github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
1d160dfb3f
linux/drivers/gpu/drm
History
Shang XiaoJing 1d160dfb3f drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() 
[ Upstream commit 4979524f5a ]

drm_vblank_init() call drmm_add_action_or_reset() with
drm_vblank_init_release() as action. If __drmm_add_action() failed, will
directly call drm_vblank_init_release() with the vblank whose worker is
NULL. As the resule, a null-ptr-deref will happen in
kthread_destroy_worker(). Add the NULL check before calling
drm_vblank_destroy_worker().

BUG: null-ptr-deref
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 5 PID: 961 Comm: modprobe Not tainted 6.0.0-11331-gd465bff130bf-dirty
RIP: 0010:kthread_destroy_worker+0x25/0xb0
  Call Trace:
    <TASK>
    drm_vblank_init_release+0x124/0x220 [drm]
    ? drm_crtc_vblank_restore+0x8b0/0x8b0 [drm]
    __drmm_add_action_or_reset+0x41/0x50 [drm]
    drm_vblank_init+0x282/0x310 [drm]
    vkms_init+0x35f/0x1000 [vkms]
    ? 0xffffffffc4508000
    ? lock_is_held_type+0xd7/0x130
    ? __kmem_cache_alloc_node+0x1c2/0x2b0
    ? lock_is_held_type+0xd7/0x130
    ? 0xffffffffc4508000
    do_one_initcall+0xd0/0x4f0
    ...
    do_syscall_64+0x35/0x80
    entry_SYSCALL_64_after_hwframe+0x46/0xb0

Fixes: 5e6c2b4f91 ("drm/vblank: Add vblank works")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Signed-off-by: Lyude Paul <lyude@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221101070716.9189-3-shangxiaojing@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-11-25 17:45:44 +01:00
..
amd drm/amdgpu: disable BACO on special BEIGE_GOBY card 2022-11-25 17:45:41 +01:00
arc
arm drm: mali-dp: potential dereference of null pointer 2022-06-09 10:21:01 +02:00
armada drm-misc-next for 5.10: 2020-09-23 09:52:24 +10:00
aspeed drm/aspeed: Fix Kconfig warning & subsequent build errors 2020-12-30 11:52:56 +01:00
ast drm/ast: potential dereference of null pointer 2021-12-22 09:30:54 +01:00
atmel-hlcdc drm/atomic-helper: reset vblank on crtc reset 2020-07-02 20:25:51 +02:00
bochs Linux 5.8 2020-08-11 11:58:31 +10:00
bridge drm: bridge: dw_hdmi: only trigger hotplug event on link change 2022-10-26 13:25:49 +02:00
etnaviv drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem 2022-06-09 10:21:24 +02:00
exynos drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. 2022-08-21 15:15:46 +02:00
fsl-dcu Linux 5.9-rc4 2020-09-08 14:41:40 +10:00
gma500 drm/gma500: Fix BUG: sleeping function called from invalid context errors 2022-09-28 11:10:39 +02:00
hisilicon drm/hisilicon: Add depends on MMU 2022-09-28 11:10:33 +02:00
i2c sound updates for 5.9 2020-08-06 14:27:31 -07:00
i810 drm/i810: make i810_flush_queue() return void 2020-09-11 10:54:17 +02:00
i915 drm/i915/dmabuf: fix sg_table handling in map_dma_buf 2022-11-16 09:57:16 +01:00
imx drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid 2022-11-25 17:45:40 +01:00
ingenic drm/ingenic: Reset pixclock rate when parent clock rate changes 2022-06-09 10:21:00 +02:00
lib
lima drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y 2022-01-27 10:54:10 +01:00
mcde drm/mcde: Fix refcount leak in mcde_dsi_bind 2022-08-21 15:15:41 +02:00
mediatek drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() 2022-09-28 11:10:36 +02:00
meson drm/meson: explicitly remove aggregate driver at module unload time 2022-10-26 13:25:49 +02:00
mga
mgag200 mgag200 fix memmapsl configuration in GCTL6 register 2022-04-08 14:39:56 +02:00
msm drm/msm/hdmi: fix IRQ lifetime 2022-11-10 18:14:20 +01:00
mxsfb drm: mxsfb: Fix NULL pointer dereference crash on unload 2021-10-27 09:56:54 +02:00
nouveau drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() 2022-10-26 13:25:48 +02:00
omapdrm drm/omap: dss: Fix refcount leak bugs 2022-10-26 13:25:26 +02:00
panel drm/panel: simple: set bpc field for logic technologies displays 2022-11-25 17:45:44 +01:00
panfrost drm/panfrost: Fix shrinker list corruption by madvise IOCTL 2022-07-21 21:20:01 +02:00
pl111 drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() 2022-10-26 13:25:24 +02:00
qxl drm: qxl: ensure surf.data is ininitialized 2021-07-14 16:56:20 +02:00
r128
radeon drm/radeon: add a force flush to delay work when radeon 2022-09-15 11:32:03 +02:00
rcar-du drm: rcar-du: Fix CRTC timings when CMM is used 2022-01-27 10:54:14 +01:00
rockchip drm/rockchip: dsi: Force synchronous probe 2022-11-10 18:14:29 +01:00
savage treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
scheduler drm/sched: Avoid data corruptions 2021-07-19 09:44:40 +02:00
selftests drm/mst: Add support for QUERY_STREAM_ENCRYPTION_STATUS MST sideband message 2020-09-01 13:02:33 +05:30
shmobile
sis
sti Linux 5.9-rc4 2020-09-08 14:41:40 +10:00
stm stm: ltdc: fix two incorrect NULL checks on list iterator 2022-06-09 10:21:27 +02:00
sun4i drm/sun4i: dsi: Prevent underflow when computing packet sizes 2022-08-25 11:38:11 +02:00
tdfx
tegra drm/tegra: Fix reference leak in tegra_dsi_ganged_probe 2022-04-08 14:40:18 +02:00
tidss drm/tidss: implement WA for AM65xx erratum i2000 2020-08-21 15:17:05 +03:00
tilcdc tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator 2022-06-09 10:21:28 +02:00
tiny drm/st7735r: Fix module autoloading for Okaya RH128128T 2022-08-21 15:15:38 +02:00
ttm drm/ttm: Put BO in its memory manager's lru list 2022-01-27 10:53:44 +01:00
tve200 drm/tve200: Fix handling of platform_get_irq() error 2020-12-30 11:52:56 +01:00
udl drm/udl: Restore display mode on resume 2022-10-26 13:25:10 +02:00
v3d drm/v3d: fix wait for TMU write combiner flush 2021-11-18 14:04:02 +01:00
vboxvideo drm/vboxvideo: fix a NULL vs IS_ERR() check 2022-01-27 10:53:49 +01:00
vc4 drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() 2022-11-16 09:57:11 +01:00
vgem drm/vgem: Use devm_drm_dev_alloc 2020-09-11 10:47:19 +02:00
via treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
virtio drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() 2022-10-30 09:41:18 +01:00
vkms drm/vkms: fix misuse of WARN_ON 2021-05-11 14:47:26 +02:00
vmwgfx drm/vmwgfx: Initialize drm_mode_fb_cmd2 2022-05-18 10:23:47 +02:00
xen gpu/xen: Fix a use after free in xen_drm_drv_init 2021-04-21 13:00:52 +02:00
xlnx drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers 2021-09-18 13:40:27 +02:00
zte drm/zte: Don't select DRM_KMS_FB_HELPER 2021-07-19 09:44:36 +02:00
drm_agpsupport.c
drm_atomic_helper.c drm/atomic: Force bridge self-refresh-exit on CRTC switch 2022-06-14 18:32:46 +02:00
drm_atomic_state_helper.c drm/atomic-helper: reset vblank on crtc reset 2020-07-02 20:25:51 +02:00
drm_atomic_uapi.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_atomic.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_auth.c drm: protect drm_master pointers in drm_lease.c 2021-09-18 13:40:19 +02:00
drm_blend.c
drm_bridge_connector.c drm/bridge_connector: Set default status connected for eDP connectors 2020-08-26 19:11:41 +02:00
drm_bridge.c drm/bridge: Avoid uninitialized variable warning 2022-10-26 13:25:24 +02:00
drm_bufs.c treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
drm_cache.c drm: core: fix common struct sg_table related issues 2020-09-10 08:17:48 +02:00
drm_client_modeset.c
drm_client.c
drm_color_mgmt.c drm/modeset-lock: Take the modeset BKL for legacy drivers 2020-08-17 13:41:50 -04:00
drm_connector.c drm/vrr: Set VRR capable prop only if it is attached to connector 2022-03-19 13:44:45 +01:00
drm_context.c
drm_crtc_helper_internal.h drm: remove drm_fb_helper_modinit 2022-07-02 16:39:23 +02:00
drm_crtc_helper.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_crtc_internal.h
drm_crtc.c Linux 5.9-rc2 2020-08-25 11:00:02 +02:00
drm_damage_helper.c
drm_debugfs_crc.c drm/crc-debugfs: Fix memleak in crc_control_write 2020-09-01 09:45:44 +02:00
drm_debugfs.c drm: avoid blocking in drm_clients_info's rcu section 2021-09-18 13:40:19 +02:00
drm_dma.c
drm_dp_aux_dev.c drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() 2020-12-30 11:54:19 +01:00
drm_dp_cec.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c drm/dp: Don't rewrite link config when setting phy test pattern 2022-10-26 13:25:50 +02:00
drm_dp_mst_topology_internal.h
drm_dp_mst_topology.c drm/dp_mst: fix drm_dp_dpcd_read return value checks 2022-10-26 13:25:24 +02:00
drm_drv.c drm/drv: Fix potential memory leak in drm_dev_init() 2022-11-25 17:45:44 +01:00
drm_dsc.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c drm/edid: fix invalid EDID extension block filtering 2022-06-09 10:20:59 +02:00
drm_encoder_slave.c
drm_encoder.c
drm_fb_cma_helper.c
drm_fb_helper.c drm: remove drm_fb_helper_modinit 2022-07-02 16:39:23 +02:00
drm_file.c drm: serialize drm_file.master with a new spinlock 2021-09-18 13:40:19 +02:00
drm_flip_work.c
drm_format_helper.c
drm_fourcc.c
drm_framebuffer.c gpu/drm: cleanup coding style a bit 2020-09-09 11:45:18 +02:00
drm_gem_cma_helper.c drm: prime: add common helper to check scatterlist contiguity 2020-09-10 08:17:48 +02:00
drm_gem_framebuffer_helper.c
drm_gem_shmem_helper.c drm/shmem-helpers: vunmap: Don't put pages for dma-buf 2021-03-17 17:06:19 +01:00
drm_gem_ttm_helper.c drm/ttm: merge offset and base in ttm_bus_placement 2020-09-08 10:43:30 +02:00
drm_gem_vram_helper.c drm/vram-helper: Fix use of top-down placement 2020-11-20 05:20:48 +10:00
drm_gem.c drm/gem: Fix GEM handle release errors 2022-09-15 11:32:02 +02:00
drm_hashtab.c
drm_hdcp.c
drm_internal.h drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() 2022-11-25 17:45:44 +01:00
drm_ioc32.c drm: Copy drm_wait_vblank to user before returning 2021-09-03 10:09:27 +02:00
drm_ioctl.c drm: Prevent drm_copy_field() to attempt copying a NULL pointer 2022-10-26 13:25:48 +02:00
drm_irq.c
drm_kms_helper_common.c drm: remove drm_fb_helper_modinit 2022-07-02 16:39:23 +02:00
drm_lease.c drm: protect drm_master pointers in drm_lease.c 2021-09-18 13:40:19 +02:00
drm_legacy_misc.c
drm_legacy.h
drm_lock.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_managed.c drm/dev: Remove drm_dev_init 2020-09-21 10:45:08 +02:00
drm_memory.c
drm_mipi_dbi.c drm/mipi-dbi: align max_chunk to 2 in spi_transfer 2022-08-21 15:15:38 +02:00
drm_mipi_dsi.c drm/mipi-dsi: Detach devices when removing the host 2022-10-26 13:25:24 +02:00
drm_mm.c drm/mm: cleanup and improve next_hole_*_addr() 2020-06-23 15:46:40 +02:00
drm_mode_config.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_mode_object.c drm/modeset-lock: Take the modeset BKL for legacy drivers 2020-08-17 13:41:50 -04:00
drm_modes.c treewide: Change list_sort to use const pointers 2021-09-30 10:11:04 +02:00
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c drm/of: free the iterator object on failure 2021-09-15 09:50:32 +02:00
drm_panel_orientation_quirks.c drm: panel-orientation-quirks: Add quirk for Anbernic Win600 2022-10-26 13:25:49 +02:00
drm_panel.c drm/panel: Add helper for reading DT rotation 2020-08-16 17:12:18 +02:00
drm_pci.c drm : Insert blank lines after declarations. 2020-07-02 15:26:00 +02:00
drm_plane_helper.c drm/plane-helper: fix uninitialized variable reference 2021-11-18 14:04:22 +01:00
drm_plane.c drm/plane: Move range check for format_count earlier 2022-06-09 10:20:52 +02:00
drm_prime.c drm/gem: Fix GEM handle release errors 2022-09-15 11:32:02 +02:00
drm_print.c
drm_probe_helper.c drm/probe-helper: Check epoch counter in output_poll_execute() 2021-05-14 09:50:23 +02:00
drm_property.c
drm_rect.c
drm_scatter.c
drm_scdc_helper.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_syncobj.c drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. 2021-12-14 11:32:39 +01:00
drm_sysfs.c
drm_trace_points.c
drm_trace.h
drm_vblank_work.c This tree adds the sched_set_fifo*() encapsulation APIs to remove 2020-08-06 11:55:43 -07:00
drm_vblank.c drm/atomic-helper: Remove the timestamping constant update from drm_atomic_helper_update_legacy_modeset_state() 2020-09-14 22:37:31 +03:00
drm_vm.c drm-misc-next for v5.9: 2020-06-24 15:45:51 +10:00
drm_vma_manager.c
drm_writeback.c
Kconfig drm: fix drm_mipi_dbi build errors 2022-10-26 13:25:25 +02:00
Makefile drm/imx: compile imx directory by default 2020-09-09 16:39:48 +02:00