AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-28 11:18:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
f0adbc382b
linux_dsm_epyc7002/drivers
History
Thomas Zimmermann f0adbc382b drm/ast: Allocate initial CRTC state of the correct size 
The ast driver inherits from DRM's CRTC state, but still uses the atomic
helper for struct drm_crtc_funcs.reset, drm_atomic_helper_crtc_reset().

The helper only allocates enough memory for the core CRTC state. That
results in an out-ouf-bounds access when duplicating the initial CRTC
state. Simplified backtrace shown below:

[   21.469321] ==================================================================
[   21.469434] BUG: KASAN: slab-out-of-bounds in ast_crtc_atomic_duplicate_state+0x84/0x100 [ast]
[   21.469445] Read of size 8 at addr ffff888036c1c5f8 by task systemd-udevd/382
[   21.469451]
[   21.469464] CPU: 2 PID: 382 Comm: systemd-udevd Tainted: G            E     5.5.0-rc6-1-default+ #214
[   21.469473] Hardware name: Sun Microsystems SUN FIRE X2270 M2/SUN FIRE X2270 M2, BIOS 2.05    07/01/2010
[   21.469480] Call Trace:
[   21.469501]  dump_stack+0xb8/0x110
[   21.469528]  print_address_description.constprop.0+0x1b/0x1e0
[   21.469557]  ? ast_crtc_atomic_duplicate_state+0x84/0x100 [ast]
[   21.469581]  ? ast_crtc_atomic_duplicate_state+0x84/0x100 [ast]
[   21.469597]  __kasan_report.cold+0x1a/0x35
[   21.469640]  ? ast_crtc_atomic_duplicate_state+0x84/0x100 [ast]
[   21.469665]  kasan_report+0xe/0x20
[   21.469693]  ast_crtc_atomic_duplicate_state+0x84/0x100 [ast]
[   21.469733]  drm_atomic_get_crtc_state+0xbf/0x1c0
[   21.469768]  __drm_atomic_helper_set_config+0x81/0x5a0
[   21.469803]  ? drm_atomic_plane_check+0x690/0x690
[   21.469843]  ? drm_client_rotation+0xae/0x240
[   21.469876]  drm_client_modeset_commit_atomic+0x230/0x390
[   21.469888]  ? __mutex_lock+0x8f0/0xbe0
[   21.469929]  ? drm_client_firmware_config.isra.0+0xa60/0xa60
[   21.469948]  ? drm_client_modeset_commit_force+0x28/0x230
[   21.470031]  ? memset+0x20/0x40
[   21.470078]  drm_client_modeset_commit_force+0x90/0x230
[   21.470110]  drm_fb_helper_restore_fbdev_mode_unlocked+0x5f/0xc0
[   21.470132]  drm_fb_helper_set_par+0x59/0x70
[   21.470155]  fbcon_init+0x61d/0xad0
[   21.470185]  ? drm_fb_helper_restore_fbdev_mode_unlocked+0xc0/0xc0
[   21.470232]  visual_init+0x187/0x240
[   21.470266]  do_bind_con_driver+0x2e3/0x460
[   21.470321]  do_take_over_console+0x20a/0x290
[   21.470371]  do_fbcon_takeover+0x85/0x100
[   21.470402]  register_framebuffer+0x2fd/0x490
[   21.470425]  ? kzalloc.constprop.0+0x10/0x10
[   21.470503]  __drm_fb_helper_initial_config_and_unlock+0xf2/0x140
[   21.470533]  drm_fbdev_client_hotplug+0x162/0x250
[   21.470563]  drm_fbdev_generic_setup+0xd2/0x155
[   21.470602]  ast_driver_load+0x688/0x850 [ast]
<...>
[   21.472625] ==================================================================

Allocating enough memory for struct ast_crtc_state in a custom ast CRTC
reset handler fixes the problem.

v2:
	* implement according to drm_atomic_helper_crtc_reset()
	* update state with __drm_atomic_helper_crtc_reset()

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 83be6a3ceb ("drm/ast: Introduce struct ast_crtc_state")
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: "Noralf Trønnes" <noralf@tronnes.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200130094012.32140-1-tzimmermann@suse.de
2020-04-20 15:48:23 +02:00
..
accessibility
acpi More ACPI updates for 5.7-rc1 2020-04-10 09:52:15 -07:00
amba Revert "amba: Initialize dma_parms for amba devices" 2020-04-01 08:03:28 +02:00
android
ata ahci: Add Intel Comet Lake PCH RAID PCI ID 2020-04-09 09:31:38 -06:00
atm .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
auxdisplay
base mm/memory_hotplug: allow to specify a default online_type 2020-04-07 10:43:41 -07:00
bcma
block xen: branch for v5.7-rc1b 2020-04-10 17:20:06 -07:00
bluetooth
bus ARM: driver updates 2020-04-03 15:05:35 -07:00
cdrom
char Merge branch 'akpm' (patches from Andrew) 2020-04-10 17:57:48 -07:00
clk There's not much to see in the core framework this time around. Instead the 2020-04-05 10:43:32 -07:00
clocksource clocksource/drivers/timer-vf-pit: Add missing parenthesis 2020-04-05 09:24:58 +02:00
connector
counter
cpufreq Additional power management updates for 5.7-rc1 2020-04-06 10:14:39 -07:00
cpuidle Merge branch 'pm-cpuidle' 2020-04-10 11:32:22 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2020-04-08 21:35:29 -07:00
dax dax: Move mandatory ->zero_page_range() check in alloc_dax() 2020-04-02 19:15:03 -07:00
dca
devfreq PM / devfreq: Fix handling dev_pm_qos_remove_request result 2020-03-25 08:35:03 +09:00
dio
dma drivers/dma/tegra20-apb-dma.c: fix platform_get_irq.cocci warnings 2020-04-10 15:36:22 -07:00
dma-buf Merge drm/drm-next into drm-misc-next 2020-04-17 08:12:22 +02:00
edac Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
eisa .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
extcon Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
firewire
firmware sound fixes for 5.7-rc1 2020-04-10 12:27:06 -07:00
fpga
fsi
gnss
gpio This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
gpu drm/ast: Allocate initial CRTC state of the correct size 2020-04-20 15:48:23 +02:00
greybus
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2020-04-01 15:18:42 -07:00
hsi
hv hv_balloon: don't check for memhp_auto_online manually 2020-04-07 10:43:40 -07:00
hwmon change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
hwspinlock hwspinlock: hwspinlock_internal.h: Replace zero-length array with flexible-array member 2020-03-25 22:30:46 -07:00
hwtracing intel_th: msu: Make stopping the trace optional 2020-03-24 13:45:24 +01:00
i2c Merge branch 'i2c/for-5.7' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2020-04-02 15:54:13 -07:00
i3c i3c: convert to use i2c_new_client_device() 2020-03-29 10:35:50 +02:00
ide drivers/ide: Fix build regression. 2020-04-04 18:07:59 -07:00
idle Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
iio chrome platform changes for 5.7 2020-04-08 21:25:49 -07:00
infiniband RDMA 5.7 pull request 2020-04-01 18:18:18 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2020-04-07 20:20:12 -07:00
interconnect
iommu Merge branches 'iommu/fixes', 'arm/qcom', 'arm/omap', 'arm/smmu', 'x86/amd', 'x86/vt-d', 'virtio' and 'core' into next 2020-03-27 11:33:27 +01:00
ipack
irqchip Two reverts addressing regressions of the Xilinx interrupt controller 2020-04-05 11:57:12 -07:00
isdn
leds leds: core: Fix warning message when init_data 2020-04-06 23:12:08 +02:00
lightnvm for-5.7/drivers-2020-03-29 2020-03-30 11:43:51 -07:00
macintosh Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
mailbox
mcb
md libnvdimm for 5.7 2020-04-08 21:03:40 -07:00
media Power management updates for 5.7-rc1 2020-03-30 15:05:01 -07:00
memory ARM: driver updates 2020-04-03 15:05:35 -07:00
memstick
message scsi: message: fusion: Replace zero-length array with flexible-array member 2020-03-26 22:40:47 -04:00
mfd mfd: intel-lpss: Fix Intel Elkhart Lake LPSS I2C input clock 2020-03-30 07:35:28 +01:00
misc virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
mmc MMC core: 2020-03-31 16:13:09 -07:00
most staging: most: move core files out of the staging area 2020-03-24 13:42:44 +01:00
mtd This pull request contains fixes for UBI and UBIFS: 2020-04-07 12:40:56 -07:00
mux
net virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-03-25 18:58:11 -07:00
ntb pci-v5.7-changes 2020-04-03 14:25:02 -07:00
nubus
nvdimm libnvdimm for 5.7 2020-04-08 21:03:40 -07:00
nvme block-5.7-2020-04-10 2020-04-10 10:06:54 -07:00
nvmem nvmem: core: remove nvmem_sysfs_get_groups() 2020-03-25 19:23:49 +01:00
of Devicetree updates for v5.7: 2020-04-02 17:32:52 -07:00
opp
oprofile
parisc parisc: Replace setup_irq() by request_irq() 2020-04-05 22:05:23 +02:00
parport
pci IOMMU Updates for Linux v5.7 2020-04-08 11:00:00 -07:00
pcmcia pcmcia: remove some unused space characters 2020-03-31 18:48:22 +02:00
perf arm64 updates for 5.7: 2020-03-31 10:05:01 -07:00
phy pci-v5.7-changes 2020-04-03 14:25:02 -07:00
pinctrl This is the bulk of GPIO development for the v5.7 kernel cycle. 2020-04-04 10:27:00 -07:00
platform change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
pnp
power change email address for Pali Rohár 2020-04-10 15:36:22 -07:00
powercap Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2020-03-30 16:40:08 -07:00
pps
ps3 powerpc/ps3: Remove an unneeded NULL check 2020-04-03 00:09:59 +11:00
ptp ptp: Avoid deadlocks in the programmable pin code. 2020-03-30 11:16:38 -07:00
pwm pwm: pca9685: Fix PWM/GPIO inter-operation 2020-04-03 21:41:42 +02:00
rapidio
ras
regulator spi/regulator: Updates for v5.7 2020-03-30 14:58:26 -07:00
remoteproc remoteproc/omap: Fix set_load call in omap_rproc_request_timer 2020-04-03 10:47:21 -07:00
reset
rpmsg
rtc - New Drivers 2020-04-07 19:48:52 -07:00
s390 SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
sbus
scsi SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
sfi
sh
siox
slimbus
soc RISC-V Patches for the 5.7 Merge Window, Part 1 2020-04-09 10:51:30 -07:00
soundwire Char/Misc driver patches for 5.7-rc1 2020-04-03 13:22:40 -07:00
spi sound updates for 5.7-rc1 2020-04-02 15:50:04 -07:00
spmi
ssb
staging mm/vma: introduce VM_ACCESS_FLAGS 2020-04-10 15:36:21 -07:00
target SCSI misc on 20200410 2020-04-10 12:21:11 -07:00
tc
tee ARM: driver updates 2020-04-03 15:05:35 -07:00
thermal - Convert tsens configuration DT binding to yaml (Rajeshwari) 2020-04-07 20:00:16 -07:00
thunderbolt
tty powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
uio
usb SCSI misc on 20200402 2020-04-02 17:03:53 -07:00
vdpa vdpa: move to drivers/vdpa 2020-04-02 10:41:40 -04:00
vfio vfio: Ignore -ENODEV when getting MSI cookie 2020-04-01 13:51:51 -06:00
vhost vhost: introduce vDPA-based backend 2020-04-02 10:41:40 -04:00
video video: fbdev: vesafb: add missed release_region 2020-04-17 15:50:14 +02:00
virt
virtio virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
visorbus
vlynq
vme
w1
watchdog watchdog: Add K3 RTI watchdog support 2020-04-01 11:35:23 +02:00
xen xen: branch for v5.7-rc1b 2020-04-10 17:20:06 -07:00
zorro SPDX patches for 5.7-rc1. 2020-04-03 13:12:26 -07:00
Kconfig virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00
Makefile virtio: fixes, vdpa 2020-04-08 10:51:53 -07:00