AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-06 09:29:47 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
05c41f926f
linux_dsm_epyc7002/drivers/gpu/drm
History
Andrey Ryabinin 05c41f926f drm/i915: fix use-after-free in page_flip_completed() 
page_flip_completed() dereferences 'work' variable after executing
queue_work(). This is not safe as the 'work' item might be already freed
by queued work:

    BUG: KASAN: use-after-free in page_flip_completed+0x3ff/0x490 at addr ffff8803dc010f90
    Call Trace:
     __asan_report_load8_noabort+0x59/0x80
     page_flip_completed+0x3ff/0x490
     intel_finish_page_flip_mmio+0xe3/0x130
     intel_pipe_handle_vblank+0x2d/0x40
     gen8_irq_handler+0x4a7/0xed0
     __handle_irq_event_percpu+0xf6/0x860
     handle_irq_event_percpu+0x6b/0x160
     handle_irq_event+0xc7/0x1b0
     handle_edge_irq+0x1f4/0xa50
     handle_irq+0x41/0x70
     do_IRQ+0x9a/0x200
     common_interrupt+0x89/0x89

    Freed:
     kfree+0x113/0x4d0
     intel_unpin_work_fn+0x29a/0x3b0
     process_one_work+0x79e/0x1b70
     worker_thread+0x611/0x1460
     kthread+0x241/0x3a0
     ret_from_fork+0x27/0x40

Move queue_work() after	trace_i915_flip_complete() to fix this.

Fixes: e5510fac98 ("drm/i915: add tracepoints for flip requests & completions")
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: <stable@vger.kernel.org> # v2.6.36+
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20170126143211.24013-1-aryabinin@virtuozzo.com
2017-01-27 15:10:14 +01:00
..
amd Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
arc drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
arm drm: Nuke fb->pixel_format 2016-12-15 14:55:34 +02:00
armada Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
ast Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
atmel-hlcdc drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
bochs drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
bridge drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
cirrus drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
etnaviv Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
exynos Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
fsl-dcu drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
gma500 Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
hisilicon drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
i2c drm/i2c: tda998x: fix spelling mistake 2016-11-18 00:00:40 +00:00
i810
i915 drm/i915: fix use-after-free in page_flip_completed() 2017-01-27 15:10:14 +01:00
imx drm/imx: imx-tve: Remove unused variable 2017-01-05 09:44:20 +01:00
lib drm: Add a simple generator of random permutations 2016-12-27 12:34:00 +01:00
mediatek drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
meson drm: Nuke fb->pixel_format 2016-12-15 14:55:34 +02:00
mga drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
mgag200 drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
msm Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
mxsfb drm: Nuke fb->pixel_format 2016-12-15 14:55:34 +02:00
nouveau Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
omapdrm Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
panel drm/panel: simple: Add support for AUO G185HAN01 2016-12-06 17:06:32 +01:00
qxl drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
r128
radeon Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
rcar-du drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
rockchip drm: rockchip: use crtc helper drm_crtc_from_index() 2016-12-30 12:15:11 +01:00
savage drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
selftests drm/mm: Convert to drm_printer 2016-12-30 12:08:28 +01:00
shmobile drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
sis drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
sti drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
sun4i drm: bridge: Link encoder and bridge in core code 2016-12-18 16:31:45 +05:30
tdfx
tegra Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
tilcdc Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
ttm Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
udl Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
vc4 drm: Don't include <drm/drm_encoder.h> in <drm/drm_crtc.h> 2016-12-18 16:29:29 +05:30
vgem mm: use vmf->address instead of of vmf->virtual_address 2016-12-14 16:04:09 -08:00
via drm: Change the return type of the unload hook to void 2017-01-09 11:25:22 +01:00
virtio Merge tag 'drm-misc-next-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-next 2017-01-10 08:06:56 +10:00
vmwgfx drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
zte drm: zte: use crtc helper drm_crtc_from_index() 2016-12-30 12:15:01 +01:00
ati_pcigart.c
drm_agpsupport.c
drm_atomic_helper.c drm: reference count event->completion 2017-01-04 11:03:06 +01:00
drm_atomic.c drm: Add kernel-doc for drm_crtc_commit_get/put 2017-01-05 08:55:02 +01:00
drm_auth.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_blend.c
drm_bridge.c drm/bridge: Use recommened kerneldoc for struct member refs 2017-01-02 09:17:26 +01:00
drm_bufs.c
drm_cache.c
drm_color_mgmt.c drm/color: un-inline drm_color_lut_extract() 2017-01-27 12:33:30 +02:00
drm_connector.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_context.c
drm_crtc_helper_internal.h
drm_crtc_helper.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_crtc_internal.h drm: Move atomic debugfs functions into drm_crtc_internal.h 2016-12-18 14:18:12 +01:00
drm_crtc.c drm: add more document for drm_crtc_from_index() 2017-01-09 11:24:16 +01:00
drm_debugfs_crc.c drm: crc: Call wake_up_interruptible() each time there is a new CRC entry 2017-01-06 15:23:19 +01:00
drm_debugfs.c drm: Move atomic debugfs functions into drm_crtc_internal.h 2016-12-18 14:18:12 +01:00
drm_dma.c
drm_dp_aux_dev.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c
drm_dp_mst_topology.c
drm_drv.c drm: Avoid NULL dereference of drm_device.dev 2016-12-30 15:29:44 +01:00
drm_dumb_buffers.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_edid_load.c
drm_edid.c drm/edid: constify edid quirk list 2017-01-02 15:06:39 +02:00
drm_encoder_slave.c
drm_encoder.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_fb_cma_helper.c drm/cma-helpers: Use recommened kerneldoc for struct member refs 2016-12-30 17:58:15 +01:00
drm_fb_helper.c drm: remove useless parameters from drm_pick_cmdline_mode function 2017-01-09 11:18:41 +01:00
drm_flip_work.c
drm_fops.c drm: reference count event->completion 2017-01-04 11:03:06 +01:00
drm_fourcc.c drm: move allocation out of drm_get_format_name() 2016-11-12 14:19:38 +01:00
drm_framebuffer.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_gem_cma_helper.c drm: allow to use mmuless SoC 2017-01-06 11:04:54 +01:00
drm_gem.c
drm_global.c drm: Update TTM initialization documentation 2016-12-30 12:52:10 +01:00
drm_hashtab.c
drm_info.c
drm_internal.h drm/irq: drm_legacy_ prefix for legacy ioctls 2016-12-18 14:18:12 +01:00
drm_ioc32.c
drm_ioctl.c drm: Export drm_ioctl_permit to kernel-doc 2016-12-30 12:40:48 +01:00
drm_irq.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_kms_helper_common.c
drm_legacy.h drm: compile drm_vm.c only when needed 2017-01-06 11:03:07 +01:00
drm_lock.c drm: Avoid NULL dereference for DRM_LEGACY debug message 2016-11-28 08:39:41 +01:00
drm_memory.c
drm_mipi_dsi.c
drm_mm.c drm/mm: Some doc polish 2016-12-30 12:53:51 +01:00
drm_mode_config.c drm: Clean up connectors by unreferencing them 2016-12-18 14:33:51 +01:00
drm_mode_object.c drm: Get atomic property value even if DRIVER_ATOMIC is not set 2016-12-27 10:44:33 +01:00
drm_modes.c Revert "drm: Add aspect ratio parsing in DRM layer" 2016-11-15 15:01:42 +01:00
drm_modeset_helper.c drm: Convert all helpers to drm_connector_list_iter 2016-12-18 14:33:22 +01:00
drm_modeset_lock.c drm/doc: Fix indenting in drm_modeset_lock.c comment 2016-11-29 23:34:36 +01:00
drm_of.c drm: Don't include <drm/drm_encoder.h> in <drm/drm_crtc.h> 2016-12-18 16:29:29 +05:30
drm_panel.c
drm_pci.c drm: Deduplicate driver initialization message 2016-12-30 12:37:39 +01:00
drm_plane_helper.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_plane.c drm: add more document for drm_crtc_from_index() 2017-01-09 11:24:16 +01:00
drm_platform.c drm: Deduplicate driver initialization message 2016-12-30 12:37:39 +01:00
drm_prime.c drm: Take ownership of the dmabuf->obj when exporting 2016-12-08 10:29:22 +01:00
drm_print.c drm/printer: add debug printer 2016-12-30 11:43:40 +01:00
drm_probe_helper.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_property.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_rect.c drm/rect: Fix formatting of example code 2016-12-30 13:35:54 +01:00
drm_scatter.c
drm_simple_kms_helper.c drm/doc: use preferred struct reference in kernel-doc 2016-12-30 13:34:59 +01:00
drm_sysfs.c
drm_trace_points.c
drm_trace.h
drm_vm.c mm: use vmf->address instead of of vmf->virtual_address 2016-12-14 16:04:09 -08:00
drm_vma_manager.c
Kconfig drm: fix compilations issues introduced by "drm: allow to use mmuless SoC" 2017-01-09 11:30:30 +01:00
Makefile drm: compile drm_vm.c only when needed 2017-01-06 11:03:07 +01:00