TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b7ea85a4fe
twx-linux/drivers
History
Huacai Chen b7ea85a4fe drm: fix a use-after-free when GPU acceleration disabled 
When GPU acceleration is disabled, drm_vblank_cleanup() will free the
vblank-related data, such as vblank_refcount, vblank_inmodeset, etc.
But we found that drm_vblank_post_modeset() may be called after the
cleanup, which use vblank_refcount and vblank_inmodeset. And this will
cause a kernel panic.

Fix this by return immediately if dev->num_crtcs is zero. This is the
same thing that drm_vblank_pre_modeset() does.

Call trace of a drm_vblank_post_modeset() after drm_vblank_cleanup():
[   62.628906] [<ffffffff804868d0>] drm_vblank_post_modeset+0x34/0xb4
[   62.628906] [<ffffffff804c7008>] atombios_crtc_dpms+0xb4/0x174
[   62.628906] [<ffffffff804c70e0>] atombios_crtc_commit+0x18/0x38
[   62.628906] [<ffffffff8047f038>] drm_crtc_helper_set_mode+0x304/0x3cc
[   62.628906] [<ffffffff8047f92c>] drm_crtc_helper_set_config+0x6d8/0x988
[   62.628906] [<ffffffff8047dd40>] drm_fb_helper_set_par+0x94/0x104
[   62.628906] [<ffffffff80439d14>] fbcon_init+0x424/0x57c
[   62.628906] [<ffffffff8046a638>] visual_init+0xb8/0x118
[   62.628906] [<ffffffff8046b9f8>] take_over_console+0x238/0x384
[   62.628906] [<ffffffff80436df8>] fbcon_takeover+0x7c/0xdc
[   62.628906] [<ffffffff8024fa20>] notifier_call_chain+0x44/0x94
[   62.628906] [<ffffffff8024fcbc>] __blocking_notifier_call_chain+0x48/0x68
[   62.628906] [<ffffffff8042d990>] register_framebuffer+0x228/0x260
[   62.628906] [<ffffffff8047e010>] drm_fb_helper_single_fb_probe+0x260/0x314
[   62.628906] [<ffffffff8047e2c4>] drm_fb_helper_initial_config+0x200/0x234
[   62.628906] [<ffffffff804e5560>] radeon_fbdev_init+0xd4/0xf4
[   62.628906] [<ffffffff804e0e08>] radeon_modeset_init+0x9bc/0xa18
[   62.628906] [<ffffffff804bfc14>] radeon_driver_load_kms+0xdc/0x12c
[   62.628906] [<ffffffff8048b548>] drm_get_pci_dev+0x148/0x238
[   62.628906] [<ffffffff80423564>] local_pci_probe+0x5c/0xd0
[   62.628906] [<ffffffff80241ac4>] work_for_cpu_fn+0x1c/0x30
[   62.628906] [<ffffffff802427c8>] process_one_work+0x274/0x3bc
[   62.628906] [<ffffffff80242934>] process_scheduled_works+0x24/0x44
[   62.628906] [<ffffffff8024515c>] worker_thread+0x31c/0x3f4
[   62.628906] [<ffffffff802497a8>] kthread+0x88/0x90
[   62.628906] [<ffffffff80206794>] kernel_thread_helper+0x10/0x18

Signed-off-by: Huacai Chen <chenhc@lemote.com>
Signed-off-by: Binbin Zhou <zhoubb@lemote.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
Signed-off-by: Dave Airlie <airlied@gmail.com>
2013-06-03 19:12:04 +10:00
..
accessibility
acpi PCI updates for v3.10: 2013-05-23 13:50:53 -07:00
amba
ata drivers/ata: don't check resource with devm_ioremap_resource 2013-05-12 15:19:46 +02:00
atm atm: he: use mdelay instead of large udelay constants 2013-04-29 13:26:48 -04:00
auxdisplay
base Driver core fixes for 3.10-rc2 2013-05-23 09:27:08 -07:00
bcma - Lots of cleanups from Artem, including deletion of some obsolete drivers 2013-05-09 10:15:46 -07:00
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-05-15 13:36:19 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
bus
cdrom block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
char char/misc driver fixes for 3.10-rc2 2013-05-23 09:26:32 -07:00
clk ARM: late Exynos multiplatform changes 2013-05-07 11:28:42 -07:00
clocksource ARM: late Exynos multiplatform changes 2013-05-07 11:28:42 -07:00
connector
cpufreq MIPS: Idle: Consolidate all declarations in <asm/idle.h>. 2013-05-22 01:34:27 +02:00
cpuidle cpuidle: add maintainer entry 2013-04-26 22:30:25 +02:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-05-02 14:53:12 -07:00
dca
devfreq
dio
dma drivers/dma: don't check resource with devm_ioremap_resource 2013-05-18 11:54:55 +02:00
edac Two small EDAC fixes. 2013-05-09 10:11:08 -07:00
eisa PCI changes for the v3.10 merge window: 2013-04-29 09:30:25 -07:00
extcon Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
firewire IEEE 1394 (FireWire) subsystem changes: 2013-05-09 10:11:48 -07:00
firmware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
gpio drivers/gpio: don't check resource with devm_ioremap_resource 2013-05-18 11:55:19 +02:00
gpu drm: fix a use-after-free when GPU acceleration disabled 2013-06-03 19:12:04 +10:00
hid HID: debug: fix RCU preemption issue 2013-05-06 13:07:33 +02:00
hsi
hv Drivers: hv: Fix a bug in get_vp_index() 2013-05-21 09:56:55 -07:00
hwmon hwmon: (tmp401) Drop redundant safety on cache lifetime 2013-05-19 08:19:29 -07:00
hwspinlock A single patch from Vincent extending OMAP's hwspinlock support to OMAP5. 2013-05-07 14:01:27 -07:00
i2c Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-05-21 11:11:45 -07:00
ide block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
idle Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux 2013-05-11 15:23:17 -07:00
iio iio: exynos_adc: fix wrong structure extration in suspend and resume 2013-05-22 22:15:20 +01:00
infiniband InfiniBand/RDMA changes for the 3.10 merge window: 2013-05-08 15:29:48 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2013-05-23 13:50:03 -07:00
iommu IOMMU Updates for Linux v3.10 2013-05-06 14:59:13 -07:00
ipack
irqchip ARM: late Exynos multiplatform changes 2013-05-07 11:28:42 -07:00
isdn Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
leds leds: leds-gpio: reserve gpio before using it 2013-05-21 11:26:53 -07:00
lguest lguest: clear cached last cpu when guest_set_pgd() called. 2013-05-08 10:49:18 +09:30
macintosh Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
mailbox
md dm thin: fix metadata dev resize detection 2013-05-19 18:57:50 +01:00
media Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-05-02 14:38:53 -07:00
memory drivers/memory: don't check resource with devm_ioremap_resource 2013-05-18 11:55:52 +02:00
memstick block_device_operations->release() should return void 2013-05-07 02:16:21 -04:00
message Merge branch 'for-3.10/core' of git://git.kernel.dk/linux-block 2013-05-08 10:13:35 -07:00
mfd This is the first batch of MFD fixes for 3.10. 2013-05-22 07:18:41 -07:00
misc char/misc driver fixes for 3.10-rc2 2013-05-23 09:26:32 -07:00
mmc Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm 2013-05-15 13:37:54 -07:00
mtd drivers/mtd/nand: don't check resource with devm_ioremap_resource 2013-05-18 11:55:55 +02:00
net USB fixes for 3.10-rc2 2013-05-23 09:23:32 -07:00
nfc
ntb NTB: Multiple NTB client fix 2013-05-15 10:58:22 -07:00
nubus nubus: Kill nubus_proc_detach_device() 2013-05-04 14:47:26 -04:00
of Device tree bug fixes and documentation updates for v3.10 2013-05-18 10:46:50 -07:00
oprofile
parisc parisc: fix partly 16/64k PAGE_SIZE boot 2013-05-06 23:08:32 +02:00
parport
pci PCI: acpiphp: Re-enumerate devices when host bridge receives Bus Check 2013-05-17 14:12:06 -06:00
pcmcia
pinctrl Pinctrl fixes for the v3.10 series: 2013-05-20 07:59:46 -07:00
platform - Artem's removal of dead code continues (RPX, MBX860) 2013-05-10 09:09:47 -07:00
pnp Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2013-05-02 10:16:16 -07:00
power For 3.10 we have a few new MFD drivers for: 2013-05-05 17:36:20 -07:00
pps Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ps3
ptp
pwm drivers/pwm: don't check resource with devm_ioremap_resource 2013-05-18 11:55:58 +02:00
rapidio
regulator Removal of GENERIC_GPIO for v3.10 2013-05-09 09:59:16 -07:00
remoteproc This pull request contains: 2013-05-07 14:04:56 -07:00
reset
rpmsg A small pull request consisting of: 2013-05-07 14:02:00 -07:00
rtc Merge branch 'devm_no_resource_check' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-05-18 10:54:54 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2013-05-21 09:36:46 -07:00
sbus
scsi Merge branch 'postmerge' into for-linus 2013-05-10 07:54:01 -07:00
sfi
sh
sn
spi Merge branch 'devm_no_resource_check' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2013-05-18 10:54:54 -07:00
ssb - Lots of cleanups from Artem, including deletion of some obsolete drivers 2013-05-09 10:15:46 -07:00
ssbi
staging Merge remote-tracking branch 'pfdo/drm-fixes' into drm-next 2013-05-24 10:12:22 +10:00
target Merge branch 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2013-05-16 07:55:07 -07:00
tc
thermal drivers/thermal: don't check resource with devm_ioremap_resource 2013-05-18 11:57:30 +02:00
tty tty: mxser: Fix build warning introduced by dfc7b837c7f9 (Re: linux-next: build warning after merge of the tty.current tree) 2013-05-22 10:26:02 -07:00
uio uio: UIO_DMEM_GENIRQ should depend on HAS_DMA 2013-05-21 10:13:23 -07:00
usb USB fixes for 3.10-rc2 2013-05-23 09:23:32 -07:00
uwb uwb: rename random32() to prandom_u32() 2013-04-29 18:28:43 -07:00
vfio vfio updates for v3.10 2013-05-02 14:02:32 -07:00
vhost Add missing module license tag to vring helpers. 2013-05-08 10:49:03 +09:30
video Staging driver fixes for 3.10-rc2 2013-05-23 09:27:49 -07:00
virt
virtio
vlynq
vme
w1 drivers/w1/masters: don't check resource with devm_ioremap_resource 2013-05-18 11:58:03 +02:00
watchdog drivers/watchdog: don't check resource with devm_ioremap_resource 2013-05-18 11:58:04 +02:00
xen xen: Fixed assignment error in if statement 2013-05-20 14:14:48 -04:00
zorro proc: Supply PDE attribute setting accessor functions 2013-05-01 17:29:18 -04:00
Kconfig ARM: arm-soc driver changes for 3.10 2013-05-04 12:31:18 -07:00
Makefile ARM: arm-soc driver changes for 3.10 2013-05-04 12:31:18 -07:00