* [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref
@ 2019-04-23 14:53 Noralf Trønnes
2019-04-23 19:01 ` Daniel Vetter
2019-04-24 6:28 ` Thomas Zimmermann
0 siblings, 2 replies; 5+ messages in thread
From: Noralf Trønnes @ 2019-04-23 14:53 UTC (permalink / raw)
To: dri-devel; +Cc: Daniel Vetter, Thomas Zimmermann
Non-atomic drivers like ast doesn't have connector->state set resulting
in a NULL pointer deref:
[ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
[ 29.609619] Call Trace:
[ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680
[ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
[ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
[ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm]
[ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast]
[ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast]
[ 29.765775] drm_dev_register+0x111/0x150 [drm]
Fix by bailing out if the driver does not support atomic modesetting.
Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Jani Nikula <jani.nikula@linux.intel.com>
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
---
drivers/gpu/drm/drm_fb_helper.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 2339f0f8f5a8..899c2eca26d1 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
int num_connectors_detected = 0;
struct drm_modeset_acquire_ctx ctx;
+ if (!drm_drv_uses_atomic_modeset(dev))
+ return false;
+
save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL);
if (!save_enabled)
return false;
--
2.20.1
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref
2019-04-23 14:53 [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref Noralf Trønnes
@ 2019-04-23 19:01 ` Daniel Vetter
2019-04-24 14:06 ` Noralf Trønnes
2019-04-24 6:28 ` Thomas Zimmermann
1 sibling, 1 reply; 5+ messages in thread
From: Daniel Vetter @ 2019-04-23 19:01 UTC (permalink / raw)
To: Noralf Trønnes; +Cc: Daniel Vetter, Thomas Zimmermann, dri-devel
On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote:
> Non-atomic drivers like ast doesn't have connector->state set resulting
> in a NULL pointer deref:
>
> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> [ 29.609619] Call Trace:
> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680
> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm]
> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast]
> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast]
> [ 29.765775] drm_dev_register+0x111/0x150 [drm]
>
> Fix by bailing out if the driver does not support atomic modesetting.
>
> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
> Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Jani Nikula <jani.nikula@linux.intel.com>
> Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 2339f0f8f5a8..899c2eca26d1 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
> int num_connectors_detected = 0;
> struct drm_modeset_acquire_ctx ctx;
>
> + if (!drm_drv_uses_atomic_modeset(dev))
> + return false;
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
I think for merging we're already past feature freeze, but
drm-misc-next-fixes hasn't been rolled forward yet. I think you need to
wait for drm-misc maintainers to do that (I pinged them already), and then
put this one there.
-Daniel
> +
> save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL);
> if (!save_enabled)
> return false;
> --
> 2.20.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref
2019-04-23 14:53 [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref Noralf Trønnes
2019-04-23 19:01 ` Daniel Vetter
@ 2019-04-24 6:28 ` Thomas Zimmermann
1 sibling, 0 replies; 5+ messages in thread
From: Thomas Zimmermann @ 2019-04-24 6:28 UTC (permalink / raw)
To: Noralf Trønnes, dri-devel; +Cc: Daniel Vetter
[-- Attachment #1.1.1: Type: text/plain, Size: 2031 bytes --]
Thanks for fixing this so quickly.
Tested-by: Thomas Zimmermann <tzimmermann@suse.de>
Am 23.04.19 um 16:53 schrieb Noralf Trønnes:
> Non-atomic drivers like ast doesn't have connector->state set resulting
> in a NULL pointer deref:
>
> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> [ 29.609619] Call Trace:
> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680
> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm]
> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast]
> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast]
> [ 29.765775] drm_dev_register+0x111/0x150 [drm]
>
> Fix by bailing out if the driver does not support atomic modesetting.
>
> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
> Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> Cc: Jani Nikula <jani.nikula@linux.intel.com>
> Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 2339f0f8f5a8..899c2eca26d1 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
> int num_connectors_detected = 0;
> struct drm_modeset_acquire_ctx ctx;
>
> + if (!drm_drv_uses_atomic_modeset(dev))
> + return false;
> +
> save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL);
> if (!save_enabled)
> return false;
>
--
Thomas Zimmermann
Graphics Driver Developer
SUSE Linux GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG Nürnberg)
[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 159 bytes --]
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref
2019-04-23 19:01 ` Daniel Vetter
@ 2019-04-24 14:06 ` Noralf Trønnes
2019-04-24 14:22 ` Daniel Vetter
0 siblings, 1 reply; 5+ messages in thread
From: Noralf Trønnes @ 2019-04-24 14:06 UTC (permalink / raw)
To: Daniel Vetter; +Cc: Daniel Vetter, Thomas Zimmermann, dri-devel
Den 23.04.2019 21.01, skrev Daniel Vetter:
> On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote:
>> Non-atomic drivers like ast doesn't have connector->state set resulting
>> in a NULL pointer deref:
>>
>> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
>> [ 29.609619] Call Trace:
>> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680
>> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
>> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
>> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm]
>> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast]
>> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast]
>> [ 29.765775] drm_dev_register+0x111/0x150 [drm]
>>
>> Fix by bailing out if the driver does not support atomic modesetting.
>>
>> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
>> Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
>> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
>> Cc: Jani Nikula <jani.nikula@linux.intel.com>
>> Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
>> ---
>> drivers/gpu/drm/drm_fb_helper.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
>> index 2339f0f8f5a8..899c2eca26d1 100644
>> --- a/drivers/gpu/drm/drm_fb_helper.c
>> +++ b/drivers/gpu/drm/drm_fb_helper.c
>> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
>> int num_connectors_detected = 0;
>> struct drm_modeset_acquire_ctx ctx;
>>
>> + if (!drm_drv_uses_atomic_modeset(dev))
>> + return false;
>
> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
>
> I think for merging we're already past feature freeze, but
> drm-misc-next-fixes hasn't been rolled forward yet. I think you need to
> wait for drm-misc maintainers to do that (I pinged them already), and then
> put this one there.
I saw that -fixes was updated including Dave's i915 backported revert,
so I have applied this to drm-misc-next-fixes.
How/when will this show up in drm-misc-next? My drm_fb_helper
refactoring needs to be rebased on this.
Thanks,
Noralf.
> -Daniel
>
>> +
>> save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL);
>> if (!save_enabled)
>> return false;
>> --
>> 2.20.1
>>
>
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref
2019-04-24 14:06 ` Noralf Trønnes
@ 2019-04-24 14:22 ` Daniel Vetter
0 siblings, 0 replies; 5+ messages in thread
From: Daniel Vetter @ 2019-04-24 14:22 UTC (permalink / raw)
To: Noralf Trønnes, Maarten Lankhorst, Maxime Ripard, Sean Paul
Cc: Thomas Zimmermann, dri-devel
On Wed, Apr 24, 2019 at 4:06 PM Noralf Trønnes <noralf@tronnes.org> wrote:
>
>
>
> Den 23.04.2019 21.01, skrev Daniel Vetter:
> > On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote:
> >> Non-atomic drivers like ast doesn't have connector->state set resulting
> >> in a NULL pointer deref:
> >>
> >> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> >> [ 29.609619] Call Trace:
> >> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680
> >> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
> >> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
> >> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm]
> >> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast]
> >> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast]
> >> [ 29.765775] drm_dev_register+0x111/0x150 [drm]
> >>
> >> Fix by bailing out if the driver does not support atomic modesetting.
> >>
> >> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
> >> Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
> >> Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
> >> Cc: Jani Nikula <jani.nikula@linux.intel.com>
> >> Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
> >> ---
> >> drivers/gpu/drm/drm_fb_helper.c | 3 +++
> >> 1 file changed, 3 insertions(+)
> >>
> >> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> >> index 2339f0f8f5a8..899c2eca26d1 100644
> >> --- a/drivers/gpu/drm/drm_fb_helper.c
> >> +++ b/drivers/gpu/drm/drm_fb_helper.c
> >> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
> >> int num_connectors_detected = 0;
> >> struct drm_modeset_acquire_ctx ctx;
> >>
> >> + if (!drm_drv_uses_atomic_modeset(dev))
> >> + return false;
> >
> > Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
> >
> > I think for merging we're already past feature freeze, but
> > drm-misc-next-fixes hasn't been rolled forward yet. I think you need to
> > wait for drm-misc maintainers to do that (I pinged them already), and then
> > put this one there.
>
> I saw that -fixes was updated including Dave's i915 backported revert,
> so I have applied this to drm-misc-next-fixes.
>
> How/when will this show up in drm-misc-next? My drm_fb_helper
> refactoring needs to be rebased on this.
Ask drm-misc maintainers that they need to send out a pull request and
then backmerge drm-next into drm-misc-next for you. Adding them.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-04-24 14:22 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-23 14:53 [PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref Noralf Trønnes
2019-04-23 19:01 ` Daniel Vetter
2019-04-24 14:06 ` Noralf Trønnes
2019-04-24 14:22 ` Daniel Vetter
2019-04-24 6:28 ` Thomas Zimmermann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).