superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/include/drm
History
Gaosheng Cui 6528971fdc drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED 
[ Upstream commit 387659939c ]

Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:

UBSAN: shift-out-of-bounds in ./include/drm/ttm/ttm_tt.h:122:26
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
 <TASK>
 dump_stack_lvl+0x7d/0xa5
 dump_stack+0x15/0x1b
 ubsan_epilogue+0xe/0x4e
 __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
 ttm_bo_move_memcpy+0x3b4/0x460 [ttm]
 bo_driver_move+0x32/0x40 [drm_vram_helper]
 ttm_bo_handle_move_mem+0x118/0x200 [ttm]
 ttm_bo_validate+0xfa/0x220 [ttm]
 drm_gem_vram_pin_locked+0x70/0x1b0 [drm_vram_helper]
 drm_gem_vram_pin+0x48/0xb0 [drm_vram_helper]
 drm_gem_vram_plane_helper_prepare_fb+0x53/0xe0 [drm_vram_helper]
 drm_gem_vram_simple_display_pipe_prepare_fb+0x26/0x30 [drm_vram_helper]
 drm_simple_kms_plane_prepare_fb+0x4d/0xe0 [drm_kms_helper]
 drm_atomic_helper_prepare_planes+0xda/0x210 [drm_kms_helper]
 drm_atomic_helper_commit+0xc3/0x1e0 [drm_kms_helper]
 drm_atomic_commit+0x9c/0x160 [drm]
 drm_client_modeset_commit_atomic+0x33a/0x380 [drm]
 drm_client_modeset_commit_locked+0x77/0x220 [drm]
 drm_client_modeset_commit+0x31/0x60 [drm]
 __drm_fb_helper_restore_fbdev_mode_unlocked+0xa7/0x170 [drm_kms_helper]
 drm_fb_helper_set_par+0x51/0x90 [drm_kms_helper]
 fbcon_init+0x316/0x790
 visual_init+0x113/0x1d0
 do_bind_con_driver+0x2a3/0x5c0
 do_take_over_console+0xa9/0x270
 do_fbcon_takeover+0xa1/0x170
 do_fb_registered+0x2a8/0x340
 fbcon_fb_registered+0x47/0xe0
 register_framebuffer+0x294/0x4a0
 __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper]
 drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper]
 drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper]
 drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper]
 bochs_pci_probe+0x6ca/0x772 [bochs]
 local_pci_probe+0x4d/0xb0
 pci_device_probe+0x119/0x320
 really_probe+0x181/0x550
 __driver_probe_device+0xc6/0x220
 driver_probe_device+0x32/0x100
 __driver_attach+0x195/0x200
 bus_for_each_dev+0xbb/0x120
 driver_attach+0x27/0x30
 bus_add_driver+0x22e/0x2f0
 driver_register+0xa9/0x190
 __pci_register_driver+0x90/0xa0
 bochs_pci_driver_init+0x52/0x1000 [bochs]
 do_one_initcall+0x76/0x430
 do_init_module+0x61/0x28a
 load_module+0x1f82/0x2e50
 __do_sys_finit_module+0xf8/0x190
 __x64_sys_finit_module+0x23/0x30
 do_syscall_64+0x58/0x80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
 </TASK>

Fixes: 3312be8f6f ("drm/ttm: move populated state into page flags")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221031113350.4180975-1-cuigaosheng1@huawei.com
Signed-off-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2022-12-31 13:32:06 +01:00
..
bridge drm: bridge: dw_hdmi: Audio: Add General Parallel Audio (GPA) driver 2022-04-19 18:23:48 +02:00
display Merge tag 'amd-drm-next-6.1-2022-09-08' of https://gitlab.freedesktop.org/agd5f/linux into drm-next 2022-09-12 19:17:41 +10:00
i2c
ttm drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED 2022-12-31 13:32:06 +01:00
amd_asic_type.h drm/amdgpu: add new asic_type for IP discovery 2021-10-04 15:23:01 -04:00
drm_aperture.h drm/aperture: Pass DRM driver structure instead of driver name 2021-07-01 11:11:55 +02:00
drm_atomic.h drm/atomic: fix warning of unused variable 2022-06-09 16:09:46 +02:00
drm_atomic_helper.h drm: drm_atomic_helper: Add a new helper to deal with the writeback connector validation 2022-09-05 20:12:16 -01:00
drm_atomic_state_helper.h drm/bridge: Add a drm_bridge_state object 2020-01-31 16:00:21 +01:00
drm_atomic_uapi.h drm: handle kernel fences in drm_gem_plane_helper_prepare_fb v2 2022-05-02 09:01:51 +02:00
drm_audio_component.h ALSA: hda/i915 - fix list corruption with concurrent probes 2020-10-09 16:46:04 +02:00
drm_auth.h drm: clarify usage of drm leases 2021-07-29 09:12:01 +02:00
drm_blend.h
drm_bridge.h drm/vc4: Add explicit declaration of 'drmm_of_get_bridge' 2022-07-21 12:15:56 +02:00
drm_bridge_connector.h drm: Add helper to create a connector for a chain of bridges 2020-02-26 13:31:41 +02:00
drm_buddy.h drm/selftests: add drm buddy alloc range testcase 2022-02-23 10:44:43 +01:00
drm_cache.h LoongArch: Add writecombine support for drm 2022-06-03 20:09:27 +08:00
drm_client.h dma-buf-map: Rename to iosys-map 2022-02-07 16:35:35 -08:00
drm_color_mgmt.h drm: Inline drm_color_lut_extract() 2019-11-29 21:29:17 +02:00
drm_connector.h drm pull for 6.1-rc1 2022-10-05 11:24:12 -07:00
drm_crtc.h drm/crtc: Introduce drmm_crtc_init_with_planes 2022-07-13 10:46:05 +02:00
drm_crtc_helper.h
drm_damage_helper.h drm/plane: Move drm_plane_enable_fb_damage_clips into core 2021-07-27 12:21:22 +02:00
drm_debugfs.h drm/debugfs: remove checks for return value of drm_debugfs functions. 2020-03-18 17:32:20 +01:00
drm_debugfs_crc.h
drm_device.h drm: Declare hashtable as legacy 2021-11-30 09:41:28 +01:00
drm_displayid.h drm/displayid: convert to drm_edid 2022-05-13 18:55:13 +03:00
drm_drv.h drm: Return error codes from struct drm_driver.gem_create_object 2021-12-02 11:12:39 +01:00
drm_edid.h drm/edid: Handle EDID 1.4 range descriptor h/vfreq offsets 2022-09-02 16:38:51 +03:00
drm_encoder.h drm/encoder: Introduce drmm_encoder_init 2022-07-13 10:46:05 +02:00
drm_encoder_slave.h drm: Remove linux/i2c.h from drm_crtc.h 2022-07-05 21:15:23 +03:00
drm_fb_dma_helper.h drm/gem: rename GEM CMA helpers to GEM DMA helpers 2022-08-03 18:31:49 +02:00
drm_fb_helper.h drm: Remove linux/fb.h from drm_crtc.h 2022-07-05 21:14:02 +03:00
drm_file.h drm: Remove the drm_get_unmapped_area() helper 2022-08-04 11:39:27 -04:00
drm_fixed.h
drm_flip_work.h
drm_format_helper.h drm/format-helper: Add drm_fb_build_fourcc_list() helper 2022-09-12 09:15:49 +02:00
drm_fourcc.h drm/fourcc: Add drm_format_info.is_color_indexed flag 2022-07-09 15:00:08 +02:00
drm_framebuffer.h drm/fb: Improve drm_framebuffer.offsets documentation 2022-07-09 15:58:52 +02:00
drm_gem.h Merge tag 'drm-msm-next-2022-09-22' of https://gitlab.freedesktop.org/drm/msm into drm-next 2022-09-28 11:35:25 +10:00
drm_gem_atomic_helper.h dma-buf-map: Rename to iosys-map 2022-02-07 16:35:35 -08:00
drm_gem_dma_helper.h drm/gem: rename struct drm_gem_dma_object.{paddr => dma_addr} 2022-08-03 18:32:27 +02:00
drm_gem_framebuffer_helper.h drm/gem: Ignore color planes that are unused by framebuffer format 2022-05-19 19:25:02 +02:00
drm_gem_shmem_helper.h drm: correct comments 2022-07-21 12:16:10 +02:00
drm_gem_ttm_helper.h dma-buf-map: Rename to iosys-map 2022-02-07 16:35:35 -08:00
drm_gem_vram_helper.h dma-buf-map: Rename to iosys-map 2022-02-07 16:35:35 -08:00
drm_ioctl.h drm: unexport drm_ioctl_permit 2021-08-13 17:50:48 +02:00
drm_lease.h
drm_legacy.h drm: Declare hashtable as legacy 2021-11-30 09:41:28 +01:00
drm_managed.h drm: Add DRM-managed mutex_init() 2022-05-05 09:04:10 +02:00
drm_mipi_dbi.h drm/probe-helper: Add drm_crtc_helper_mode_valid_fixed() 2022-09-12 09:14:26 +02:00
drm_mipi_dsi.h Merge tag 'drm-msm-next-2022-09-22' of https://gitlab.freedesktop.org/drm/msm into drm-next 2022-09-28 11:35:25 +10:00
drm_mm.h drm: Replace kernel.h with the necessary inclusions 2021-12-09 13:46:13 +01:00
drm_mode_config.h drm: remove allow_fb_modifiers 2022-01-31 21:45:24 +01:00
drm_mode_object.h drm/object: Add drm_object_property_get_default_value() function 2022-02-25 17:55:42 +01:00
drm_modes.h drm/modes: Add initializer macro DRM_MODE_INIT() 2022-09-12 09:14:59 +02:00
drm_modeset_helper.h
drm_modeset_helper_vtables.h drm/drm_modeset_helper_vtables.h: fix a typo 2022-04-06 15:23:08 +02:00
drm_modeset_lock.h drm/locking: fix drm_modeset_acquire_ctx kernel-doc 2022-01-20 14:41:25 +02:00
drm_module.h drm: Provide platform module-init macro 2022-01-19 18:40:18 +01:00
drm_of.h drm: of: Mark empty drm_of_get_data_lanes_count and drm_of_get_data_lanes_ep static 2022-06-12 16:07:05 +02:00
drm_panel.h drm/panel: drop DSC pps pointer 2022-09-18 09:38:06 -07:00
drm_pciids.h
drm_plane.h drm/plane: Allocate planes with drm_universal_plane_alloc() 2022-09-20 09:41:06 +02:00
drm_plane_helper.h drm/plane-helper: Provide DRM_PLANE_NON_ATOMIC_FUNCS initializer macro 2022-09-20 09:42:31 +02:00
drm_prime.h dma-buf-map: Rename to iosys-map 2022-02-07 16:35:35 -08:00
drm_print.h drm_print: add _ddebug descriptor to drm_*dbg prototypes 2022-09-24 15:02:02 +02:00
drm_privacy_screen_consumer.h drm/privacy-screen: Add notifier support (v2) 2021-10-14 13:12:25 +02:00
drm_privacy_screen_driver.h drm/privacy_screen: Add drvdata in drm_privacy_screen 2022-01-10 12:17:37 +01:00
drm_privacy_screen_machine.h drm/privacy-screen: Add X86 specific arch init code 2021-10-14 13:12:24 +02:00
drm_probe_helper.h drm/probe-helper: Add drm_crtc_helper_mode_valid_fixed() 2022-09-12 09:14:26 +02:00
drm_property.h drm: document drm_property_enum.value for bitfields 2021-07-26 10:08:22 +02:00
drm_rect.h drm/rect: Add DRM_RECT_INIT() macro 2022-06-27 13:45:48 +02:00
drm_self_refresh_helper.h
drm_simple_kms_helper.h drm/simple-kms: Support custom CRTC state 2021-08-08 20:14:08 +02:00
drm_syncobj.h
drm_sysfs.h drm/sysfs: introduce drm_sysfs_connector_hotplug_event 2021-11-02 14:27:06 +01:00
drm_util.h
drm_utils.h
drm_vblank.h drm/vblank: Document drm_crtc_vblank_restore constraints 2021-02-10 12:38:55 +01:00
drm_vblank_work.h drm/vblank: Add vblank works 2020-07-16 18:16:31 -04:00
drm_vma_manager.h drm/vma: Add a driver_private member to vma_node. 2021-06-11 10:53:18 +02:00
drm_writeback.h drm: introduce drm_writeback_connector_init_with_encoder() API 2022-05-02 02:12:59 +03:00
gma_drm.h
gpu_scheduler.h Merge drm/drm-fixes into drm-misc-fixes 2022-10-20 09:09:00 +02:00
gud.h drm/gud: Add GUD_PIXEL_FORMAT_RGB888 2021-10-04 12:06:14 +02:00
i915_component.h drm/i915/pxp: Define PXP component interface 2021-10-04 13:09:53 -04:00
i915_drm.h drm/i915: include uapi/drm/i915_drm.h directly where needed 2022-03-17 20:06:04 +02:00
i915_mei_hdcp_interface.h drm/display: Move HDCP helpers into display-helper module 2022-04-25 11:19:36 +02:00
i915_pciids.h drm/i915: Add new ADL-S pci id 2022-08-26 05:46:23 -07:00
i915_pxp_tee_interface.h drm/i915/pxp: Define PXP component interface 2021-10-04 13:09:53 -04:00
intel-gtt.h agp/intel: Rename intel-gtt symbols 2022-06-22 15:52:55 -07:00
intel_lpe_audio.h
spsc_queue.h
task_barrier.h drm: Add Reusable task barrier. 2019-12-18 16:09:12 -05:00