 86 8d 00 00 00 jbe ffffffff813677f4 ffffffff81367767: 6a ea pushq $0xffffffffffffffea ffffffff81367769: 41 5c pop %r12 ffffffff8136776b: e9 da 01 00 00 jmpq ffffffff8136794a if (crtc_req->mode_valid) { /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { if (!crtc->primary->fb) { DRM_DEBUG_KMS("CRTC doesn't have current FB\n"); ffffffff81367770: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff81367777: 48 c7 c2 ed 7a 9b 81 mov $0xffffffff819b7aed,%rdx ffffffff8136777e: 31 c0 xor %eax,%eax ffffffff81367780: 6a 04 pushq $0x4 ffffffff81367782: 5e pop %rsi ffffffff81367783: e8 9e c4 ff ff callq ffffffff81363c26 ffffffff81367788: 6a ea pushq $0xffffffffffffffea ffffffff8136778a: 41 5c pop %r12 ffffffff8136778c: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff81367790: e9 b5 01 00 00 jmpq ffffffff8136794a ffffffff81367795: 31 d2 xor %edx,%edx ffffffff81367797: 48 8d b5 38 ff ff ff lea -0xc8(%rbp),%rsi ffffffff8136779e: e9 46 01 00 00 jmpq ffffffff813678e9 * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ret = drm_plane_check_pixel_format(crtc->primary, fb->format->format); ffffffff813677a3: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff813677a7: 48 8b 40 38 mov 0x38(%rax),%rax ffffffff813677ab: 8b 30 mov (%rax),%esi * default formats list provided by the DRM core which doesn't * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ret = drm_plane_check_pixel_format(crtc->primary, ffffffff813677ad: e8 40 f4 00 00 callq ffffffff81376bf2 ffffffff813677b2: 41 89 c4 mov %eax,%r12d fb->format->format); if (ret) { ffffffff813677b5: 45 85 e4 test %r12d,%r12d ffffffff813677b8: 0f 84 16 ff ff ff je ffffffff813676d4 struct drm_format_name_buf format_name; DRM_DEBUG_KMS("Invalid pixel format %s\n", ffffffff813677be: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff813677c2: 48 8b 40 38 mov 0x38(%rax),%rax ffffffff813677c6: 8b 38 mov (%rax),%edi ffffffff813677c8: 48 8d b5 18 ff ff ff lea -0xe8(%rbp),%rsi ffffffff813677cf: e8 c7 03 00 00 callq ffffffff81367b9b ffffffff813677d4: 48 89 c1 mov %rax,%rcx ffffffff813677d7: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff813677de: 48 c7 c2 2a 7b 9b 81 mov $0xffffffff819b7b2a,%rdx ffffffff813677e5: 31 c0 xor %eax,%eax ffffffff813677e7: 6a 04 pushq $0x4 ffffffff813677e9: 5e pop %rsi ffffffff813677ea: e8 37 c4 ff ff callq ffffffff81363c26 ffffffff813677ef: e9 5d 01 00 00 jmpq ffffffff81367951 { if (size != 0 && n > SIZE_MAX / size) return NULL; if (__builtin_constant_p(n) && __builtin_constant_p(size)) return kmalloc(n * size, flags); return __kmalloc(n * size, flags); ffffffff813677f4: 48 c1 e1 03 shl $0x3,%rcx ffffffff813677f8: be c0 00 40 01 mov $0x14000c0,%esi ffffffff813677fd: 48 89 cf mov %rcx,%rdi ffffffff81367800: e8 85 78 dd ff callq ffffffff8113f08a <__kmalloc> } connector_set = kmalloc_array(crtc_req->count_connectors, sizeof(struct drm_connector *), GFP_KERNEL); if (!connector_set) { ffffffff81367805: 48 85 c0 test %rax,%rax ffffffff81367808: 48 8d b5 38 ff ff ff lea -0xc8(%rbp),%rsi ffffffff8136780f: 0f 84 c2 00 00 00 je ffffffff813678d7 ffffffff81367815: 31 db xor %ebx,%ebx ffffffff81367817: 48 89 c2 mov %rax,%rdx ffffffff8136781a: 48 89 55 c8 mov %rdx,-0x38(%rbp) ffffffff8136781e: eb 35 jmp ffffffff81367855 DRM_DEBUG_KMS("Connector id %d unknown\n", out_id); ret = -ENOENT; goto out; } DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", ffffffff81367820: 41 8b 4d 28 mov 0x28(%r13),%ecx ffffffff81367824: 4d 8b 45 48 mov 0x48(%r13),%r8 ffffffff81367828: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff8136782f: 48 c7 c2 94 57 9b 81 mov $0xffffffff819b5794,%rdx ffffffff81367836: 31 c0 xor %eax,%eax ffffffff81367838: 6a 04 pushq $0x4 ffffffff8136783a: 5e pop %rsi ffffffff8136783b: e8 e6 c3 ff ff callq ffffffff81363c26 ffffffff81367840: 48 8b 45 c8 mov -0x38(%rbp),%rax connector->base.id, connector->name); connector_set[i] = connector; ffffffff81367844: 4e 89 2c f8 mov %r13,(%rax,%r15,8) if (!connector_set) { ret = -ENOMEM; goto out; } for (i = 0; i < crtc_req->count_connectors; i++) { ffffffff81367848: ff c3 inc %ebx ffffffff8136784a: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff8136784e: 48 8d b5 38 ff ff ff lea -0xc8(%rbp),%rsi ffffffff81367855: 41 8b 56 08 mov 0x8(%r14),%edx ffffffff81367859: 39 d3 cmp %edx,%ebx ffffffff8136785b: 0f 83 85 00 00 00 jae ffffffff813678e6 connector_set[i] = NULL; ffffffff81367861: 4c 63 fb movslq %ebx,%r15 ffffffff81367864: 4a 83 24 f8 00 andq $0x0,(%rax,%r15,8) set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr; if (get_user(out_id, &set_connectors_ptr[i])) { ffffffff81367869: 4a 8d 04 bd 00 00 00 lea 0x0(,%r15,4),%rax ffffffff81367870: 00 ffffffff81367871: 49 03 06 add (%r14),%rax ffffffff81367874: 48 8b 65 a8 mov -0x58(%rbp),%rsp ffffffff81367878: e8 73 26 f1 ff callq ffffffff81279ef0 <__get_user_4> ffffffff8136787d: 49 89 d4 mov %rdx,%r12 ffffffff81367880: 48 89 65 a8 mov %rsp,-0x58(%rbp) ffffffff81367884: 85 c0 test %eax,%eax ffffffff81367886: 0f 85 a0 00 00 00 jne ffffffff8136792c */ static inline struct drm_connector *drm_connector_lookup(struct drm_device *dev, uint32_t id) { struct drm_mode_object *mo; mo = drm_mode_object_find(dev, id, DRM_MODE_OBJECT_CONNECTOR); ffffffff8136788c: ba c0 c0 c0 c0 mov $0xc0c0c0c0,%edx ffffffff81367891: 48 8b 7d b0 mov -0x50(%rbp),%rdi ffffffff81367895: 44 89 e6 mov %r12d,%esi ffffffff81367898: e8 f7 db 00 00 callq ffffffff81375494 ffffffff8136789d: 49 89 c5 mov %rax,%r13 return mo ? obj_to_connector(mo) : NULL; ffffffff813678a0: 4d 85 ed test %r13,%r13 ret = -EFAULT; goto out; } connector = drm_connector_lookup(dev, out_id); if (!connector) { ffffffff813678a3: 74 0a je ffffffff813678af ffffffff813678a5: 49 83 c5 d8 add $0xffffffffffffffd8,%r13 ffffffff813678a9: 0f 85 71 ff ff ff jne ffffffff81367820 DRM_DEBUG_KMS("Connector id %d unknown\n", ffffffff813678af: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff813678b6: 48 c7 c2 95 7b 9b 81 mov $0xffffffff819b7b95,%rdx ffffffff813678bd: 31 c0 xor %eax,%eax ffffffff813678bf: 6a 04 pushq $0x4 ffffffff813678c1: 5e pop %rsi ffffffff813678c2: 44 89 e1 mov %r12d,%ecx ffffffff813678c5: e8 5c c3 ff ff callq ffffffff81363c26 ffffffff813678ca: 6a fe pushq $0xfffffffffffffffe ffffffff813678cc: 41 5c pop %r12 ffffffff813678ce: 4c 8b 7d c8 mov -0x38(%rbp),%r15 ffffffff813678d2: e9 b5 fe ff ff jmpq ffffffff8136778c if (crtc_req->count_connectors > config->num_connector) { ret = -EINVAL; goto out; } connector_set = kmalloc_array(crtc_req->count_connectors, ffffffff813678d7: 49 89 c7 mov %rax,%r15 ffffffff813678da: 6a f4 pushq $0xfffffffffffffff4 ffffffff813678dc: 41 5c pop %r12 ffffffff813678de: 31 c0 xor %eax,%eax ffffffff813678e0: 48 89 45 c8 mov %rax,-0x38(%rbp) ffffffff813678e4: eb 64 jmp ffffffff8136794a ffffffff813678e6: 49 89 c7 mov %rax,%r15 connector_set[i] = connector; } } set.crtc = crtc; ffffffff813678e9: 4c 89 ad 78 ff ff ff mov %r13,-0x88(%rbp) set.x = crtc_req->x; ffffffff813678f0: 41 8b 4e 14 mov 0x14(%r14),%ecx ffffffff813678f4: 89 4d 88 mov %ecx,-0x78(%rbp) set.y = crtc_req->y; ffffffff813678f7: 41 8b 4e 18 mov 0x18(%r14),%ecx ffffffff813678fb: 89 4d 8c mov %ecx,-0x74(%rbp) set.mode = mode; ffffffff813678fe: 48 8b 45 c0 mov -0x40(%rbp),%rax ffffffff81367902: 48 89 45 80 mov %rax,-0x80(%rbp) set.connectors = connector_set; ffffffff81367906: 4c 89 7d 90 mov %r15,-0x70(%rbp) set.num_connectors = crtc_req->count_connectors; ffffffff8136790a: 89 d0 mov %edx,%eax ffffffff8136790c: 48 89 45 98 mov %rax,-0x68(%rbp) set.fb = fb; ffffffff81367910: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff81367914: 48 89 85 70 ff ff ff mov %rax,-0x90(%rbp) ret = __drm_mode_set_config_internal(&set, &ctx); ffffffff8136791b: 48 8d bd 70 ff ff ff lea -0x90(%rbp),%rdi ffffffff81367922: e8 bf fa ff ff callq ffffffff813673e6 <__drm_mode_set_config_internal> ffffffff81367927: 41 89 c4 mov %eax,%r12d ffffffff8136792a: eb 1e jmp ffffffff8136794a ffffffff8136792c: 6a f2 pushq $0xfffffffffffffff2 ffffffff8136792e: 41 5c pop %r12 ffffffff81367930: 4c 8b 7d c8 mov -0x38(%rbp),%r15 ffffffff81367934: eb 14 jmp ffffffff8136794a DRM_DEBUG_KMS("[CRTC:%d:%s]\n", crtc->base.id, crtc->name); mutex_lock(&crtc->dev->mode_config.mutex); drm_modeset_acquire_init(&ctx, 0); retry: ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx); ffffffff81367936: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff8136793a: 48 89 de mov %rbx,%rsi ffffffff8136793d: e8 08 7b 00 00 callq ffffffff8136f44a ffffffff81367942: 41 89 c4 mov %eax,%r12d if (ret) ffffffff81367945: 45 85 e4 test %r12d,%r12d ffffffff81367948: 74 16 je ffffffff81367960 set.num_connectors = crtc_req->count_connectors; set.fb = fb; ret = __drm_mode_set_config_internal(&set, &ctx); out: if (fb) ffffffff8136794a: 48 83 7d d0 00 cmpq $0x0,-0x30(%rbp) ffffffff8136794f: 74 6b je ffffffff813679bc * This function decrements the framebuffer's reference count and frees the * framebuffer if the reference count drops to zero. */ static inline void drm_framebuffer_put(struct drm_framebuffer *fb) { drm_mode_object_put(&fb->base); ffffffff81367951: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff81367955: 48 8d 78 18 lea 0x18(%rax),%rdi ffffffff81367959: e8 46 db 00 00 callq ffffffff813754a4 ffffffff8136795e: eb 62 jmp ffffffff813679c2 drm_modeset_acquire_init(&ctx, 0); retry: ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx); if (ret) goto out; if (crtc_req->mode_valid) { ffffffff81367960: 41 83 7e 20 00 cmpl $0x0,0x20(%r14) ffffffff81367965: 0f 84 8d fd ff ff je ffffffff813676f8 /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { ffffffff8136796b: 41 8b 76 10 mov 0x10(%r14),%esi ffffffff8136796f: 83 fe ff cmp $0xffffffff,%esi ffffffff81367972: 0f 84 c8 fc ff ff je ffffffff81367640 ffffffff81367978: 48 8b 5d b0 mov -0x50(%rbp),%rbx } fb = crtc->primary->fb; /* Make refcounting symmetric with the lookup path. */ drm_framebuffer_get(fb); } else { fb = drm_framebuffer_lookup(dev, crtc_req->fb_id); ffffffff8136797c: 48 89 df mov %rbx,%rdi ffffffff8136797f: e8 a3 b3 00 00 callq ffffffff81372d27 ffffffff81367984: 48 89 c1 mov %rax,%rcx if (!fb) { ffffffff81367987: 48 89 4d d0 mov %rcx,-0x30(%rbp) ffffffff8136798b: 48 85 c0 test %rax,%rax ffffffff8136798e: 0f 85 d8 fc ff ff jne ffffffff8136766c DRM_DEBUG_KMS("Unknown FB ID%d\n", ffffffff81367994: 41 8b 4e 10 mov 0x10(%r14),%ecx ffffffff81367998: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff8136799f: 48 c7 c2 0b 7b 9b 81 mov $0xffffffff819b7b0b,%rdx ffffffff813679a6: 31 c0 xor %eax,%eax ffffffff813679a8: 6a 04 pushq $0x4 ffffffff813679aa: 5e pop %rsi ffffffff813679ab: e8 76 c2 ff ff callq ffffffff81363c26 ffffffff813679b0: 31 c0 xor %eax,%eax ffffffff813679b2: 48 89 45 d0 mov %rax,-0x30(%rbp) ffffffff813679b6: 6a fe pushq $0xfffffffffffffffe ffffffff813679b8: 41 5c pop %r12 ffffffff813679ba: eb 06 jmp ffffffff813679c2 ffffffff813679bc: 31 c0 xor %eax,%eax ffffffff813679be: 48 89 45 d0 mov %rax,-0x30(%rbp) out: if (fb) drm_framebuffer_put(fb); if (connector_set) { ffffffff813679c2: 4d 85 ff test %r15,%r15 ffffffff813679c5: 74 27 je ffffffff813679ee ffffffff813679c7: 31 db xor %ebx,%ebx ffffffff813679c9: eb 17 jmp ffffffff813679e2 for (i = 0; i < crtc_req->count_connectors; i++) { if (connector_set[i]) ffffffff813679cb: 48 63 c3 movslq %ebx,%rax ffffffff813679ce: 49 8b 3c c7 mov (%r15,%rax,8),%rdi ffffffff813679d2: 48 85 ff test %rdi,%rdi ffffffff813679d5: 74 09 je ffffffff813679e0 * This function decrements the connector's reference count and frees the * object if the reference count drops to zero. */ static inline void drm_connector_put(struct drm_connector *connector) { drm_mode_object_put(&connector->base); ffffffff813679d7: 48 83 c7 28 add $0x28,%rdi ffffffff813679db: e8 c4 da 00 00 callq ffffffff813754a4 out: if (fb) drm_framebuffer_put(fb); if (connector_set) { for (i = 0; i < crtc_req->count_connectors; i++) { ffffffff813679e0: ff c3 inc %ebx ffffffff813679e2: 41 3b 5e 08 cmp 0x8(%r14),%ebx ffffffff813679e6: 72 e3 jb ffffffff813679cb ffffffff813679e8: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff813679ec: eb 03 jmp ffffffff813679f1 ffffffff813679ee: 45 31 ff xor %r15d,%r15d if (connector_set[i]) drm_connector_put(connector_set[i]); } } kfree(connector_set); ffffffff813679f1: 48 8b 7d c8 mov -0x38(%rbp),%rdi ffffffff813679f5: e8 55 78 dd ff callq ffffffff8113f24f drm_mode_destroy(dev, mode); ffffffff813679fa: 48 8b 7d b0 mov -0x50(%rbp),%rdi ffffffff813679fe: 48 8b 75 c0 mov -0x40(%rbp),%rsi ffffffff81367a02: e8 ef 04 00 00 callq ffffffff81367ef6 if (ret == -EDEADLK) { ffffffff81367a07: 41 83 fc dd cmp $0xffffffdd,%r12d ffffffff81367a0b: 0f 84 1b fc ff ff je ffffffff8136762c ffffffff81367a11: 4c 8d b5 38 ff ff ff lea -0xc8(%rbp),%r14 drm_modeset_backoff(&ctx); goto retry; } drm_modeset_drop_locks(&ctx); ffffffff81367a18: 4c 89 f7 mov %r14,%rdi ffffffff81367a1b: e8 62 7b 00 00 callq ffffffff8136f582 drm_modeset_acquire_fini(&ctx); ffffffff81367a20: 4c 89 f7 mov %r14,%rdi ffffffff81367a23: e8 ad 7a 00 00 callq ffffffff8136f4d5 mutex_unlock(&crtc->dev->mode_config.mutex); ffffffff81367a28: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff81367a2c: 48 81 c7 b0 02 00 00 add $0x2b0,%rdi ffffffff81367a33: e8 b0 38 2e 00 callq ffffffff8164b2e8 ffffffff81367a38: eb 20 jmp ffffffff81367a5a if (crtc_req->x & 0xffff0000 || crtc_req->y & 0xffff0000) return -ERANGE; crtc = drm_crtc_find(dev, crtc_req->crtc_id); if (!crtc) { DRM_DEBUG_KMS("Unknown CRTC ID %d\n", crtc_req->crtc_id); ffffffff81367a3a: 41 8b 4e 0c mov 0xc(%r14),%ecx ffffffff81367a3e: 6a 04 pushq $0x4 ffffffff81367a40: 5e pop %rsi ffffffff81367a41: 48 c7 c7 5d 82 95 81 mov $0xffffffff8195825d,%rdi ffffffff81367a48: 48 c7 c2 d9 7a 9b 81 mov $0xffffffff819b7ad9,%rdx ffffffff81367a4f: 31 c0 xor %eax,%eax ffffffff81367a51: e8 d0 c1 ff ff callq ffffffff81363c26 ffffffff81367a56: 6a fe pushq $0xfffffffffffffffe ffffffff81367a58: 41 5c pop %r12 drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); mutex_unlock(&crtc->dev->mode_config.mutex); return ret; } ffffffff81367a5a: 44 89 e0 mov %r12d,%eax ffffffff81367a5d: 48 81 c4 c0 00 00 00 add $0xc0,%rsp ffffffff81367a64: 5b pop %rbx ffffffff81367a65: 41 5c pop %r12 ffffffff81367a67: 41 5d pop %r13 ffffffff81367a69: 41 5e pop %r14 ffffffff81367a6b: 41 5f pop %r15 ffffffff81367a6d: 5d pop %rbp ffffffff81367a6e: c3 retq ============================================================ Without f05058c4d652: ffffffff8136744c : * Returns: * Zero on success, negative errno on failure. */ int drm_mode_setcrtc(struct drm_device *dev, void *data, struct drm_file *file_priv) { ffffffff8136744c: e8 1f 71 2e 00 callq ffffffff8164e570 <__fentry__> ffffffff81367451: 55 push %rbp ffffffff81367452: 48 89 e5 mov %rsp,%rbp ffffffff81367455: 41 57 push %r15 ffffffff81367457: 41 56 push %r14 ffffffff81367459: 41 55 push %r13 ffffffff8136745b: 41 54 push %r12 ffffffff8136745d: 53 push %rbx ffffffff8136745e: 48 81 ec b8 00 00 00 sub $0xb8,%rsp ffffffff81367465: 49 89 f6 mov %rsi,%r14 ffffffff81367468: 48 89 fb mov %rdi,%rbx #define DRM_SWITCH_POWER_DYNAMIC_OFF 3 static __inline__ int drm_core_check_feature(struct drm_device *dev, int feature) { return ((dev->driver->driver_features & feature) ? 1 : 0); ffffffff8136746b: 48 8b 43 20 mov 0x20(%rbx),%rax uint32_t __user *set_connectors_ptr; struct drm_modeset_acquire_ctx ctx; int ret; int i; if (!drm_core_check_feature(dev, DRIVER_MODESET)) ffffffff8136746f: f6 80 81 01 00 00 20 testb $0x20,0x181(%rax) ffffffff81367476: 75 09 jne ffffffff81367481 ffffffff81367478: 6a ea pushq $0xffffffffffffffea ffffffff8136747a: 41 5c pop %r12 ffffffff8136747c: e9 be 04 00 00 jmpq ffffffff8136793f ffffffff81367481: 6a de pushq $0xffffffffffffffde ffffffff81367483: 41 5c pop %r12 /* * Universal plane src offsets are only 16.16, prevent havoc for * drivers using universal plane code internally. */ if (crtc_req->x & 0xffff0000 || crtc_req->y & 0xffff0000) ffffffff81367485: 41 81 7e 14 ff ff 00 cmpl $0xffff,0x14(%r14) ffffffff8136748c: 00 ffffffff8136748d: 0f 87 ac 04 00 00 ja ffffffff8136793f ffffffff81367493: 41 81 7e 18 ff ff 00 cmpl $0xffff,0x18(%r14) ffffffff8136749a: 00 ffffffff8136749b: 0f 87 9e 04 00 00 ja ffffffff8136793f return -ERANGE; crtc = drm_crtc_find(dev, crtc_req->crtc_id); ffffffff813674a1: 41 8b 76 0c mov 0xc(%r14),%esi ffffffff813674a5: 48 89 df mov %rbx,%rdi ffffffff813674a8: e8 15 fe ff ff callq ffffffff813672c2 ffffffff813674ad: 49 89 c5 mov %rax,%r13 if (!crtc) { ffffffff813674b0: 4d 85 ed test %r13,%r13 ffffffff813674b3: 0f 84 66 04 00 00 je ffffffff8136791f ffffffff813674b9: 48 89 5d b0 mov %rbx,-0x50(%rbp) DRM_DEBUG_KMS("Unknown CRTC ID %d\n", crtc_req->crtc_id); return -ENOENT; } DRM_DEBUG_KMS("[CRTC:%d:%s]\n", crtc->base.id, crtc->name); ffffffff813674bd: 41 8b 4d 78 mov 0x78(%r13),%ecx ffffffff813674c1: 4d 8b 45 20 mov 0x20(%r13),%r8 ffffffff813674c5: 6a 04 pushq $0x4 ffffffff813674c7: 5e pop %rsi ffffffff813674c8: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff813674cf: 48 c7 c2 d8 55 9b 81 mov $0xffffffff819b55d8,%rdx ffffffff813674d6: 31 c0 xor %eax,%eax ffffffff813674d8: e8 45 c6 ff ff callq ffffffff81363b22 mutex_lock(&crtc->dev->mode_config.mutex); ffffffff813674dd: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff813674e1: 48 81 c7 b0 02 00 00 add $0x2b0,%rdi ffffffff813674e8: e8 e6 3b 2e 00 callq ffffffff8164b0d3 ffffffff813674ed: 48 8d 9d 40 ff ff ff lea -0xc0(%rbp),%rbx drm_modeset_acquire_init(&ctx, 0); ffffffff813674f4: 31 f6 xor %esi,%esi ffffffff813674f6: 48 89 df mov %rbx,%rdi ffffffff813674f9: e8 d8 7d 00 00 callq ffffffff8136f2d6 ffffffff813674fe: 49 8d 46 24 lea 0x24(%r14),%rax ffffffff81367502: 48 89 45 a8 mov %rax,-0x58(%rbp) ffffffff81367506: 31 c0 xor %eax,%eax ffffffff81367508: 48 89 45 c0 mov %rax,-0x40(%rbp) ffffffff8136750c: 31 c0 xor %eax,%eax ffffffff8136750e: 48 89 45 d0 mov %rax,-0x30(%rbp) ffffffff81367512: 31 c0 xor %eax,%eax ffffffff81367514: 48 89 45 c8 mov %rax,-0x38(%rbp) ffffffff81367518: 45 31 ff xor %r15d,%r15d ffffffff8136751b: 4c 89 6d b8 mov %r13,-0x48(%rbp) ffffffff8136751f: e9 f7 02 00 00 jmpq ffffffff8136781b ffffffff81367524: 48 8d 9d 40 ff ff ff lea -0xc0(%rbp),%rbx } } kfree(connector_set); drm_mode_destroy(dev, mode); if (ret == -EDEADLK) { drm_modeset_backoff(&ctx); ffffffff8136752b: 48 89 df mov %rbx,%rdi ffffffff8136752e: e8 75 7e 00 00 callq ffffffff8136f3a8 ffffffff81367533: e9 e3 02 00 00 jmpq ffffffff8136781b goto out; if (crtc_req->mode_valid) { /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { if (!crtc->primary->fb) { ffffffff81367538: 49 8b 85 98 00 00 00 mov 0x98(%r13),%rax ffffffff8136753f: 48 8b 98 b0 00 00 00 mov 0xb0(%rax),%rbx ffffffff81367546: 48 85 db test %rbx,%rbx ffffffff81367549: 0f 84 19 01 00 00 je ffffffff81367668 * * This function increments the framebuffer's reference count. */ static inline void drm_framebuffer_get(struct drm_framebuffer *fb) { drm_mode_object_get(&fb->base); ffffffff8136754f: 48 8d 7b 18 lea 0x18(%rbx),%rdi ffffffff81367553: e8 45 de 00 00 callq ffffffff8137539d ffffffff81367558: 48 89 5d d0 mov %rbx,-0x30(%rbp) ffffffff8136755c: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff81367560: 48 8b 5d b0 mov -0x50(%rbp),%rbx ret = -ENOENT; goto out; } } mode = drm_mode_create(dev); ffffffff81367564: 48 89 df mov %rbx,%rdi ffffffff81367567: e8 1f 08 00 00 callq ffffffff81367d8b if (!mode) { ffffffff8136756c: 48 85 c0 test %rax,%rax ffffffff8136756f: 74 38 je ffffffff813675a9 ffffffff81367571: 48 89 c1 mov %rax,%rcx ret = -ENOMEM; goto out; } ret = drm_mode_convert_umode(mode, &crtc_req->mode); ffffffff81367574: 48 89 4d c0 mov %rcx,-0x40(%rbp) ffffffff81367578: 48 89 c7 mov %rax,%rdi ffffffff8136757b: 48 8b 75 a8 mov -0x58(%rbp),%rsi ffffffff8136757f: e8 27 1b 00 00 callq ffffffff813690ab ffffffff81367584: 41 89 c4 mov %eax,%r12d if (ret) { ffffffff81367587: 45 85 e4 test %r12d,%r12d ffffffff8136758a: 74 2c je ffffffff813675b8 DRM_DEBUG_KMS("Invalid mode\n"); ffffffff8136758c: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff81367593: 48 c7 c2 0c 7b 9b 81 mov $0xffffffff819b7b0c,%rdx ffffffff8136759a: 31 c0 xor %eax,%eax ffffffff8136759c: 6a 04 pushq $0x4 ffffffff8136759e: 5e pop %rsi ffffffff8136759f: e8 7e c5 ff ff callq ffffffff81363b22 ffffffff813675a4: e9 8d 02 00 00 jmpq ffffffff81367836 ffffffff813675a9: 31 c0 xor %eax,%eax ffffffff813675ab: 48 89 45 c0 mov %rax,-0x40(%rbp) ffffffff813675af: 6a f4 pushq $0xfffffffffffffff4 ffffffff813675b1: 41 5c pop %r12 ffffffff813675b3: e9 7e 02 00 00 jmpq ffffffff81367836 * Drivers not implementing the universal planes API use a * default formats list provided by the DRM core which doesn't * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ffffffff813675b8: 49 8b bd 98 00 00 00 mov 0x98(%r13),%rdi ffffffff813675bf: 80 bf a4 00 00 00 00 cmpb $0x0,0xa4(%rdi) ffffffff813675c6: 0f 84 cf 00 00 00 je ffffffff8136769b &format_name)); goto out; } } ret = drm_crtc_check_viewport(crtc, crtc_req->x, crtc_req->y, ffffffff813675cc: 41 8b 76 14 mov 0x14(%r14),%esi ffffffff813675d0: 41 8b 56 18 mov 0x18(%r14),%edx ffffffff813675d4: 4c 89 ef mov %r13,%rdi ffffffff813675d7: 48 8b 4d c0 mov -0x40(%rbp),%rcx ffffffff813675db: 4c 8b 45 d0 mov -0x30(%rbp),%r8 ffffffff813675df: e8 e2 fd ff ff callq ffffffff813673c6 ffffffff813675e4: 41 89 c4 mov %eax,%r12d mode, fb); if (ret) ffffffff813675e7: 45 85 e4 test %r12d,%r12d ffffffff813675ea: 0f 85 46 02 00 00 jne ffffffff81367836 goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff813675f0: 41 8b 4e 08 mov 0x8(%r14),%ecx ffffffff813675f4: 48 8b 45 c0 mov -0x40(%rbp),%rax ffffffff813675f8: 48 85 c0 test %rax,%rax ffffffff813675fb: 74 1e je ffffffff8136761b ffffffff813675fd: 85 c9 test %ecx,%ecx ffffffff813675ff: 75 1a jne ffffffff8136761b DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ffffffff81367601: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff81367608: 48 c7 c2 33 7b 9b 81 mov $0xffffffff819b7b33,%rdx ffffffff8136760f: 31 c0 xor %eax,%eax ffffffff81367611: 6a 04 pushq $0x4 ffffffff81367613: 5e pop %rsi ffffffff81367614: e8 09 c5 ff ff callq ffffffff81363b22 ffffffff81367619: eb 44 jmp ffffffff8136765f if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff8136761b: 48 85 c0 test %rax,%rax ffffffff8136761e: 0f 95 c0 setne %al DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0 && (!mode || !fb)) { ffffffff81367621: 48 83 7d d0 00 cmpq $0x0,-0x30(%rbp) ffffffff81367626: 0f 95 c2 setne %dl if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff81367629: 85 c9 test %ecx,%ecx DRM_DEBUG_KMS("Count connectors is 0 but mode set\n"); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0 && (!mode || !fb)) { ffffffff8136762b: 74 1e je ffffffff8136764b ffffffff8136762d: 20 d0 and %dl,%al ffffffff8136762f: 75 1a jne ffffffff8136764b DRM_DEBUG_KMS("Count connectors is %d but no mode or fb set\n", ffffffff81367631: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff81367638: 48 c7 c2 57 7b 9b 81 mov $0xffffffff819b7b57,%rdx ffffffff8136763f: 31 c0 xor %eax,%eax ffffffff81367641: 6a 04 pushq $0x4 ffffffff81367643: 5e pop %rsi ffffffff81367644: e8 d9 c4 ff ff callq ffffffff81363b22 ffffffff81367649: eb 14 jmp ffffffff8136765f if (ret) goto out; } if (crtc_req->count_connectors == 0 && mode) { ffffffff8136764b: 85 c9 test %ecx,%ecx crtc_req->count_connectors); ret = -EINVAL; goto out; } if (crtc_req->count_connectors > 0) { ffffffff8136764d: 74 3e je ffffffff8136768d u32 out_id; /* Avoid unbounded kernel memory allocation */ if (crtc_req->count_connectors > config->num_connector) { ffffffff8136764f: 48 8b 45 b0 mov -0x50(%rbp),%rax ffffffff81367653: 3b 88 10 04 00 00 cmp 0x410(%rax),%ecx ffffffff81367659: 0f 86 8d 00 00 00 jbe ffffffff813676ec ffffffff8136765f: 6a ea pushq $0xffffffffffffffea ffffffff81367661: 41 5c pop %r12 ffffffff81367663: e9 c7 01 00 00 jmpq ffffffff8136782f if (crtc_req->mode_valid) { /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { if (!crtc->primary->fb) { DRM_DEBUG_KMS("CRTC doesn't have current FB\n"); ffffffff81367668: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff8136766f: 48 c7 c2 dd 7a 9b 81 mov $0xffffffff819b7add,%rdx ffffffff81367676: 31 c0 xor %eax,%eax ffffffff81367678: 6a 04 pushq $0x4 ffffffff8136767a: 5e pop %rsi ffffffff8136767b: e8 a2 c4 ff ff callq ffffffff81363b22 ffffffff81367680: 6a ea pushq $0xffffffffffffffea ffffffff81367682: 41 5c pop %r12 ffffffff81367684: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff81367688: e9 a2 01 00 00 jmpq ffffffff8136782f ffffffff8136768d: 31 d2 xor %edx,%edx ffffffff8136768f: 48 8d b5 40 ff ff ff lea -0xc0(%rbp),%rsi ffffffff81367696: e9 36 01 00 00 jmpq ffffffff813677d1 * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ret = drm_plane_check_pixel_format(crtc->primary, fb->format->format); ffffffff8136769b: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff8136769f: 48 8b 40 38 mov 0x38(%rax),%rax ffffffff813676a3: 8b 30 mov (%rax),%esi * default formats list provided by the DRM core which doesn't * match real hardware capabilities. Skip the check in that * case. */ if (!crtc->primary->format_default) { ret = drm_plane_check_pixel_format(crtc->primary, ffffffff813676a5: e8 ee f3 00 00 callq ffffffff81376a98 ffffffff813676aa: 41 89 c4 mov %eax,%r12d fb->format->format); if (ret) { ffffffff813676ad: 45 85 e4 test %r12d,%r12d ffffffff813676b0: 0f 84 16 ff ff ff je ffffffff813675cc struct drm_format_name_buf format_name; DRM_DEBUG_KMS("Invalid pixel format %s\n", ffffffff813676b6: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff813676ba: 48 8b 40 38 mov 0x38(%rax),%rax ffffffff813676be: 8b 38 mov (%rax),%edi ffffffff813676c0: 48 8d b5 20 ff ff ff lea -0xe0(%rbp),%rsi ffffffff813676c7: e8 b4 03 00 00 callq ffffffff81367a80 ffffffff813676cc: 48 89 c1 mov %rax,%rcx ffffffff813676cf: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff813676d6: 48 c7 c2 1a 7b 9b 81 mov $0xffffffff819b7b1a,%rdx ffffffff813676dd: 31 c0 xor %eax,%eax ffffffff813676df: 6a 04 pushq $0x4 ffffffff813676e1: 5e pop %rsi ffffffff813676e2: e8 3b c4 ff ff callq ffffffff81363b22 ffffffff813676e7: e9 4a 01 00 00 jmpq ffffffff81367836 { if (size != 0 && n > SIZE_MAX / size) return NULL; if (__builtin_constant_p(n) && __builtin_constant_p(size)) return kmalloc(n * size, flags); return __kmalloc(n * size, flags); ffffffff813676ec: 48 c1 e1 03 shl $0x3,%rcx ffffffff813676f0: be c0 00 40 01 mov $0x14000c0,%esi ffffffff813676f5: 48 89 cf mov %rcx,%rdi ffffffff813676f8: e8 cc 78 dd ff callq ffffffff8113efc9 <__kmalloc> } connector_set = kmalloc_array(crtc_req->count_connectors, sizeof(struct drm_connector *), GFP_KERNEL); if (!connector_set) { ffffffff813676fd: 48 85 c0 test %rax,%rax ffffffff81367700: 48 8d b5 40 ff ff ff lea -0xc0(%rbp),%rsi ffffffff81367707: 0f 84 b2 00 00 00 je ffffffff813677bf ffffffff8136770d: 31 db xor %ebx,%ebx ffffffff8136770f: 48 89 c2 mov %rax,%rdx ffffffff81367712: 48 89 55 c8 mov %rdx,-0x38(%rbp) ffffffff81367716: eb 35 jmp ffffffff8136774d DRM_DEBUG_KMS("Connector id %d unknown\n", out_id); ret = -ENOENT; goto out; } DRM_DEBUG_KMS("[CONNECTOR:%d:%s]\n", ffffffff81367718: 41 8b 4d 28 mov 0x28(%r13),%ecx ffffffff8136771c: 4d 8b 45 48 mov 0x48(%r13),%r8 ffffffff81367720: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff81367727: 48 c7 c2 84 57 9b 81 mov $0xffffffff819b5784,%rdx ffffffff8136772e: 31 c0 xor %eax,%eax ffffffff81367730: 6a 04 pushq $0x4 ffffffff81367732: 5e pop %rsi ffffffff81367733: e8 ea c3 ff ff callq ffffffff81363b22 ffffffff81367738: 48 8b 45 c8 mov -0x38(%rbp),%rax connector->base.id, connector->name); connector_set[i] = connector; ffffffff8136773c: 4e 89 2c f8 mov %r13,(%rax,%r15,8) if (!connector_set) { ret = -ENOMEM; goto out; } for (i = 0; i < crtc_req->count_connectors; i++) { ffffffff81367740: ff c3 inc %ebx ffffffff81367742: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff81367746: 48 8d b5 40 ff ff ff lea -0xc0(%rbp),%rsi ffffffff8136774d: 41 8b 56 08 mov 0x8(%r14),%edx ffffffff81367751: 39 d3 cmp %edx,%ebx ffffffff81367753: 73 79 jae ffffffff813677ce connector_set[i] = NULL; ffffffff81367755: 4c 63 fb movslq %ebx,%r15 ffffffff81367758: 4a 83 24 f8 00 andq $0x0,(%rax,%r15,8) set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr; if (get_user(out_id, &set_connectors_ptr[i])) { ffffffff8136775d: 4a 8d 04 bd 00 00 00 lea 0x0(,%r15,4),%rax ffffffff81367764: 00 ffffffff81367765: 49 03 06 add (%r14),%rax ffffffff81367768: e8 83 26 f1 ff callq ffffffff81279df0 <__get_user_4> ffffffff8136776d: 49 89 d4 mov %rdx,%r12 ffffffff81367770: 85 c0 test %eax,%eax ffffffff81367772: 0f 85 99 00 00 00 jne ffffffff81367811 */ static inline struct drm_connector *drm_connector_lookup(struct drm_device *dev, uint32_t id) { struct drm_mode_object *mo; mo = drm_mode_object_find(dev, id, DRM_MODE_OBJECT_CONNECTOR); ffffffff81367778: ba c0 c0 c0 c0 mov $0xc0c0c0c0,%edx ffffffff8136777d: 48 8b 7d b0 mov -0x50(%rbp),%rdi ffffffff81367781: 44 89 e6 mov %r12d,%esi ffffffff81367784: e8 b1 db 00 00 callq ffffffff8137533a ffffffff81367789: 49 89 c5 mov %rax,%r13 return mo ? obj_to_connector(mo) : NULL; ffffffff8136778c: 4d 85 ed test %r13,%r13 ret = -EFAULT; goto out; } connector = drm_connector_lookup(dev, out_id); if (!connector) { ffffffff8136778f: 74 06 je ffffffff81367797 ffffffff81367791: 49 83 c5 d8 add $0xffffffffffffffd8,%r13 ffffffff81367795: 75 81 jne ffffffff81367718 DRM_DEBUG_KMS("Connector id %d unknown\n", ffffffff81367797: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff8136779e: 48 c7 c2 85 7b 9b 81 mov $0xffffffff819b7b85,%rdx ffffffff813677a5: 31 c0 xor %eax,%eax ffffffff813677a7: 6a 04 pushq $0x4 ffffffff813677a9: 5e pop %rsi ffffffff813677aa: 44 89 e1 mov %r12d,%ecx ffffffff813677ad: e8 70 c3 ff ff callq ffffffff81363b22 ffffffff813677b2: 6a fe pushq $0xfffffffffffffffe ffffffff813677b4: 41 5c pop %r12 ffffffff813677b6: 4c 8b 7d c8 mov -0x38(%rbp),%r15 ffffffff813677ba: e9 c5 fe ff ff jmpq ffffffff81367684 if (crtc_req->count_connectors > config->num_connector) { ret = -EINVAL; goto out; } connector_set = kmalloc_array(crtc_req->count_connectors, ffffffff813677bf: 49 89 c7 mov %rax,%r15 ffffffff813677c2: 6a f4 pushq $0xfffffffffffffff4 ffffffff813677c4: 41 5c pop %r12 ffffffff813677c6: 31 c0 xor %eax,%eax ffffffff813677c8: 48 89 45 c8 mov %rax,-0x38(%rbp) ffffffff813677cc: eb 61 jmp ffffffff8136782f ffffffff813677ce: 49 89 c7 mov %rax,%r15 connector_set[i] = connector; } } set.crtc = crtc; ffffffff813677d1: 4c 89 6d 80 mov %r13,-0x80(%rbp) set.x = crtc_req->x; ffffffff813677d5: 41 8b 4e 14 mov 0x14(%r14),%ecx ffffffff813677d9: 89 4d 90 mov %ecx,-0x70(%rbp) set.y = crtc_req->y; ffffffff813677dc: 41 8b 4e 18 mov 0x18(%r14),%ecx ffffffff813677e0: 89 4d 94 mov %ecx,-0x6c(%rbp) set.mode = mode; ffffffff813677e3: 48 8b 45 c0 mov -0x40(%rbp),%rax ffffffff813677e7: 48 89 45 88 mov %rax,-0x78(%rbp) set.connectors = connector_set; ffffffff813677eb: 4c 89 7d 98 mov %r15,-0x68(%rbp) set.num_connectors = crtc_req->count_connectors; ffffffff813677ef: 89 d0 mov %edx,%eax ffffffff813677f1: 48 89 45 a0 mov %rax,-0x60(%rbp) set.fb = fb; ffffffff813677f5: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff813677f9: 48 89 85 78 ff ff ff mov %rax,-0x88(%rbp) ret = __drm_mode_set_config_internal(&set, &ctx); ffffffff81367800: 48 8d bd 78 ff ff ff lea -0x88(%rbp),%rdi ffffffff81367807: e8 d6 fa ff ff callq ffffffff813672e2 <__drm_mode_set_config_internal> ffffffff8136780c: 41 89 c4 mov %eax,%r12d ffffffff8136780f: eb 1e jmp ffffffff8136782f ffffffff81367811: 6a f2 pushq $0xfffffffffffffff2 ffffffff81367813: 41 5c pop %r12 ffffffff81367815: 4c 8b 7d c8 mov -0x38(%rbp),%r15 ffffffff81367819: eb 14 jmp ffffffff8136782f DRM_DEBUG_KMS("[CRTC:%d:%s]\n", crtc->base.id, crtc->name); mutex_lock(&crtc->dev->mode_config.mutex); drm_modeset_acquire_init(&ctx, 0); retry: ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx); ffffffff8136781b: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff8136781f: 48 89 de mov %rbx,%rsi ffffffff81367822: e8 08 7b 00 00 callq ffffffff8136f32f ffffffff81367827: 41 89 c4 mov %eax,%r12d if (ret) ffffffff8136782a: 45 85 e4 test %r12d,%r12d ffffffff8136782d: 74 16 je ffffffff81367845 set.num_connectors = crtc_req->count_connectors; set.fb = fb; ret = __drm_mode_set_config_internal(&set, &ctx); out: if (fb) ffffffff8136782f: 48 83 7d d0 00 cmpq $0x0,-0x30(%rbp) ffffffff81367834: 74 6b je ffffffff813678a1 * This function decrements the framebuffer's reference count and frees the * framebuffer if the reference count drops to zero. */ static inline void drm_framebuffer_put(struct drm_framebuffer *fb) { drm_mode_object_put(&fb->base); ffffffff81367836: 48 8b 45 d0 mov -0x30(%rbp),%rax ffffffff8136783a: 48 8d 78 18 lea 0x18(%rax),%rdi ffffffff8136783e: e8 07 db 00 00 callq ffffffff8137534a ffffffff81367843: eb 62 jmp ffffffff813678a7 drm_modeset_acquire_init(&ctx, 0); retry: ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx); if (ret) goto out; if (crtc_req->mode_valid) { ffffffff81367845: 41 83 7e 20 00 cmpl $0x0,0x20(%r14) ffffffff8136784a: 0f 84 a0 fd ff ff je ffffffff813675f0 /* If we have a mode we need a framebuffer. */ /* If we pass -1, set the mode with the currently bound fb */ if (crtc_req->fb_id == -1) { ffffffff81367850: 41 8b 76 10 mov 0x10(%r14),%esi ffffffff81367854: 83 fe ff cmp $0xffffffff,%esi ffffffff81367857: 0f 84 db fc ff ff je ffffffff81367538 ffffffff8136785d: 48 8b 5d b0 mov -0x50(%rbp),%rbx } fb = crtc->primary->fb; /* Make refcounting symmetric with the lookup path. */ drm_framebuffer_get(fb); } else { fb = drm_framebuffer_lookup(dev, crtc_req->fb_id); ffffffff81367861: 48 89 df mov %rbx,%rdi ffffffff81367864: e8 64 b3 00 00 callq ffffffff81372bcd ffffffff81367869: 48 89 c1 mov %rax,%rcx if (!fb) { ffffffff8136786c: 48 89 4d d0 mov %rcx,-0x30(%rbp) ffffffff81367870: 48 85 c0 test %rax,%rax ffffffff81367873: 0f 85 eb fc ff ff jne ffffffff81367564 DRM_DEBUG_KMS("Unknown FB ID%d\n", ffffffff81367879: 41 8b 4e 10 mov 0x10(%r14),%ecx ffffffff8136787d: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff81367884: 48 c7 c2 fb 7a 9b 81 mov $0xffffffff819b7afb,%rdx ffffffff8136788b: 31 c0 xor %eax,%eax ffffffff8136788d: 6a 04 pushq $0x4 ffffffff8136788f: 5e pop %rsi ffffffff81367890: e8 8d c2 ff ff callq ffffffff81363b22 ffffffff81367895: 31 c0 xor %eax,%eax ffffffff81367897: 48 89 45 d0 mov %rax,-0x30(%rbp) ffffffff8136789b: 6a fe pushq $0xfffffffffffffffe ffffffff8136789d: 41 5c pop %r12 ffffffff8136789f: eb 06 jmp ffffffff813678a7 ffffffff813678a1: 31 c0 xor %eax,%eax ffffffff813678a3: 48 89 45 d0 mov %rax,-0x30(%rbp) out: if (fb) drm_framebuffer_put(fb); if (connector_set) { ffffffff813678a7: 4d 85 ff test %r15,%r15 ffffffff813678aa: 74 27 je ffffffff813678d3 ffffffff813678ac: 31 db xor %ebx,%ebx ffffffff813678ae: eb 17 jmp ffffffff813678c7 for (i = 0; i < crtc_req->count_connectors; i++) { if (connector_set[i]) ffffffff813678b0: 48 63 c3 movslq %ebx,%rax ffffffff813678b3: 49 8b 3c c7 mov (%r15,%rax,8),%rdi ffffffff813678b7: 48 85 ff test %rdi,%rdi ffffffff813678ba: 74 09 je ffffffff813678c5 * This function decrements the connector's reference count and frees the * object if the reference count drops to zero. */ static inline void drm_connector_put(struct drm_connector *connector) { drm_mode_object_put(&connector->base); ffffffff813678bc: 48 83 c7 28 add $0x28,%rdi ffffffff813678c0: e8 85 da 00 00 callq ffffffff8137534a out: if (fb) drm_framebuffer_put(fb); if (connector_set) { for (i = 0; i < crtc_req->count_connectors; i++) { ffffffff813678c5: ff c3 inc %ebx ffffffff813678c7: 41 3b 5e 08 cmp 0x8(%r14),%ebx ffffffff813678cb: 72 e3 jb ffffffff813678b0 ffffffff813678cd: 4c 8b 6d b8 mov -0x48(%rbp),%r13 ffffffff813678d1: eb 03 jmp ffffffff813678d6 ffffffff813678d3: 45 31 ff xor %r15d,%r15d if (connector_set[i]) drm_connector_put(connector_set[i]); } } kfree(connector_set); ffffffff813678d6: 48 8b 7d c8 mov -0x38(%rbp),%rdi ffffffff813678da: e8 af 78 dd ff callq ffffffff8113f18e drm_mode_destroy(dev, mode); ffffffff813678df: 48 8b 7d b0 mov -0x50(%rbp),%rdi ffffffff813678e3: 48 8b 75 c0 mov -0x40(%rbp),%rsi ffffffff813678e7: e8 ef 04 00 00 callq ffffffff81367ddb if (ret == -EDEADLK) { ffffffff813678ec: 41 83 fc dd cmp $0xffffffdd,%r12d ffffffff813678f0: 0f 84 2e fc ff ff je ffffffff81367524 ffffffff813678f6: 4c 8d b5 40 ff ff ff lea -0xc0(%rbp),%r14 drm_modeset_backoff(&ctx); goto retry; } drm_modeset_drop_locks(&ctx); ffffffff813678fd: 4c 89 f7 mov %r14,%rdi ffffffff81367900: e8 62 7b 00 00 callq ffffffff8136f467 drm_modeset_acquire_fini(&ctx); ffffffff81367905: 4c 89 f7 mov %r14,%rdi ffffffff81367908: e8 ad 7a 00 00 callq ffffffff8136f3ba mutex_unlock(&crtc->dev->mode_config.mutex); ffffffff8136790d: 49 8b 7d 00 mov 0x0(%r13),%rdi ffffffff81367911: 48 81 c7 b0 02 00 00 add $0x2b0,%rdi ffffffff81367918: e8 fb 37 2e 00 callq ffffffff8164b118 ffffffff8136791d: eb 20 jmp ffffffff8136793f if (crtc_req->x & 0xffff0000 || crtc_req->y & 0xffff0000) return -ERANGE; crtc = drm_crtc_find(dev, crtc_req->crtc_id); if (!crtc) { DRM_DEBUG_KMS("Unknown CRTC ID %d\n", crtc_req->crtc_id); ffffffff8136791f: 41 8b 4e 0c mov 0xc(%r14),%ecx ffffffff81367923: 6a 04 pushq $0x4 ffffffff81367925: 5e pop %rsi ffffffff81367926: 48 c7 c7 4d 82 95 81 mov $0xffffffff8195824d,%rdi ffffffff8136792d: 48 c7 c2 c9 7a 9b 81 mov $0xffffffff819b7ac9,%rdx ffffffff81367934: 31 c0 xor %eax,%eax ffffffff81367936: e8 e7 c1 ff ff callq ffffffff81363b22 ffffffff8136793b: 6a fe pushq $0xfffffffffffffffe ffffffff8136793d: 41 5c pop %r12 drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); mutex_unlock(&crtc->dev->mode_config.mutex); return ret; } ffffffff8136793f: 44 89 e0 mov %r12d,%eax ffffffff81367942: 48 81 c4 b8 00 00 00 add $0xb8,%rsp ffffffff81367949: 5b pop %rbx ffffffff8136794a: 41 5c pop %r12 ffffffff8136794c: 41 5d pop %r13 ffffffff8136794e: 41 5e pop %r14 ffffffff81367950: 41 5f pop %r15 ffffffff81367952: 5d pop %rbp ffffffff81367953: c3 retq ============================================================ Double fault with f05058c4d652: [ 3.798722] PANIC: double fault, error_code: 0x0 [ 3.807387] CPU: 1 PID: 605 Comm: frecon Not tainted 4.12.0-00023-g711d82c128ff #107 [ 3.816040] Hardware name: GOOGLE Squawks, BIOS Google_Squawks.5216.152.76 03/04/2016 [ 3.824792] task: ffff880075b92f00 task.stack: ffffc90000d6c000 [ 3.829599] EXT4-fs (mmcblk0p1): re-mounted. Opts: commit=600,data=ordered [ 3.839092] RIP: 0010:drm_mode_setcrtc+0x328/0x51f [ 3.844443] RSP: 0018:0000000000000000 EFLAGS: 00010206 [ 3.850280] RAX: 0000559e707c4d60 RBX: 0000000000000000 RCX: 0000000000000008 [ 3.858253] RDX: 0000000000000001 RSI: ffffc90000d6fcc8 RDI: ffffffff81367805 [ 3.866225] RBP: ffffc90000d6fd90 R08: 00000000014000c0 R09: 0000000000000308 [ 3.874199] R10: 0000000000000300 R11: 0000000000000556 R12: 0000000000000000 [ 3.882163] R13: ffff880077a25000 R14: ffffc90000d6fdd0 R15: 0000000000000000 [ 3.890136] FS: 00007fb2dbd62740(0000) GS:ffff88007ad00000(0000) knlGS:0000000000000000 [ 3.899177] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.905595] CR2: fffffffffffffff8 CR3: 000000007596b000 CR4: 00000000001006e0 [ 3.913568] Call Trace: [ 3.916296] Code: b8 48 8d b5 38 ff ff ff 41 8b 56 08 39 d3 0f 83 85 00 00 00 4c 63 fb 4a 83 24 f8 00 4a 8d 04 bd 00 00 00 00 49 03 06 48 8b 65 a8 73 26 f1 ff 49 89 d4 48 89 65 a8 85 c0 0f 85 a0 00 00 00 ba [ 3.937440] Kernel panic - not syncing: Machine halted. [ 3.943268] CPU: 1 PID: 605 Comm: frecon Not tainted 4.12.0-00023-g711d82c128ff #107 [ 3.951921] Hardware name: GOOGLE Squawks, BIOS Google_Squawks.5216.152.76 03/04/2016 [ 3.960671] Call Trace: [ 3.963398] <#DF> [ 3.965637] __dump_stack+0x19/0x1b [ 3.969531] dump_stack+0x42/0x60 [ 3.969541] PANIC: double fault, error_code: 0x0 [ 3.969545] CPU: 0 PID: 719 Comm: rsyslogd Not tainted 4.12.0-00023-g711d82c128ff #107 [ 3.969546] Hardware name: GOOGLE Squawks, BIOS Google_Squawks.5216.152.76 03/04/2016 [ 3.969548] task: ffff880075210000 task.stack: ffffc90000554000 [ 3.969554] RIP: 0010:SyS_setgroups+0x6b/0xd4 [ 3.969556] RSP: 0018:ffffffff8106360d EFLAGS: 00010297 [ 3.969558] RAX: 0000558afd6664e0 RBX: 0000000000000000 RCX: 0000000000000001 [ 3.969559] RDX: 000000000000000c RSI: 0000000000000000 RDI: ffffffff8106360d [ 3.969560] RBP: ffffc90000557f48 R08: ffffffffffffffea R09: ffffc90000557e50 [ 3.969562] R10: 00007fb4acc1d0d0 R11: ffff880075210000 R12: 0000558afd6664e0 [ 3.969563] R13: 00007fb4acdf9780 R14: fffffffffffffff2 R15: ffff880076d13f50 [ 3.969565] FS: 00007fb4acdf9780(0000) GS:ffff88007ac00000(0000) knlGS:0000000000000000 [ 3.969566] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.969568] CR2: ffffffff810635f8 CR3: 00000000751fb000 CR4: 00000000001006f0 [ 3.969569] Call Trace: [ 3.969571] Code: 5d c3 89 df e8 9c fd ff ff 49 89 c7 4d 85 ff 74 5b 41 8b 4f 04 31 f6 6a f2 41 5e 6a ea 41 58 eb 22 48 63 de 49 8d 04 9c 48 89 fc 7c 66 21 00 85 c0 75 41 83 fa ff 74 39 48 89 e7 41 89 54 9f [ 4.100376] panic+0xf0/0x23e [ 4.103688] df_debug+0x31/0x31 [ 4.107193] do_double_fault+0xd8/0xfb [ 4.111379] double_fault+0x22/0x30 [ 4.115274] RIP: 0010:drm_mode_setcrtc+0x328/0x51f [ 4.120624] RSP: 0018:0000000000000000 EFLAGS: 00010206 [ 4.126451] RAX: 0000559e707c4d60 RBX: 0000000000000000 RCX: 0000000000000008 [ 4.134424] RDX: 0000000000000001 RSI: ffffc90000d6fcc8 RDI: ffffffff81367805 [ 4.142397] RBP: ffffc90000d6fd90 R08: 00000000014000c0 R09: 0000000000000308 [ 4.150369] R10: 0000000000000300 R11: 0000000000000556 R12: 0000000000000000 [ 4.158341] R13: ffff880077a25000 R14: ffffc90000d6fdd0 R15: 0000000000000000 [ 4.166316] ? drm_mode_setcrtc+0x2b5/0x51f [ 4.170988] WARNING: kernel stack regs at ffff88007ad05f58 in frecon:605 has bad 'bp' value ffffc90000d6fd90 [ 4.170990] unwind stack type:0 next_sp: (null) mask:0x10 graph_idx:0 [ 4.170993] ffff88007ad05d40: ffff88007ad05e20 (0xffff88007ad05e20) [ 4.170995] ffff88007ad05d48: ffffffff810184b0 (show_trace_log_lvl+0x163/0x23a) [ 4.170996] ffff88007ad05d50: 0000000000000000 ... [ 4.170998] ffff88007ad05d58: ffff88007ad05000 (0xffff88007ad05000) [ 4.170999] ffff88007ad05d60: ffff88007ad06000 (0xffff88007ad06000) [ 4.171000] ffff88007ad05d68: 0000000000000000 ... [ 4.171001] ffff88007ad05d70: 0000000000000010 (0x10) [ 4.171003] ffff88007ad05d78: ffff880075b92f00 (0xffff880075b92f00) [ 4.171004] ffff88007ad05d80: 0000010100000000 (0x10100000000) [ 4.171005] ffff88007ad05d88: 0000000000000000 ... [ 4.171006] ffff88007ad05d90: ffff88007ad05d40 (0xffff88007ad05d40) [ 4.171008] ffff88007ad05d98: ffff88007ad05f58 (0xffff88007ad05f58) [ 4.171010] ffff88007ad05da0: ffffffff81367878 (drm_mode_setcrtc+0x328/0x51f) [ 4.171011] ffff88007ad05da8: 0000000000000004 (0x4) [ 4.171013] ffff88007ad05db0: ffff88007ad05000 (0xffff88007ad05000) [ 4.171014] ffff88007ad05db8: ffff88007ad06000 (0xffff88007ad06000) [ 4.171015] ffff88007ad05dc0: 0000000000000000 ... [ 4.171016] ffff88007ad05dc8: 0000000000000010 (0x10) [ 4.171018] ffff88007ad05dd0: ffff88007ad05f58 (0xffff88007ad05f58) [ 4.171019] ffff88007ad05dd8: ffff880075b92f00 (0xffff880075b92f00) [ 4.171020] ffff88007ad05de0: ffffffff8195ba29 (0xffffffff8195ba29) [ 4.171022] ffff88007ad05de8: 0000000081e70fc0 (0x81e70fc0) [ 4.171023] ffff88007ad05df0: ffffffff8195b9f9 (0xffffffff8195b9f9) [ 4.171024] ffff88007ad05df8: 0000000000000086 (0x86) [ 4.171025] ffff88007ad05e00: 0000000000000000 ... [ 4.171027] ffff88007ad05e08: ffff880077a25000 (0xffff880077a25000) [ 4.171028] ffff88007ad05e10: ffff88007ad05f00 (0xffff88007ad05f00) [ 4.171029] ffff88007ad05e18: ffff880075b92f00 (0xffff880075b92f00) [ 4.171031] ffff88007ad05e20: ffff88007ad05e30 (0xffff88007ad05e30) [ 4.171033] ffff88007ad05e28: ffffffff81018647 (show_stack+0x45/0x47) [ 4.171034] ffff88007ad05e30: ffff88007ad05e40 (0xffff88007ad05e40) [ 4.171038] ffff88007ad05e38: ffffffff8126f18f (__dump_stack+0x19/0x1b) [ 4.171039] ffff88007ad05e40: ffff88007ad05e70 (0xffff88007ad05e70) [ 4.171042] ffff88007ad05e48: ffffffff8126f158 (dump_stack+0x42/0x60) [ 4.171043] ffff88007ad05e50: 0000000000000086 (0x86) [ 4.171044] ffff88007ad05e58: 0000000000000000 ... [ 4.171045] ffff88007ad05e60: 0000000200000000 (0x200000000) [ 4.171046] ffff88007ad05e68: ffffffff819641ff (0xffffffff819641ff) [ 4.171048] ffff88007ad05e70: ffff88007ad05f08 (0xffff88007ad05f08) [ 4.171050] ffff88007ad05e78: ffffffff81047bea (panic+0xf0/0x23e) [ 4.171051] ffff88007ad05e80: ffff88007ad05e90 (0xffff88007ad05e90) [ 4.171052] ffff88007ad05e88: 000000007596b000 (0x7596b000) [ 4.171054] ffff88007ad05e90: 00000000001006e0 (0x1006e0) [ 4.171055] ffff88007ad05e98: 0000000000000002 (0x2) [ 4.171056] ffff88007ad05ea0: 0000000000000000 ... [ 4.171057] ffff88007ad05ea8: ffffffff81c42180 (0xffffffff81c42180) [ 4.171058] ffff88007ad05eb0: 0000000200000000 (0x200000000) [ 4.171060] ffff88007ad05eb8: 00000000ffff0a30 (0xffff0a30) [ 4.171061] ffff88007ad05ec0: 0000003000000008 (0x3000000008) [ 4.171062] ffff88007ad05ec8: ffff88007ad05f18 (0xffff88007ad05f18) [ 4.171064] ffff88007ad05ed0: ffff88007ad05e90 (0xffff88007ad05e90) [ 4.171065] ffff88007ad05ed8: ba00000000000024 (0xba00000000000024) [ 4.171066] ffff88007ad05ee0: ffff88007ad05f58 (0xffff88007ad05f58) [ 4.171067] ffff88007ad05ee8: 0000000000000000 ... [ 4.171069] ffff88007ad05ef0: ffff880077a25000 (0xffff880077a25000) [ 4.171070] ffff88007ad05ef8: ffff88007ad05f58 (0xffff88007ad05f58) [ 4.171071] ffff88007ad05f00: ffff880075b92f00 (0xffff880075b92f00) [ 4.171073] ffff88007ad05f08: ffff88007ad05f20 (0xffff88007ad05f20) [ 4.171075] ffff88007ad05f10: ffffffff81037185 (df_debug+0x31/0x31) [ 4.171075] ffff88007ad05f18: 0000000000000000 ... [ 4.171077] ffff88007ad05f20: ffff88007ad05f48 (0xffff88007ad05f48) [ 4.171079] ffff88007ad05f28: ffffffff81016626 (do_double_fault+0xd8/0xfb) [ 4.171080] ffff88007ad05f30: 0000000000000001 (0x1) [ 4.171082] ffff88007ad05f38: ffffc90000d6fdd0 (0xffffc90000d6fdd0) [ 4.171082] ffff88007ad05f40: 0000000000000000 ... [ 4.171084] ffff88007ad05f48: ffff88007ad05f59 (0xffff88007ad05f59) [ 4.171086] ffff88007ad05f50: ffffffff8164df72 (double_fault+0x22/0x30) [ 4.171087] ffff88007ad05f58: 0000000000000000 ... [ 4.171088] ffff88007ad05f60: ffffc90000d6fdd0 (0xffffc90000d6fdd0) [ 4.171090] ffff88007ad05f68: ffff880077a25000 (0xffff880077a25000) [ 4.171091] ffff88007ad05f70: 0000000000000000 ... [ 4.171092] ffff88007ad05f78: ffffc90000d6fd90 (0xffffc90000d6fd90) [ 4.171093] ffff88007ad05f80: 0000000000000000 ... [ 4.171094] ffff88007ad05f88: 0000000000000556 (0x556) [ 4.171095] ffff88007ad05f90: 0000000000000300 (0x300) [ 4.171096] ffff88007ad05f98: 0000000000000308 (0x308) [ 4.171098] ffff88007ad05fa0: 00000000014000c0 (0x14000c0) [ 4.171099] ffff88007ad05fa8: 0000559e707c4d60 (0x559e707c4d60) [ 4.171100] ffff88007ad05fb0: 0000000000000008 (0x8) [ 4.171101] ffff88007ad05fb8: 0000000000000001 (0x1) [ 4.171103] ffff88007ad05fc0: ffffc90000d6fcc8 (0xffffc90000d6fcc8) [ 4.171105] ffff88007ad05fc8: ffffffff81367805 (drm_mode_setcrtc+0x2b5/0x51f) [ 4.171107] ffff88007ad05fd0: ffffffffffffffff (0xffffffffffffffff) [ 4.171109] ffff88007ad05fd8: ffffffff81367878 (drm_mode_setcrtc+0x328/0x51f) [ 4.171110] ffff88007ad05fe0: 0000000000000010 (0x10) [ 4.171111] ffff88007ad05fe8: 0000000000010206 (0x10206) [ 4.171112] ffff88007ad05ff0: 0000000000000000 ... [ 4.171114] ffff88007ad05ff8: 0000000000000018 (0x18) [ 4.171115] [ 5.819749] Shutting down cpus with NMI [ 5.824035] Kernel Offset: disabled [ 5.827930] ACPI MEMORY or I/O RESET_REG.