From: Borislav Petkov <bp@alien8.de>
To: Karol Herbst <kherbst@redhat.com>
Cc: Takashi Iwai <tiwai@suse.de>,
nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org, Ben Skeggs <bskeggs@redhat.com>
Subject: Re: [Nouveau] [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create
Date: Thu, 17 Aug 2023 17:17:39 +0200 [thread overview]
Message-ID: <20230817151739.GEZN46E2T/1GS+baIZ@fat_crate.local> (raw)
In-Reply-To: <CACO55tt9ZLKjaTyARXQ4VePgd41nYCQBn+wAGGDJRw1QV3hPBQ@mail.gmail.com>
On Thu, Aug 17, 2023 at 12:24:45PM +0200, Karol Herbst wrote:
> simply throw a
>
> printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
>
> inside drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c:104 after that
> mentioned comment.
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
index 46b057fe1412..661fd0cf3b3b 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
@@ -101,6 +101,7 @@ nvkm_uconn_uevent(struct nvkm_object *object, void *argv, u32 argc, struct nvkm_
if (args->v0.types & NVIF_CONN_EVENT_V0_UNPLUG) bits |= NVKM_GPIO_LO;
if (args->v0.types & NVIF_CONN_EVENT_V0_IRQ) {
/* TODO: support DP IRQ on ANX9805 and remove this hack. */
+ printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
if (!outp->info.location)
return -EINVAL;
}
result:
[ 10.566759] ACPI: bus type drm_connector registered
[ 10.591171] Console: switching to colour dummy device 80x25
[ 10.598472] nouveau 0000:03:00.0: vgaarb: deactivate vga console
[ 10.607121] nouveau 0000:03:00.0: NVIDIA GT218 (0a8c00b1)
[ 10.728361] nouveau 0000:03:00.0: bios: version 70.18.83.00.08
[ 10.742137] nouveau 0000:03:00.0: fb: 512 MiB DDR3
[ 11.059848] nouveau 0000:03:00.0: DRM: VRAM: 512 MiB
[ 11.064911] nouveau 0000:03:00.0: DRM: GART: 1048576 MiB
[ 11.070302] nouveau 0000:03:00.0: DRM: TMDS table version 2.0
[ 11.076126] nouveau 0000:03:00.0: DRM: DCB version 4.0
[ 11.081335] nouveau 0000:03:00.0: DRM: DCB outp 00: 02000360 00000000
[ 11.087865] nouveau 0000:03:00.0: DRM: DCB outp 01: 02000362 00020010
[ 11.094395] nouveau 0000:03:00.0: DRM: DCB outp 02: 028003a6 0f220010
[ 11.100912] nouveau 0000:03:00.0: DRM: DCB outp 03: 01011380 00000000
[ 11.107422] nouveau 0000:03:00.0: DRM: DCB outp 04: 08011382 00020010
[ 11.113940] nouveau 0000:03:00.0: DRM: DCB outp 05: 088113c6 0f220010
[ 11.120457] nouveau 0000:03:00.0: DRM: DCB conn 00: 00101064
[ 11.126182] nouveau 0000:03:00.0: DRM: DCB conn 01: 00202165
[ 11.138865] nouveau 0000:03:00.0: DRM: MM: using COPY for buffer copies
[ 11.151291] nvkm_uconn_uevent 0
[ 11.154643] nvkm_uconn_uevent 0
[ 11.157975] nvkm_uconn_uevent 0
[ 11.161298] nvkm_uconn_uevent 0
[ 11.164616] nvkm_uconn_uevent 0
[ 11.167943] nvkm_uconn_uevent 0
[ 11.176010] [drm] Initialized nouveau 1.3.1 20120801 for 0000:03:00.0 on minor 0
[ 11.184186] nouveau 0000:03:00.0: [drm] Cannot find any crtc or sizes
[ 11.260527] megasas: 07.725.01.00-rc1
[ 11.264555] st: Version 20160209, fixed bufsize 32768, s/g segs 256
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@alien8.de>
To: Karol Herbst <kherbst@redhat.com>
Cc: nouveau@lists.freedesktop.org, linux-kernel@vger.kernel.org,
dri-devel@lists.freedesktop.org, Ben Skeggs <bskeggs@redhat.com>
Subject: Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create
Date: Thu, 17 Aug 2023 17:17:39 +0200 [thread overview]
Message-ID: <20230817151739.GEZN46E2T/1GS+baIZ@fat_crate.local> (raw)
In-Reply-To: <CACO55tt9ZLKjaTyARXQ4VePgd41nYCQBn+wAGGDJRw1QV3hPBQ@mail.gmail.com>
On Thu, Aug 17, 2023 at 12:24:45PM +0200, Karol Herbst wrote:
> simply throw a
>
> printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
>
> inside drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c:104 after that
> mentioned comment.
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
index 46b057fe1412..661fd0cf3b3b 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
@@ -101,6 +101,7 @@ nvkm_uconn_uevent(struct nvkm_object *object, void *argv, u32 argc, struct nvkm_
if (args->v0.types & NVIF_CONN_EVENT_V0_UNPLUG) bits |= NVKM_GPIO_LO;
if (args->v0.types & NVIF_CONN_EVENT_V0_IRQ) {
/* TODO: support DP IRQ on ANX9805 and remove this hack. */
+ printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
if (!outp->info.location)
return -EINVAL;
}
result:
[ 10.566759] ACPI: bus type drm_connector registered
[ 10.591171] Console: switching to colour dummy device 80x25
[ 10.598472] nouveau 0000:03:00.0: vgaarb: deactivate vga console
[ 10.607121] nouveau 0000:03:00.0: NVIDIA GT218 (0a8c00b1)
[ 10.728361] nouveau 0000:03:00.0: bios: version 70.18.83.00.08
[ 10.742137] nouveau 0000:03:00.0: fb: 512 MiB DDR3
[ 11.059848] nouveau 0000:03:00.0: DRM: VRAM: 512 MiB
[ 11.064911] nouveau 0000:03:00.0: DRM: GART: 1048576 MiB
[ 11.070302] nouveau 0000:03:00.0: DRM: TMDS table version 2.0
[ 11.076126] nouveau 0000:03:00.0: DRM: DCB version 4.0
[ 11.081335] nouveau 0000:03:00.0: DRM: DCB outp 00: 02000360 00000000
[ 11.087865] nouveau 0000:03:00.0: DRM: DCB outp 01: 02000362 00020010
[ 11.094395] nouveau 0000:03:00.0: DRM: DCB outp 02: 028003a6 0f220010
[ 11.100912] nouveau 0000:03:00.0: DRM: DCB outp 03: 01011380 00000000
[ 11.107422] nouveau 0000:03:00.0: DRM: DCB outp 04: 08011382 00020010
[ 11.113940] nouveau 0000:03:00.0: DRM: DCB outp 05: 088113c6 0f220010
[ 11.120457] nouveau 0000:03:00.0: DRM: DCB conn 00: 00101064
[ 11.126182] nouveau 0000:03:00.0: DRM: DCB conn 01: 00202165
[ 11.138865] nouveau 0000:03:00.0: DRM: MM: using COPY for buffer copies
[ 11.151291] nvkm_uconn_uevent 0
[ 11.154643] nvkm_uconn_uevent 0
[ 11.157975] nvkm_uconn_uevent 0
[ 11.161298] nvkm_uconn_uevent 0
[ 11.164616] nvkm_uconn_uevent 0
[ 11.167943] nvkm_uconn_uevent 0
[ 11.176010] [drm] Initialized nouveau 1.3.1 20120801 for 0000:03:00.0 on minor 0
[ 11.184186] nouveau 0000:03:00.0: [drm] Cannot find any crtc or sizes
[ 11.260527] megasas: 07.725.01.00-rc1
[ 11.264555] st: Version 20160209, fixed bufsize 32768, s/g segs 256
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <bp@alien8.de>
To: Karol Herbst <kherbst@redhat.com>
Cc: linux-kernel@vger.kernel.org, Ben Skeggs <bskeggs@redhat.com>,
Lyude Paul <lyude@redhat.com>,
dri-devel@lists.freedesktop.org, nouveau@lists.freedesktop.org,
Takashi Iwai <tiwai@suse.de>
Subject: Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create
Date: Thu, 17 Aug 2023 17:17:39 +0200 [thread overview]
Message-ID: <20230817151739.GEZN46E2T/1GS+baIZ@fat_crate.local> (raw)
In-Reply-To: <CACO55tt9ZLKjaTyARXQ4VePgd41nYCQBn+wAGGDJRw1QV3hPBQ@mail.gmail.com>
On Thu, Aug 17, 2023 at 12:24:45PM +0200, Karol Herbst wrote:
> simply throw a
>
> printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
>
> inside drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c:104 after that
> mentioned comment.
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
index 46b057fe1412..661fd0cf3b3b 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
@@ -101,6 +101,7 @@ nvkm_uconn_uevent(struct nvkm_object *object, void *argv, u32 argc, struct nvkm_
if (args->v0.types & NVIF_CONN_EVENT_V0_UNPLUG) bits |= NVKM_GPIO_LO;
if (args->v0.types & NVIF_CONN_EVENT_V0_IRQ) {
/* TODO: support DP IRQ on ANX9805 and remove this hack. */
+ printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
if (!outp->info.location)
return -EINVAL;
}
result:
[ 10.566759] ACPI: bus type drm_connector registered
[ 10.591171] Console: switching to colour dummy device 80x25
[ 10.598472] nouveau 0000:03:00.0: vgaarb: deactivate vga console
[ 10.607121] nouveau 0000:03:00.0: NVIDIA GT218 (0a8c00b1)
[ 10.728361] nouveau 0000:03:00.0: bios: version 70.18.83.00.08
[ 10.742137] nouveau 0000:03:00.0: fb: 512 MiB DDR3
[ 11.059848] nouveau 0000:03:00.0: DRM: VRAM: 512 MiB
[ 11.064911] nouveau 0000:03:00.0: DRM: GART: 1048576 MiB
[ 11.070302] nouveau 0000:03:00.0: DRM: TMDS table version 2.0
[ 11.076126] nouveau 0000:03:00.0: DRM: DCB version 4.0
[ 11.081335] nouveau 0000:03:00.0: DRM: DCB outp 00: 02000360 00000000
[ 11.087865] nouveau 0000:03:00.0: DRM: DCB outp 01: 02000362 00020010
[ 11.094395] nouveau 0000:03:00.0: DRM: DCB outp 02: 028003a6 0f220010
[ 11.100912] nouveau 0000:03:00.0: DRM: DCB outp 03: 01011380 00000000
[ 11.107422] nouveau 0000:03:00.0: DRM: DCB outp 04: 08011382 00020010
[ 11.113940] nouveau 0000:03:00.0: DRM: DCB outp 05: 088113c6 0f220010
[ 11.120457] nouveau 0000:03:00.0: DRM: DCB conn 00: 00101064
[ 11.126182] nouveau 0000:03:00.0: DRM: DCB conn 01: 00202165
[ 11.138865] nouveau 0000:03:00.0: DRM: MM: using COPY for buffer copies
[ 11.151291] nvkm_uconn_uevent 0
[ 11.154643] nvkm_uconn_uevent 0
[ 11.157975] nvkm_uconn_uevent 0
[ 11.161298] nvkm_uconn_uevent 0
[ 11.164616] nvkm_uconn_uevent 0
[ 11.167943] nvkm_uconn_uevent 0
[ 11.176010] [drm] Initialized nouveau 1.3.1 20120801 for 0000:03:00.0 on minor 0
[ 11.184186] nouveau 0000:03:00.0: [drm] Cannot find any crtc or sizes
[ 11.260527] megasas: 07.725.01.00-rc1
[ 11.264555] st: Version 20160209, fixed bufsize 32768, s/g segs 256
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2023-08-17 15:17 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-14 14:49 [Nouveau] [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create Karol Herbst
2023-08-14 14:49 ` Karol Herbst
2023-08-14 14:49 ` Karol Herbst
2023-08-16 9:30 ` Borislav Petkov
2023-08-16 9:30 ` Borislav Petkov
2023-08-16 9:30 ` [Nouveau] " Borislav Petkov
2023-08-16 9:51 ` Karol Herbst
2023-08-16 9:51 ` Karol Herbst
2023-08-16 9:51 ` Karol Herbst
2023-08-16 10:03 ` [Nouveau] " Borislav Petkov
2023-08-16 10:03 ` Borislav Petkov
2023-08-16 10:03 ` Borislav Petkov
2023-08-16 10:11 ` [Nouveau] " Borislav Petkov
2023-08-16 10:11 ` Borislav Petkov
2023-08-16 10:11 ` Borislav Petkov
2023-08-16 10:14 ` [Nouveau] " Borislav Petkov
2023-08-16 10:14 ` Borislav Petkov
2023-08-16 10:14 ` Borislav Petkov
2023-08-16 10:36 ` [Nouveau] " Takashi Iwai
2023-08-16 10:36 ` Takashi Iwai
2023-08-16 10:36 ` Takashi Iwai
2023-08-16 14:53 ` [Nouveau] " Borislav Petkov
2023-08-16 14:53 ` Borislav Petkov
2023-08-16 14:53 ` Borislav Petkov
2023-08-16 14:57 ` [Nouveau] " Karol Herbst
2023-08-16 14:57 ` Karol Herbst
2023-08-16 14:57 ` Karol Herbst
2023-08-16 15:12 ` [Nouveau] " Borislav Petkov
2023-08-16 15:12 ` Borislav Petkov
2023-08-16 15:12 ` Borislav Petkov
2023-08-16 21:27 ` [Nouveau] " Karol Herbst
2023-08-16 21:27 ` Karol Herbst
2023-08-16 21:27 ` Karol Herbst
2023-08-16 22:13 ` [Nouveau] " Borislav Petkov
2023-08-16 22:13 ` Borislav Petkov
2023-08-16 22:13 ` Borislav Petkov
2023-08-16 23:18 ` [Nouveau] " Karol Herbst
2023-08-16 23:18 ` Karol Herbst
2023-08-16 23:18 ` Karol Herbst
2023-08-17 8:10 ` [Nouveau] " Borislav Petkov
2023-08-17 8:10 ` Borislav Petkov
2023-08-17 8:10 ` Borislav Petkov
2023-08-17 9:58 ` [Nouveau] " Karol Herbst
2023-08-17 9:58 ` Karol Herbst
2023-08-17 9:58 ` Karol Herbst
2023-08-17 10:00 ` [Nouveau] " Karol Herbst
2023-08-17 10:00 ` Karol Herbst
2023-08-17 10:00 ` Karol Herbst
2023-08-17 10:11 ` [Nouveau] " Borislav Petkov
2023-08-17 10:11 ` Borislav Petkov
2023-08-17 10:11 ` Borislav Petkov
2023-08-17 10:24 ` [Nouveau] " Karol Herbst
2023-08-17 10:24 ` Karol Herbst
2023-08-17 10:24 ` Karol Herbst
2023-08-17 15:17 ` Borislav Petkov [this message]
2023-08-17 15:17 ` Borislav Petkov
2023-08-17 15:17 ` Borislav Petkov
2023-08-16 20:47 ` [Nouveau] " Lyude Paul
2023-08-16 20:47 ` Lyude Paul
2023-08-16 20:47 ` Lyude Paul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230817151739.GEZN46E2T/1GS+baIZ@fat_crate.local \
--to=bp@alien8.de \
--cc=bskeggs@redhat.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=kherbst@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=nouveau@lists.freedesktop.org \
--cc=tiwai@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.