kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   7cd9827a1de31186648669c62a798c6a1c8fe94d
  2.   patches.suse
  3.   0455-drm-i915-display-Fix-NULL-crtc-deref-in-calc_min_cdc.patch
Blob Blame History Raw 
From 273ca8fdc49fad1994556ba17a7db83d37721fbe Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@chris-wilson.co.uk>
Date: Mon, 3 Feb 2020 13:38:24 +0000
Subject: drm/i915/display: Fix NULL-crtc deref in calc_min_cdclk()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Git-commit: def85091f228e29c6472076fbd6e3a57ece124a9
Patch-mainline: v5.7-rc1
References: jsc#SLE-12680, jsc#SLE-12880, jsc#SLE-12882, jsc#SLE-12883, jsc#SLE-13496, jsc#SLE-15322

[   23.419442] BUG: KASAN: null-ptr-deref in intel_plane_calc_min_cdclk+0x82/0x440 [i915]
[   23.419527] Read of size 4 at addr 00000000000000f8 by task insmod/735
[   23.419578]
[   23.419644] CPU: 2 PID: 735 Comm: insmod Not tainted 5.5.0+ #114
[   23.419716] Hardware name: ��������������������������������� ���������������������������������/���������������������������������, BIOS RYBDWi35.86A.0246.2
[   23.419793] Call Trace:
[   23.419864]  dump_stack+0xef/0x16e
[   23.419927]  __kasan_report.cold+0x60/0x90
[   23.420157]  ? intel_plane_calc_min_cdclk+0x82/0x440 [i915]
[   23.420397]  intel_plane_calc_min_cdclk+0x82/0x440 [i915]
[   23.420630]  intel_atomic_check+0x455f/0x65a0 [i915]
[   23.420708]  ? mark_held_locks+0x90/0x90
[   23.420929]  ? intel_crtc_duplicate_state+0x2e/0x1b0 [i915]
[   23.421172]  ? intel_plane_duplicate_state+0x2d/0xc0 [i915]
[   23.421239]  ? __drm_dbg+0xa4/0x120
[   23.421303]  ? __kasan_kmalloc.constprop.0+0xc2/0xd0
[   23.421355]  ? __kmalloc_track_caller+0x23a/0x320
[   23.421602]  ? intel_calc_active_pipes+0x1c0/0x1c0 [i915]
[   23.421852]  sanitize_watermarks+0x220/0x510 [i915]
[   23.422092]  ? intel_atomic_check+0x65a0/0x65a0 [i915]
[   23.422164]  ? drm_modeset_unlock_all+0x88/0x130
[   23.422402]  intel_modeset_init+0x1b76/0x3c90 [i915]
[   23.422647]  ? intel_finish_reset+0x2d0/0x2d0 [i915]
[   23.422851]  ? intel_irq_install+0x12c/0x210 [i915]
[   23.423076]  i915_driver_probe+0x13e7/0x2930 [i915]

v2: No crtc is implied by an invisible plane, so the extra !crtc check
is redundant.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200203133824.198872-1-chris@chris-wilson.co.uk
Signed-off-by: Patrik Jakobsson <pjakobsson@suse.de>
---
 drivers/gpu/drm/i915/display/intel_atomic_plane.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/i915/display/intel_atomic_plane.c b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
index 91ab6e2ab1fd..c86d7a35c816 100644
--- a/drivers/gpu/drm/i915/display/intel_atomic_plane.c
+++ b/drivers/gpu/drm/i915/display/intel_atomic_plane.c
@@ -165,14 +165,15 @@ int intel_plane_calc_min_cdclk(struct intel_atomic_state *state,
 		intel_atomic_get_new_plane_state(state, plane);
 	struct intel_crtc *crtc = to_intel_crtc(plane_state->hw.crtc);
 	const struct intel_cdclk_state *cdclk_state;
-	struct intel_crtc_state *new_crtc_state =
-		intel_atomic_get_new_crtc_state(state, crtc);
-	const struct intel_crtc_state *old_crtc_state =
-		intel_atomic_get_old_crtc_state(state, crtc);
+	const struct intel_crtc_state *old_crtc_state;
+	struct intel_crtc_state *new_crtc_state;
 
 	if (!plane_state->uapi.visible || !plane->min_cdclk)
 		return 0;
 
+	old_crtc_state = intel_atomic_get_old_crtc_state(state, crtc);
+	new_crtc_state = intel_atomic_get_new_crtc_state(state, crtc);
+
 	new_crtc_state->min_cdclk[plane->id] =
 		plane->min_cdclk(new_crtc_state, plane_state);
 
-- 
2.28.0
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.