| Message ID | 20190423145353.30158-1-noralf@tronnes.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref | expand |
On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote: > Non-atomic drivers like ast doesn't have connector->state set resulting > in a NULL pointer deref: > > [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 > [ 29.609619] Call Trace: > [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680 > [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper] > [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0 > [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm] > [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast] > [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast] > [ 29.765775] drm_dev_register+0x111/0x150 [drm] > > Fix by bailing out if the driver does not support atomic modesetting. > > Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper") > Reported-by: Thomas Zimmermann <tzimmermann@suse.de> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Signed-off-by: Noralf Trønnes <noralf@tronnes.org> > --- > drivers/gpu/drm/drm_fb_helper.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c > index 2339f0f8f5a8..899c2eca26d1 100644 > --- a/drivers/gpu/drm/drm_fb_helper.c > +++ b/drivers/gpu/drm/drm_fb_helper.c > @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper, > int num_connectors_detected = 0; > struct drm_modeset_acquire_ctx ctx; > > + if (!drm_drv_uses_atomic_modeset(dev)) > + return false; Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> I think for merging we're already past feature freeze, but drm-misc-next-fixes hasn't been rolled forward yet. I think you need to wait for drm-misc maintainers to do that (I pinged them already), and then put this one there. -Daniel > + > save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL); > if (!save_enabled) > return false; > -- > 2.20.1 >
Thanks for fixing this so quickly. Tested-by: Thomas Zimmermann <tzimmermann@suse.de> Am 23.04.19 um 16:53 schrieb Noralf Trønnes: > Non-atomic drivers like ast doesn't have connector->state set resulting > in a NULL pointer deref: > > [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 > [ 29.609619] Call Trace: > [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680 > [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper] > [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0 > [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm] > [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast] > [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast] > [ 29.765775] drm_dev_register+0x111/0x150 [drm] > > Fix by bailing out if the driver does not support atomic modesetting. > > Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper") > Reported-by: Thomas Zimmermann <tzimmermann@suse.de> > Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > Cc: Jani Nikula <jani.nikula@linux.intel.com> > Signed-off-by: Noralf Trønnes <noralf@tronnes.org> > --- > drivers/gpu/drm/drm_fb_helper.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c > index 2339f0f8f5a8..899c2eca26d1 100644 > --- a/drivers/gpu/drm/drm_fb_helper.c > +++ b/drivers/gpu/drm/drm_fb_helper.c > @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper, > int num_connectors_detected = 0; > struct drm_modeset_acquire_ctx ctx; > > + if (!drm_drv_uses_atomic_modeset(dev)) > + return false; > + > save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL); > if (!save_enabled) > return false; >
Den 23.04.2019 21.01, skrev Daniel Vetter: > On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote: >> Non-atomic drivers like ast doesn't have connector->state set resulting >> in a NULL pointer deref: >> >> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 >> [ 29.609619] Call Trace: >> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680 >> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper] >> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0 >> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm] >> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast] >> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast] >> [ 29.765775] drm_dev_register+0x111/0x150 [drm] >> >> Fix by bailing out if the driver does not support atomic modesetting. >> >> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper") >> Reported-by: Thomas Zimmermann <tzimmermann@suse.de> >> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> >> Cc: Jani Nikula <jani.nikula@linux.intel.com> >> Signed-off-by: Noralf Trønnes <noralf@tronnes.org> >> --- >> drivers/gpu/drm/drm_fb_helper.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c >> index 2339f0f8f5a8..899c2eca26d1 100644 >> --- a/drivers/gpu/drm/drm_fb_helper.c >> +++ b/drivers/gpu/drm/drm_fb_helper.c >> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper, >> int num_connectors_detected = 0; >> struct drm_modeset_acquire_ctx ctx; >> >> + if (!drm_drv_uses_atomic_modeset(dev)) >> + return false; > > Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> > > I think for merging we're already past feature freeze, but > drm-misc-next-fixes hasn't been rolled forward yet. I think you need to > wait for drm-misc maintainers to do that (I pinged them already), and then > put this one there. I saw that -fixes was updated including Dave's i915 backported revert, so I have applied this to drm-misc-next-fixes. How/when will this show up in drm-misc-next? My drm_fb_helper refactoring needs to be rebased on this. Thanks, Noralf. > -Daniel > >> + >> save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL); >> if (!save_enabled) >> return false; >> -- >> 2.20.1 >> >
On Wed, Apr 24, 2019 at 4:06 PM Noralf Trønnes <noralf@tronnes.org> wrote: > > > > Den 23.04.2019 21.01, skrev Daniel Vetter: > > On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote: > >> Non-atomic drivers like ast doesn't have connector->state set resulting > >> in a NULL pointer deref: > >> > >> [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 > >> [ 29.609619] Call Trace: > >> [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680 > >> [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper] > >> [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0 > >> [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm] > >> [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast] > >> [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast] > >> [ 29.765775] drm_dev_register+0x111/0x150 [drm] > >> > >> Fix by bailing out if the driver does not support atomic modesetting. > >> > >> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper") > >> Reported-by: Thomas Zimmermann <tzimmermann@suse.de> > >> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> > >> Cc: Jani Nikula <jani.nikula@linux.intel.com> > >> Signed-off-by: Noralf Trønnes <noralf@tronnes.org> > >> --- > >> drivers/gpu/drm/drm_fb_helper.c | 3 +++ > >> 1 file changed, 3 insertions(+) > >> > >> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c > >> index 2339f0f8f5a8..899c2eca26d1 100644 > >> --- a/drivers/gpu/drm/drm_fb_helper.c > >> +++ b/drivers/gpu/drm/drm_fb_helper.c > >> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper, > >> int num_connectors_detected = 0; > >> struct drm_modeset_acquire_ctx ctx; > >> > >> + if (!drm_drv_uses_atomic_modeset(dev)) > >> + return false; > > > > Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> > > > > I think for merging we're already past feature freeze, but > > drm-misc-next-fixes hasn't been rolled forward yet. I think you need to > > wait for drm-misc maintainers to do that (I pinged them already), and then > > put this one there. > > I saw that -fixes was updated including Dave's i915 backported revert, > so I have applied this to drm-misc-next-fixes. > > How/when will this show up in drm-misc-next? My drm_fb_helper > refactoring needs to be rebased on this. Ask drm-misc maintainers that they need to send out a pull request and then backmerge drm-next into drm-misc-next for you. Adding them. -Daniel
diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c index 2339f0f8f5a8..899c2eca26d1 100644 --- a/drivers/gpu/drm/drm_fb_helper.c +++ b/drivers/gpu/drm/drm_fb_helper.c @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper, int num_connectors_detected = 0; struct drm_modeset_acquire_ctx ctx; + if (!drm_drv_uses_atomic_modeset(dev)) + return false; + save_enabled = kcalloc(count, sizeof(bool), GFP_KERNEL); if (!save_enabled) return false;
Non-atomic drivers like ast doesn't have connector->state set resulting in a NULL pointer deref: [ 29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 29.609619] Call Trace: [ 29.609630] ? drm_helper_probe_single_connector_modes+0x27f/0x680 [ 29.609640] drm_setup_crtcs+0x431/0xd80 [drm_kms_helper] [ 29.753065] __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0 [ 29.753160] ? drm_modeset_unlock_all+0x31/0x50 [drm] [ 29.765758] ast_fbdev_init+0xa8/0xc0 [ast] [ 29.765762] ast_driver_load.cold.7+0x2b3/0xe11 [ast] [ 29.765775] drm_dev_register+0x111/0x150 [drm] Fix by bailing out if the driver does not support atomic modesetting. Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper") Reported-by: Thomas Zimmermann <tzimmermann@suse.de> Cc: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: Jani Nikula <jani.nikula@linux.intel.com> Signed-off-by: Noralf Trønnes <noralf@tronnes.org> --- drivers/gpu/drm/drm_fb_helper.c | 3 +++ 1 file changed, 3 insertions(+)