* [PATCH] drm/fb-helper: Fix out-of-bounds access
@ 2022-06-21 10:46 ` Thomas Zimmermann
0 siblings, 0 replies; 8+ messages in thread
From: Thomas Zimmermann @ 2022-06-21 10:46 UTC (permalink / raw)
To: maarten.lankhorst, mripard, airlied, daniel, javierm
Cc: Nuno Gonçalves, stable, Thomas Zimmermann, dri-devel
Clip memory range to screen-buffer size to avoid out-of-bounds access
in fbdev deferred I/O's damage handling.
Fbdev's deferred I/O can only track pages. From the range of pages, the
damage handler computes the clipping rectangle for the display update.
If the fbdev screen buffer ends near the beginning of a page, that page
could contain more scanlines. The damage handler would then track these
non-existing scanlines as dirty and provoke an out-of-bounds access
during the screen update. Hence, clip the maximum memory range to the
size of the screen buffer.
While at it, rename the variables min/max to min_off/max_off in
drm_fb_helper_deferred_io(). This avoids confusion with the macros of
the same name.
Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: <stable@vger.kernel.org> # v5.18+
---
drivers/gpu/drm/drm_fb_helper.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 5ad2b6a2778c..1705e8d345ab 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -680,7 +680,11 @@ static void drm_fb_helper_damage(struct fb_info *info, u32 x, u32 y,
schedule_work(&helper->damage_work);
}
-/* Convert memory region into area of scanlines and pixels per scanline */
+/*
+ * Convert memory region into area of scanlines and pixels per
+ * scanline. The parameters off and len must not reach beyond
+ * the end of the framebuffer.
+ */
static void drm_fb_helper_memory_range_to_clip(struct fb_info *info, off_t off, size_t len,
struct drm_rect *clip)
{
@@ -715,22 +719,29 @@ static void drm_fb_helper_memory_range_to_clip(struct fb_info *info, off_t off,
*/
void drm_fb_helper_deferred_io(struct fb_info *info, struct list_head *pagereflist)
{
- unsigned long start, end, min, max;
+ unsigned long start, end, min_off, max_off;
struct fb_deferred_io_pageref *pageref;
struct drm_rect damage_area;
- min = ULONG_MAX;
- max = 0;
+ min_off = ULONG_MAX;
+ max_off = 0;
list_for_each_entry(pageref, pagereflist, list) {
start = pageref->offset;
end = start + PAGE_SIZE;
- min = min(min, start);
- max = max(max, end);
+ min_off = min(min_off, start);
+ max_off = max(max_off, end);
}
- if (min >= max)
+ if (min_off >= max_off)
return;
- drm_fb_helper_memory_range_to_clip(info, min, max - min, &damage_area);
+ /*
+ * As we can only track pages, we might reach beyond the end
+ * of the screen and account for non-existing scanlines. Hence,
+ * keep the covered memory area within the screen buffer.
+ */
+ max_off = min(max_off, info->screen_size);
+
+ drm_fb_helper_memory_range_to_clip(info, min_off, max_off - min_off, &damage_area);
drm_fb_helper_damage(info, damage_area.x1, damage_area.y1,
drm_rect_width(&damage_area),
drm_rect_height(&damage_area));
--
2.36.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] drm/fb-helper: Fix out-of-bounds access
@ 2022-06-21 10:46 ` Thomas Zimmermann
0 siblings, 0 replies; 8+ messages in thread
From: Thomas Zimmermann @ 2022-06-21 10:46 UTC (permalink / raw)
To: maarten.lankhorst, mripard, airlied, daniel, javierm
Cc: dri-devel, Thomas Zimmermann, Nuno Gonçalves, stable
Clip memory range to screen-buffer size to avoid out-of-bounds access
in fbdev deferred I/O's damage handling.
Fbdev's deferred I/O can only track pages. From the range of pages, the
damage handler computes the clipping rectangle for the display update.
If the fbdev screen buffer ends near the beginning of a page, that page
could contain more scanlines. The damage handler would then track these
non-existing scanlines as dirty and provoke an out-of-bounds access
during the screen update. Hence, clip the maximum memory range to the
size of the screen buffer.
While at it, rename the variables min/max to min_off/max_off in
drm_fb_helper_deferred_io(). This avoids confusion with the macros of
the same name.
Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: <stable@vger.kernel.org> # v5.18+
---
drivers/gpu/drm/drm_fb_helper.c | 27 +++++++++++++++++++--------
1 file changed, 19 insertions(+), 8 deletions(-)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 5ad2b6a2778c..1705e8d345ab 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -680,7 +680,11 @@ static void drm_fb_helper_damage(struct fb_info *info, u32 x, u32 y,
schedule_work(&helper->damage_work);
}
-/* Convert memory region into area of scanlines and pixels per scanline */
+/*
+ * Convert memory region into area of scanlines and pixels per
+ * scanline. The parameters off and len must not reach beyond
+ * the end of the framebuffer.
+ */
static void drm_fb_helper_memory_range_to_clip(struct fb_info *info, off_t off, size_t len,
struct drm_rect *clip)
{
@@ -715,22 +719,29 @@ static void drm_fb_helper_memory_range_to_clip(struct fb_info *info, off_t off,
*/
void drm_fb_helper_deferred_io(struct fb_info *info, struct list_head *pagereflist)
{
- unsigned long start, end, min, max;
+ unsigned long start, end, min_off, max_off;
struct fb_deferred_io_pageref *pageref;
struct drm_rect damage_area;
- min = ULONG_MAX;
- max = 0;
+ min_off = ULONG_MAX;
+ max_off = 0;
list_for_each_entry(pageref, pagereflist, list) {
start = pageref->offset;
end = start + PAGE_SIZE;
- min = min(min, start);
- max = max(max, end);
+ min_off = min(min_off, start);
+ max_off = max(max_off, end);
}
- if (min >= max)
+ if (min_off >= max_off)
return;
- drm_fb_helper_memory_range_to_clip(info, min, max - min, &damage_area);
+ /*
+ * As we can only track pages, we might reach beyond the end
+ * of the screen and account for non-existing scanlines. Hence,
+ * keep the covered memory area within the screen buffer.
+ */
+ max_off = min(max_off, info->screen_size);
+
+ drm_fb_helper_memory_range_to_clip(info, min_off, max_off - min_off, &damage_area);
drm_fb_helper_damage(info, damage_area.x1, damage_area.y1,
drm_rect_width(&damage_area),
drm_rect_height(&damage_area));
--
2.36.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
2022-06-21 10:46 ` Thomas Zimmermann
@ 2022-06-23 7:57 ` Javier Martinez Canillas
-1 siblings, 0 replies; 8+ messages in thread
From: Javier Martinez Canillas @ 2022-06-23 7:57 UTC (permalink / raw)
To: Thomas Zimmermann, maarten.lankhorst, mripard, airlied, daniel
Cc: dri-devel, Nuno Gonçalves, stable
Hello Thomas,
On 6/21/22 12:46, Thomas Zimmermann wrote:
> Clip memory range to screen-buffer size to avoid out-of-bounds access
> in fbdev deferred I/O's damage handling.
>
> Fbdev's deferred I/O can only track pages. From the range of pages, the
> damage handler computes the clipping rectangle for the display update.
> If the fbdev screen buffer ends near the beginning of a page, that page
> could contain more scanlines. The damage handler would then track these
> non-existing scanlines as dirty and provoke an out-of-bounds access
> during the screen update. Hence, clip the maximum memory range to the
> size of the screen buffer.
>
> While at it, rename the variables min/max to min_off/max_off in
> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
> the same name.
>
> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Cc: Javier Martinez Canillas <javierm@redhat.com>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> Cc: Maxime Ripard <mripard@kernel.org>
> Cc: <stable@vger.kernel.org> # v5.18+
> ---
This makes sense to me.
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
--
Best regards,
Javier Martinez Canillas
Linux Engineering
Red Hat
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
@ 2022-06-23 7:57 ` Javier Martinez Canillas
0 siblings, 0 replies; 8+ messages in thread
From: Javier Martinez Canillas @ 2022-06-23 7:57 UTC (permalink / raw)
To: Thomas Zimmermann, maarten.lankhorst, mripard, airlied, daniel
Cc: Nuno Gonçalves, stable, dri-devel
Hello Thomas,
On 6/21/22 12:46, Thomas Zimmermann wrote:
> Clip memory range to screen-buffer size to avoid out-of-bounds access
> in fbdev deferred I/O's damage handling.
>
> Fbdev's deferred I/O can only track pages. From the range of pages, the
> damage handler computes the clipping rectangle for the display update.
> If the fbdev screen buffer ends near the beginning of a page, that page
> could contain more scanlines. The damage handler would then track these
> non-existing scanlines as dirty and provoke an out-of-bounds access
> during the screen update. Hence, clip the maximum memory range to the
> size of the screen buffer.
>
> While at it, rename the variables min/max to min_off/max_off in
> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
> the same name.
>
> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
> Cc: Thomas Zimmermann <tzimmermann@suse.de>
> Cc: Javier Martinez Canillas <javierm@redhat.com>
> Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
> Cc: Maxime Ripard <mripard@kernel.org>
> Cc: <stable@vger.kernel.org> # v5.18+
> ---
This makes sense to me.
Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
--
Best regards,
Javier Martinez Canillas
Linux Engineering
Red Hat
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
2022-06-21 10:46 ` Thomas Zimmermann
@ 2022-06-29 18:17 ` Geert Uytterhoeven
-1 siblings, 0 replies; 8+ messages in thread
From: Geert Uytterhoeven @ 2022-06-29 18:17 UTC (permalink / raw)
To: Thomas Zimmermann
Cc: maarten.lankhorst, mripard, airlied, daniel, javierm, dri-devel,
Nuno Gonçalves, stable
[-- Attachment #1: Type: text/plain, Size: 2046 bytes --]
Hi Thomas,
On Tue, 21 Jun 2022, Thomas Zimmermann wrote:
> Clip memory range to screen-buffer size to avoid out-of-bounds access
> in fbdev deferred I/O's damage handling.
>
> Fbdev's deferred I/O can only track pages. From the range of pages, the
> damage handler computes the clipping rectangle for the display update.
> If the fbdev screen buffer ends near the beginning of a page, that page
> could contain more scanlines. The damage handler would then track these
> non-existing scanlines as dirty and provoke an out-of-bounds access
> during the screen update. Hence, clip the maximum memory range to the
> size of the screen buffer.
>
> While at it, rename the variables min/max to min_off/max_off in
> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
> the same name.
>
> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
Thanks for your patch, which is now commit ae25885bdf59fde4
("drm/fb-helper: Fix out-of-bounds access") in drm-misc/for-linux-next.
I had seen the crash before, but thought it was a bug in my wip
atari-drm driver. When diving deeper today, and consequently looking
for recent changes to the damage helper, I found this commit in
linux-next.
With your patch instead of my own workaround I used this morning, [1]
still works fine, so:
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>.
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>.
[1] [PATCH] drm/fb-helper: Remove helpers to change frame buffer config
https://lore.kernel.org/all/20220629105658.1373770-1-geert@linux-m68k.org
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
@ 2022-06-29 18:17 ` Geert Uytterhoeven
0 siblings, 0 replies; 8+ messages in thread
From: Geert Uytterhoeven @ 2022-06-29 18:17 UTC (permalink / raw)
To: Thomas Zimmermann
Cc: airlied, Nuno Gonçalves, javierm, dri-devel, stable
[-- Attachment #1: Type: text/plain, Size: 2046 bytes --]
Hi Thomas,
On Tue, 21 Jun 2022, Thomas Zimmermann wrote:
> Clip memory range to screen-buffer size to avoid out-of-bounds access
> in fbdev deferred I/O's damage handling.
>
> Fbdev's deferred I/O can only track pages. From the range of pages, the
> damage handler computes the clipping rectangle for the display update.
> If the fbdev screen buffer ends near the beginning of a page, that page
> could contain more scanlines. The damage handler would then track these
> non-existing scanlines as dirty and provoke an out-of-bounds access
> during the screen update. Hence, clip the maximum memory range to the
> size of the screen buffer.
>
> While at it, rename the variables min/max to min_off/max_off in
> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
> the same name.
>
> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in separate helper")
Thanks for your patch, which is now commit ae25885bdf59fde4
("drm/fb-helper: Fix out-of-bounds access") in drm-misc/for-linux-next.
I had seen the crash before, but thought it was a bug in my wip
atari-drm driver. When diving deeper today, and consequently looking
for recent changes to the damage helper, I found this commit in
linux-next.
With your patch instead of my own workaround I used this morning, [1]
still works fine, so:
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>.
Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>.
[1] [PATCH] drm/fb-helper: Remove helpers to change frame buffer config
https://lore.kernel.org/all/20220629105658.1373770-1-geert@linux-m68k.org
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
2022-06-29 18:17 ` Geert Uytterhoeven
@ 2022-06-30 6:37 ` Thomas Zimmermann
-1 siblings, 0 replies; 8+ messages in thread
From: Thomas Zimmermann @ 2022-06-30 6:37 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: airlied, Nuno Gonçalves, javierm, dri-devel, stable
[-- Attachment #1.1: Type: text/plain, Size: 2642 bytes --]
Hi
Am 29.06.22 um 20:17 schrieb Geert Uytterhoeven:
> Hi Thomas,
>
> On Tue, 21 Jun 2022, Thomas Zimmermann wrote:
>> Clip memory range to screen-buffer size to avoid out-of-bounds access
>> in fbdev deferred I/O's damage handling.
>>
>> Fbdev's deferred I/O can only track pages. From the range of pages, the
>> damage handler computes the clipping rectangle for the display update.
>> If the fbdev screen buffer ends near the beginning of a page, that page
>> could contain more scanlines. The damage handler would then track these
>> non-existing scanlines as dirty and provoke an out-of-bounds access
>> during the screen update. Hence, clip the maximum memory range to the
>> size of the screen buffer.
>>
>> While at it, rename the variables min/max to min_off/max_off in
>> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
>> the same name.
>>
>> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
>> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
>> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
>> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in
>> separate helper")
>
> Thanks for your patch, which is now commit ae25885bdf59fde4
> ("drm/fb-helper: Fix out-of-bounds access") in drm-misc/for-linux-next.
>
> I had seen the crash before, but thought it was a bug in my wip
> atari-drm driver. When diving deeper today, and consequently looking
> for recent changes to the damage helper, I found this commit in
> linux-next.
>
> With your patch instead of my own workaround I used this morning, [1]
> still works fine, so:
> Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>.
> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>.
Great thanks a lot.
BTW, what's the status of the atari-drm driver?
Best regard
Thomas
>
> [1] [PATCH] drm/fb-helper: Remove helpers to change frame buffer config
>
> https://lore.kernel.org/all/20220629105658.1373770-1-geert@linux-m68k.org
>
> Gr{oetje,eeting}s,
>
> Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 --
> geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker.
> But
> when I'm talking to journalists I just say "programmer" or something
> like that.
> -- Linus Torvalds
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix out-of-bounds access
@ 2022-06-30 6:37 ` Thomas Zimmermann
0 siblings, 0 replies; 8+ messages in thread
From: Thomas Zimmermann @ 2022-06-30 6:37 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: airlied, Nuno Gonçalves, stable, javierm, dri-devel
[-- Attachment #1.1: Type: text/plain, Size: 2642 bytes --]
Hi
Am 29.06.22 um 20:17 schrieb Geert Uytterhoeven:
> Hi Thomas,
>
> On Tue, 21 Jun 2022, Thomas Zimmermann wrote:
>> Clip memory range to screen-buffer size to avoid out-of-bounds access
>> in fbdev deferred I/O's damage handling.
>>
>> Fbdev's deferred I/O can only track pages. From the range of pages, the
>> damage handler computes the clipping rectangle for the display update.
>> If the fbdev screen buffer ends near the beginning of a page, that page
>> could contain more scanlines. The damage handler would then track these
>> non-existing scanlines as dirty and provoke an out-of-bounds access
>> during the screen update. Hence, clip the maximum memory range to the
>> size of the screen buffer.
>>
>> While at it, rename the variables min/max to min_off/max_off in
>> drm_fb_helper_deferred_io(). This avoids confusion with the macros of
>> the same name.
>>
>> Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
>> Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
>> Tested-by: Nuno Gonçalves <nunojpg@gmail.com>
>> Fixes: 67b723f5b742 ("drm/fb-helper: Calculate damaged area in
>> separate helper")
>
> Thanks for your patch, which is now commit ae25885bdf59fde4
> ("drm/fb-helper: Fix out-of-bounds access") in drm-misc/for-linux-next.
>
> I had seen the crash before, but thought it was a bug in my wip
> atari-drm driver. When diving deeper today, and consequently looking
> for recent changes to the damage helper, I found this commit in
> linux-next.
>
> With your patch instead of my own workaround I used this morning, [1]
> still works fine, so:
> Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>.
> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>.
Great thanks a lot.
BTW, what's the status of the atari-drm driver?
Best regard
Thomas
>
> [1] [PATCH] drm/fb-helper: Remove helpers to change frame buffer config
>
> https://lore.kernel.org/all/20220629105658.1373770-1-geert@linux-m68k.org
>
> Gr{oetje,eeting}s,
>
> Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 --
> geert@linux-m68k.org
>
> In personal conversations with technical people, I call myself a hacker.
> But
> when I'm talking to journalists I just say "programmer" or something
> like that.
> -- Linus Torvalds
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-06-30 6:37 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-21 10:46 [PATCH] drm/fb-helper: Fix out-of-bounds access Thomas Zimmermann
2022-06-21 10:46 ` Thomas Zimmermann
2022-06-23 7:57 ` Javier Martinez Canillas
2022-06-23 7:57 ` Javier Martinez Canillas
2022-06-29 18:17 ` Geert Uytterhoeven
2022-06-29 18:17 ` Geert Uytterhoeven
2022-06-30 6:37 ` Thomas Zimmermann
2022-06-30 6:37 ` Thomas Zimmermann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.