d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bc346eefbd
freebsd-nq/sys
History
Jean-Sébastien Pédron bc346eefbd drm: Import Linux commit b7ea85a4fed37835eec78a7be3039c8dc22b8178 
Author: Huacai Chen <chenhc@lemote.com>
Date:   Tue May 21 06:23:43 2013 +0000

    drm: fix a use-after-free when GPU acceleration disabled

    When GPU acceleration is disabled, drm_vblank_cleanup() will free the
    vblank-related data, such as vblank_refcount, vblank_inmodeset, etc.
    But we found that drm_vblank_post_modeset() may be called after the
    cleanup, which use vblank_refcount and vblank_inmodeset. And this will
    cause a kernel panic.

    Fix this by return immediately if dev->num_crtcs is zero. This is the
    same thing that drm_vblank_pre_modeset() does.

    Call trace of a drm_vblank_post_modeset() after drm_vblank_cleanup():
    [   62.628906] [<ffffffff804868d0>] drm_vblank_post_modeset+0x34/0xb4
    [   62.628906] [<ffffffff804c7008>] atombios_crtc_dpms+0xb4/0x174
    [   62.628906] [<ffffffff804c70e0>] atombios_crtc_commit+0x18/0x38
    [   62.628906] [<ffffffff8047f038>] drm_crtc_helper_set_mode+0x304/0x3cc
    [   62.628906] [<ffffffff8047f92c>] drm_crtc_helper_set_config+0x6d8/0x988
    [   62.628906] [<ffffffff8047dd40>] drm_fb_helper_set_par+0x94/0x104
    [   62.628906] [<ffffffff80439d14>] fbcon_init+0x424/0x57c
    [   62.628906] [<ffffffff8046a638>] visual_init+0xb8/0x118
    [   62.628906] [<ffffffff8046b9f8>] take_over_console+0x238/0x384
    [   62.628906] [<ffffffff80436df8>] fbcon_takeover+0x7c/0xdc
    [   62.628906] [<ffffffff8024fa20>] notifier_call_chain+0x44/0x94
    [   62.628906] [<ffffffff8024fcbc>] __blocking_notifier_call_chain+0x48/0x68
    [   62.628906] [<ffffffff8042d990>] register_framebuffer+0x228/0x260
    [   62.628906] [<ffffffff8047e010>] drm_fb_helper_single_fb_probe+0x260/0x314
    [   62.628906] [<ffffffff8047e2c4>] drm_fb_helper_initial_config+0x200/0x234
    [   62.628906] [<ffffffff804e5560>] radeon_fbdev_init+0xd4/0xf4
    [   62.628906] [<ffffffff804e0e08>] radeon_modeset_init+0x9bc/0xa18
    [   62.628906] [<ffffffff804bfc14>] radeon_driver_load_kms+0xdc/0x12c
    [   62.628906] [<ffffffff8048b548>] drm_get_pci_dev+0x148/0x238
    [   62.628906] [<ffffffff80423564>] local_pci_probe+0x5c/0xd0
    [   62.628906] [<ffffffff80241ac4>] work_for_cpu_fn+0x1c/0x30
    [   62.628906] [<ffffffff802427c8>] process_one_work+0x274/0x3bc
    [   62.628906] [<ffffffff80242934>] process_scheduled_works+0x24/0x44
    [   62.628906] [<ffffffff8024515c>] worker_thread+0x31c/0x3f4
    [   62.628906] [<ffffffff802497a8>] kthread+0x88/0x90
    [   62.628906] [<ffffffff80206794>] kernel_thread_helper+0x10/0x18

    Signed-off-by: Huacai Chen <chenhc@lemote.com>
    Signed-off-by: Binbin Zhou <zhoubb@lemote.com>
    Cc: <stable@vger.kernel.org>
    Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
    Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
    Signed-off-by: Dave Airlie <airlied@gmail.com>

Reported by:	J.R. Oldroyd <fbsd@opal.com>
MFC after:	2 weeks
2015-03-04 20:43:46 +00:00
..
amd64 Fix warnings/errors when building vmm.ko with gcc: 2015-03-02 20:13:49 +00:00
arm Add a "module" to build the dtb files for all supported imx6 systems. 2015-03-02 22:12:56 +00:00
boot When compiling boot2 with gcc on i386 and pc98, only use the custom flag 2015-03-04 20:33:15 +00:00
bsm
cam Make periphdriver_register() take XPT lock when modifying the periph_drivers 2015-03-02 22:48:11 +00:00
cddl Fix the dtrace ARM atomic compare-and-set functions. These functions are 2015-03-01 10:04:14 +00:00
compat Run make sysent. 2015-01-23 21:08:24 +00:00
conf Record the dependency to x86bios in vga_pci 2015-03-01 20:54:29 +00:00
contrib Merge ACPICA 20141107 and 20150204. 2015-02-18 20:33:00 +00:00
crypto Add some new modes to OpenCrypto. These modes are AES-ICM (can be used 2014-12-12 19:56:36 +00:00
ddb
dev drm: Import Linux commit b7ea85a4fed37835eec78a7be3039c8dc22b8178 2015-03-04 20:43:46 +00:00
fs Fix white spaces. 2015-03-02 19:14:58 +00:00
gdb
geom Replace constant with proper sizeof(). 2015-02-25 10:18:11 +00:00
gnu Merge latest (commit c8c1b3a77934768c7f7a4a9c10140c8bec529059) files 2015-02-28 00:06:04 +00:00
i386 Implement interface to create SR-IOV Virtual Functions 2015-03-01 00:40:09 +00:00
isa
kern Move libnv into the kernel and hook it into the kernel build 2015-03-01 00:34:27 +00:00
kgssapi
libkern Implement asprintf in libkern 2015-03-01 00:22:16 +00:00
mips Add ethernet MAC DDR flush hookups for QCA955x. 2015-03-04 03:52:50 +00:00
modules Remove imx6s-wandboard.dts, there is no such file. Also imx6q-wandboard 2015-03-04 16:19:34 +00:00
net Optimize SIOCGIFMEDIA handling removing malloc(9) and double 2015-03-04 15:00:20 +00:00
net80211 Fix kern/196290 - don't announce 11n HTINFO rates if the channel is 2015-02-27 04:45:47 +00:00
netgraph Revise default limit for maximum of netgraph data items. 2015-02-12 22:20:34 +00:00
netinet Implement Enhanced DAD algorithm for IPv6 described in 2015-03-02 17:30:26 +00:00
netinet6 Fix deadlock in IPv6 PCB code. 2015-03-04 11:20:01 +00:00
netipsec Fix possible memory leak and several races in the IPsec policy management 2015-02-24 10:35:07 +00:00
netnatm
netpfil Even more fixes to !INET and !INET6 kernels. 2015-02-17 22:33:22 +00:00
netsmb
nfs Avoid closing unallocated socket in case socreate fails. 2015-02-28 20:30:29 +00:00
nfsclient Remove the old NFS client and server from head, 2014-12-23 00:47:46 +00:00
nfsserver Use M_SIZE() instead of hand-crafted (and mostly correct) NFSMSIZ() macro 2015-01-07 17:22:56 +00:00
nlm
ofed Define PTR_ALIGN() macro which will be needed coming Mellanox driver 2015-03-04 09:58:39 +00:00
opencrypto Add some new modes to OpenCrypto. These modes are AES-ICM (can be used 2014-12-12 19:56:36 +00:00
pc98 Factor out duplicated code from dumpsys() on each architecture into generic 2015-01-07 01:01:39 +00:00
powerpc Garbage collect old function prototypes. 2015-03-04 17:04:22 +00:00
rpc rpc: Uninitialized pointer read 2015-02-02 16:07:07 +00:00
security Adjust printf format specifiers for dev_t and ino_t in kernel. 2014-12-17 07:27:19 +00:00
sparc64 Unbreak sparc64 after r276630 by calling __sparc_sigtramp_setup signal 2015-02-16 22:13:03 +00:00
sys give others fair warning that _SPARE2 isn't just cxgb, but used by large 2015-03-02 20:05:16 +00:00
teken mdoc: improvements to SEE ALSO. 2014-12-27 07:07:37 +00:00
tools
ufs Partially revert r277922, avoid sleeping and do flush if we a awaken, 2015-02-05 13:00:27 +00:00
vm Use RW_NEW rather than calling bzero(). 2015-03-01 05:18:02 +00:00
x86 Free up the IPI slot used by IPI_STOP_HARD. 2015-03-01 02:31:27 +00:00
xdr
xen Pacify clang 3.3 by ending the file with a newline. This is common 2015-01-06 21:26:35 +00:00
Makefile