superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/gpu/drm
History
Suraj Kandpal 342ccffd9f drm/display/dp_mst: Add protection against 0 vcpi 
When releasing a timeslot there is a slight chance we may end up
with the wrong payload mask due to overflow if the delayed_destroy_work
ends up coming into play after a DP 2.1 monitor gets disconnected
which causes vcpi to become 0 then we try to make the payload =
~BIT(vcpi - 1) which is a negative shift. VCPI id should never
really be 0 hence skip changing the payload mask if VCPI is 0.

Otherwise it leads to
<7> [515.287237] xe 0000:03:00.0: [drm:drm_dp_mst_get_port_malloc
[drm_display_helper]] port ffff888126ce9000 (3)
<4> [515.287267] -----------[ cut here ]-----------
<3> [515.287268] UBSAN: shift-out-of-bounds in
../drivers/gpu/drm/display/drm_dp_mst_topology.c:4575:36
<3> [515.287271] shift exponent -1 is negative
<4> [515.287275] CPU: 7 UID: 0 PID: 3108 Comm: kworker/u64:33 Tainted: G
S U 6.17.0-rc6-lgci-xe-xe-3795-3e79699fa1b216e92+ #1 PREEMPT(voluntary)
<4> [515.287279] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER
<4> [515.287279] Hardware name: ASUS System Product Name/PRIME Z790-P
WIFI, BIOS 1645 03/15/2024
<4> [515.287281] Workqueue: drm_dp_mst_wq drm_dp_delayed_destroy_work
[drm_display_helper]
<4> [515.287303] Call Trace:
<4> [515.287304] <TASK>
<4> [515.287306] dump_stack_lvl+0xc1/0xf0
<4> [515.287313] dump_stack+0x10/0x20
<4> [515.287316] __ubsan_handle_shift_out_of_bounds+0x133/0x2e0
<4> [515.287324] ? drm_atomic_get_private_obj_state+0x186/0x1d0
<4> [515.287333] drm_dp_atomic_release_time_slots.cold+0x17/0x3d
[drm_display_helper]
<4> [515.287355] mst_connector_atomic_check+0x159/0x180 [xe]
<4> [515.287546] drm_atomic_helper_check_modeset+0x4d9/0xfa0
<4> [515.287550] ? __ww_mutex_lock.constprop.0+0x6f/0x1a60
<4> [515.287562] intel_atomic_check+0x119/0x2b80 [xe]
<4> [515.287740] ? find_held_lock+0x31/0x90
<4> [515.287747] ? lock_release+0xce/0x2a0
<4> [515.287754] drm_atomic_check_only+0x6a2/0xb40
<4> [515.287758] ? drm_atomic_add_affected_connectors+0x12b/0x140
<4> [515.287765] drm_atomic_commit+0x6e/0xf0
<4> [515.287766] ? _pfx__drm_printfn_info+0x10/0x10
<4> [515.287774] drm_client_modeset_commit_atomic+0x25c/0x2b0
<4> [515.287794] drm_client_modeset_commit_locked+0x60/0x1b0
<4> [515.287795] ? mutex_lock_nested+0x1b/0x30
<4> [515.287801] drm_client_modeset_commit+0x26/0x50
<4> [515.287804] __drm_fb_helper_restore_fbdev_mode_unlocked+0xdc/0x110
<4> [515.287810] drm_fb_helper_hotplug_event+0x120/0x140
<4> [515.287814] drm_fbdev_client_hotplug+0x28/0xd0
<4> [515.287819] drm_client_hotplug+0x6c/0xf0
<4> [515.287824] drm_client_dev_hotplug+0x9e/0xd0
<4> [515.287829] drm_kms_helper_hotplug_event+0x1a/0x30
<4> [515.287834] drm_dp_delayed_destroy_work+0x3df/0x410
[drm_display_helper]
<4> [515.287861] process_one_work+0x22b/0x6f0
<4> [515.287874] worker_thread+0x1e8/0x3d0
<4> [515.287879] ? __pfx_worker_thread+0x10/0x10
<4> [515.287882] kthread+0x11c/0x250
<4> [515.287886] ? __pfx_kthread+0x10/0x10
<4> [515.287890] ret_from_fork+0x2d7/0x310
<4> [515.287894] ? __pfx_kthread+0x10/0x10
<4> [515.287897] ret_from_fork_asm+0x1a/0x30

Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6303
Signed-off-by: Suraj Kandpal <suraj.kandpal@intel.com>
Reviewed-by: Imre Deak <imre.deak@intel.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Link: https://patch.msgid.link/20251119094650.799135-1-suraj.kandpal@intel.com
 		2025-11-28 11:25:20 +05:30
..
adp drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
amd drm/amd/display: Enable support for Gamma 2.2 2025-11-26 23:09:44 +01:00
arm drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
armada drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
aspeed
ast drm/ast: Handle framebuffer from dma-buf 2025-11-10 16:02:13 +01:00
atmel-hlcdc drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
bridge drm/bridge: simple: add ASL CS5263 DP-to-HDMI bridge 2025-11-24 17:54:56 +01:00
ci
clients drm/client: log: Implement struct drm_client_funcs.restore 2025-11-25 08:43:48 +01:00
display drm/display/dp_mst: Add protection against 0 vcpi 2025-11-28 11:25:20 +05:30
etnaviv drm/etnaviv: add HWDB entry for GC8000 Nano Ultra VIP r6205 2025-11-04 16:44:40 +01:00
exynos drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
fsl-dcu drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
gma500 drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
gud drm/gud: rearrange gud_probe() to prepare for function splitting 2025-10-24 19:36:45 +01:00
hisilicon drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
hyperv drm/hyperv: include drm_print.h where needed 2025-11-04 14:37:15 +02:00
i915 drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
imagination drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() 2025-10-31 14:34:53 +00:00
imx drm/imx/ipuv3: Fix dumb-buffer allocation for non-RGB formats 2025-11-13 14:56:17 +01:00
ingenic drm/ingenic: crtc: Switch to ingenic_drm_get_new_priv_state() 2025-10-06 13:59:22 +02:00
kmb drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
lib
lima drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
logicvc drm/logicvc: Switch to drm_atomic_get_new_crtc_state() 2025-10-06 13:59:15 +02:00
loongson drm/ttm: Replace multiple booleans with flags in device init 2025-10-31 09:14:35 +00:00
mcde drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
mediatek drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
meson drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
mgag200 drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
msm drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
mxsfb drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
nouveau drm/nouveau: fully define nvfw_hs_load_header_v2 2025-11-12 12:53:11 -05:00
nova
omapdrm drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
panel drm/edp-panel: Add touchscreen panel used by Lenovo X13s 2025-11-24 09:10:10 -08:00
panfrost drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
panthor drm/panthor: Reset queue slots if termination fails 2025-11-26 12:51:37 +01:00
pl111 drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
qxl drm/ttm: Replace multiple booleans with flags in device init 2025-10-31 09:14:35 +00:00
radeon drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
renesas drm: rcar-du: fix incorrect return in rcar_du_crtc_cleanup() 2025-11-05 11:17:26 +02:00
rockchip drm/rockchip: vop2: Use OVL_LAYER_SEL configuration instead of use win_mask calculate used layers 2025-11-15 00:36:09 +01:00
scheduler drm/sched: Replace use of system_wq with system_percpu_wq 2025-11-07 09:09:03 +01:00
sitronix drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
solomon drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
sprd
sti drm/sti: hdmi: add bridge before attaching 2025-11-03 13:04:55 +01:00
stm drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
sun4i drm/sun4i: Nuke mixer pointer from layer code 2025-11-12 17:18:25 +08:00
sysfb drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
tegra drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
tests drm/tests: Add a few tests around drm_fixed.h 2025-11-26 23:03:33 +01:00
tidss drm/tidss: Move OLDI mode validation to OLDI bridge mode_valid hook 2025-11-12 11:54:39 +02:00
tilcdc drm/tilcdc: Switch to drm_atomic_get_new_crtc_state() 2025-10-06 13:59:19 +02:00
tiny drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
ttm drm/ttm: rework pipelined eviction fence handling 2025-11-26 13:12:23 +01:00
tve200 drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
tyr
udl drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
v3d drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
vboxvideo drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
vc4 drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
vgem drm/vgem-fence: Fix potential deadlock on release 2025-10-06 15:05:17 +02:00
virtio drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
vkms drm/colorop: allow non-bypass colorops 2025-11-26 23:09:17 +01:00
vmwgfx drm/vmwgfx: use drm_crtc_vblank_crtc() 2025-11-10 13:24:07 +02:00
xe Merge tag 'drm-misc-next-2025-11-05-1' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-next 2025-11-07 12:41:26 +10:00
xen drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
xlnx drm/xlnx: Compute dumb-buffer sizes with drm_mode_size_dumb() 2025-09-29 17:50:54 +02:00
Kconfig hyperv-next for v6.18 2025-10-07 08:40:15 -07:00
Kconfig.debug
Makefile drm/colorop: Introduce new drm_colorop mode object 2025-11-26 23:03:30 +01:00
drm_atomic.c drm/colorop: Add 3D LUT support to color pipeline 2025-11-26 23:09:42 +01:00
drm_atomic_helper.c drm/colorop: Introduce new drm_colorop mode object 2025-11-26 23:03:30 +01:00
drm_atomic_state_helper.c drm/plane: Add COLOR PIPELINE property 2025-11-26 23:03:32 +01:00
drm_atomic_uapi.c drm/colorop: Add 3D LUT support to color pipeline 2025-11-26 23:09:42 +01:00
drm_auth.c
drm_blend.c
drm_bridge.c drm/bridge: add warning for bridges using neither devm_drm_bridge_alloc() nor drm_bridge_add() 2025-11-03 13:04:55 +01:00
drm_bridge_helper.c
drm_buddy.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_cache.c
drm_client.c drm/client: Support emergency restore via sysrq for all clients 2025-11-25 08:43:47 +01:00
drm_client_event.c drm/client: Pass force parameter to client restore 2025-11-25 08:43:46 +01:00
drm_client_modeset.c
drm_client_sysrq.c drm/client: Support emergency restore via sysrq for all clients 2025-11-25 08:43:47 +01:00
drm_color_mgmt.c drm: Add Enhanced LUT precision structure 2025-11-26 23:03:35 +01:00
drm_colorop.c drm/colorop: Add DRM_COLOROP_1D_CURVE_GAMMA22 to 1D Curve 2025-11-26 23:09:44 +01:00
drm_connector.c drm/colorop: Introduce DRM_CLIENT_CAP_PLANE_COLOR_PIPELINE 2025-11-26 23:03:32 +01:00
drm_crtc.c drm/drm_crtc: Introduce sharpness strength property 2025-10-30 15:38:04 +02:00
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h drm/colorop: Introduce DRM_CLIENT_CAP_PLANE_COLOR_PIPELINE 2025-11-26 23:03:32 +01:00
drm_damage_helper.c
drm_debugfs.c
drm_debugfs_crc.c
drm_displayid.c drm/displayid: add quirk to ignore DisplayID checksum errors 2025-11-04 14:49:30 +02:00
drm_displayid_internal.h drm/displayid: add quirk to ignore DisplayID checksum errors 2025-11-04 14:49:30 +02:00
drm_draw.c drm/draw: fix color truncation in drm_draw_fill24 2025-10-14 09:25:10 +02:00
drm_draw_internal.h drm/draw: fix color truncation in drm_draw_fill24 2025-10-14 09:25:10 +02:00
drm_drv.c drm/client: Support emergency restore via sysrq for all clients 2025-11-25 08:43:47 +01:00
drm_dumb_buffers.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_edid.c drm/edid: add 6 bpc quirk to the Sharp LQ116M1JW10 2025-11-06 08:51:21 -08:00
drm_edid_load.c
drm_eld.c
drm_encoder.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
drm_fbdev_dma.c drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
drm_fbdev_shmem.c drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
drm_fbdev_ttm.c drm/fb-helper: Allocate and release fb_info in single place 2025-11-25 11:02:43 +01:00
drm_file.c drm/client: Pass force parameter to client restore 2025-11-25 08:43:46 +01:00
drm_flip_work.c
drm_format_helper.c
drm_format_internal.h
drm_fourcc.c
drm_framebuffer.c drm/framebuffer: Switch to drm_atomic_get_new_crtc_state() 2025-10-06 13:59:21 +02:00
drm_gem.c drm/gem: Correct error condition in drm_gem_objects_lookup 2025-11-26 11:18:18 +00:00
drm_gem_atomic_helper.c drm/gem-atomic: Reset plane state to NULL if allocation failed 2025-10-26 17:12:58 +01:00
drm_gem_dma_helper.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_gem_framebuffer_helper.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_gem_shmem_helper.c drm/gem-shmem: Compute dumb-buffer sizes with drm_mode_size_dumb() 2025-09-29 13:57:45 +02:00
drm_gem_ttm_helper.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_gem_vram_helper.c drm/ttm: Replace multiple booleans with flags in device init 2025-10-31 09:14:35 +00:00
drm_gpusvm.c drm/gpusvm, drm/xe: Allow mixed mappings for userptr 2025-10-17 10:25:27 +02:00
drm_gpuvm.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_internal.h drm/client: Support emergency restore via sysrq for all clients 2025-11-25 08:43:47 +01:00
drm_ioc32.c
drm_ioctl.c drm/colorop: Introduce DRM_CLIENT_CAP_PLANE_COLOR_PIPELINE 2025-11-26 23:03:32 +01:00
drm_kms_helper_common.c
drm_lease.c
drm_managed.c
drm_mipi_dbi.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_mipi_dsi.c
drm_mm.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_mode_config.c drm/colorop: Introduce new drm_colorop mode object 2025-11-26 23:03:30 +01:00
drm_mode_object.c drm/colorop: Introduce DRM_CLIENT_CAP_PLANE_COLOR_PIPELINE 2025-11-26 23:03:32 +01:00
drm_modes.c
drm_modeset_helper.c drm/client: Remove holds_console_lock parameter from suspend/resume 2025-10-18 17:35:09 +02:00
drm_modeset_lock.c
drm_of.c
drm_pagemap.c
drm_panel.c
drm_panel_backlight_quirks.c
drm_panel_orientation_quirks.c
drm_panic.c
drm_panic_qr.rs
drm_pci.c
drm_plane.c drm/plane: Add COLOR PIPELINE property 2025-11-26 23:03:32 +01:00
drm_plane_helper.c
drm_prime.c drm: include drm_print.h where needed 2025-10-31 10:34:52 +02:00
drm_print.c
drm_privacy_screen.c
drm_privacy_screen_x86.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_suballoc.c
drm_syncobj.c
drm_sysfs.c
drm_trace.h
drm_trace_points.c
drm_vblank.c drm/vblank: Increase timeout in drm_wait_one_vblank() 2025-11-07 09:48:35 +01:00
drm_vblank_helper.c drm/vblank: Add CRTC helpers for simple use cases 2025-10-01 08:32:00 +02:00
drm_vblank_work.c drm/vblank: use drm_crtc_vblank_crtc() in workers 2025-11-10 13:22:58 +02:00
drm_vma_manager.c
drm_writeback.c