* [PATCH 1/2] drm/vmwgfx: Fix an uninitialized fence handle value
@ 2019-01-29 13:02 Thomas Hellstrom
2019-01-29 13:03 ` [PATCH 2/2] drm/vmwgfx: Also check for crtc status while checking for DU active Thomas Hellstrom
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Hellstrom @ 2019-01-29 13:02 UTC (permalink / raw)
To: dri-devel; +Cc: Thomas Hellstrom, stable
if vmw_execbuf_fence_commands() fails, The handle value will be
uninitialized and a bogus fence handle might be copied to user-space.
Cc: <stable@vger.kernel.org>
Fixes: 2724b2d54cda: ("drm/vmwgfx: Use new validation interface for the modesetting code v2")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Reviewed-by: Brian Paul <brianp@vmware.com>
Reviewed-by: Sinclair Yeh <syeh@vmware.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index b351fb5214d3..3330bc89f1b9 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -2554,7 +2554,7 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv,
user_fence_rep)
{
struct vmw_fence_obj *fence = NULL;
- uint32_t handle;
+ uint32_t handle = 0;
int ret;
if (file_priv || user_fence_rep || vmw_validation_has_bos(ctx) ||
@@ -2562,7 +2562,7 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv,
ret = vmw_execbuf_fence_commands(file_priv, dev_priv, &fence,
file_priv ? &handle : NULL);
vmw_validation_done(ctx, fence);
- if (file_priv)
+ if (file_priv && !ret)
vmw_execbuf_copy_fence_user(dev_priv, vmw_fpriv(file_priv),
ret, user_fence_rep, fence,
handle, -1, NULL);
--
2.19.0.rc1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] drm/vmwgfx: Also check for crtc status while checking for DU active
2019-01-29 13:02 [PATCH 1/2] drm/vmwgfx: Fix an uninitialized fence handle value Thomas Hellstrom
@ 2019-01-29 13:03 ` Thomas Hellstrom
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Hellstrom @ 2019-01-29 13:03 UTC (permalink / raw)
To: dri-devel; +Cc: Deepak Rawat, stable, Thomas Hellstrom
From: Deepak Rawat <drawat@vmware.com>
During modeset check it is possible to have all crtc_state's in atomic
state. Check for crtc enable status while checking for display unit
active status. Only error if enabling a crtc while display unit is not
active.
Cc: <stable@vger.kernel.org>
Fixes: 9da6e26c0aae: ("drm/vmwgfx: Fix a layout race condition")
Signed-off-by: Deepak Rawat <drawat@vmware.com>
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 3330bc89f1b9..9c8cdae5a4fa 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -1646,7 +1646,7 @@ static int vmw_kms_check_topology(struct drm_device *dev,
struct drm_connector_state *conn_state;
struct vmw_connector_state *vmw_conn_state;
- if (!du->pref_active) {
+ if (!du->pref_active && new_crtc_state->enable) {
ret = -EINVAL;
goto clean;
}
--
2.19.0.rc1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-01-29 13:03 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-29 13:02 [PATCH 1/2] drm/vmwgfx: Fix an uninitialized fence handle value Thomas Hellstrom
2019-01-29 13:03 ` [PATCH 2/2] drm/vmwgfx: Also check for crtc status while checking for DU active Thomas Hellstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).