lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 16 Oct 2017 18:16:28 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        stable@...r.kernel.org,
        Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
        Daniel Vetter <daniel.vetter@...ll.ch>,
        Rodrigo Vivi <rodrigo.vivi@...el.com>
Subject: [PATCH 4.13 31/53] drm/i915: Use crtc_state_is_legacy_gamma in intel_color_check

4.13-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>

commit d6a55c63e6adcb58957bbdce2d390088970273da upstream.

crtc_state_is_legacy_gamma also checks for CTM, which was missing from
intel_color_check. By using the same condition for commit and check
we reduce the chance of mismatches.

This was spotted by KASAN while trying to rework kms_color igt test.

[   72.008660] ==================================================================
[   72.009326] BUG: KASAN: slab-out-of-bounds in bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915]
[   72.009519] Read of size 2 at addr ffff880220216e50 by task kms_color/1158
[   72.009900] CPU: 2 PID: 1158 Comm: kms_color Tainted: G     U  W 4.14.0-rc3-patser+ #5281
[   72.009921] Hardware name: GIGABYTE GB-BKi3A-7100/MFLP3AP-00, BIOS F1 07/27/2016
[   72.009941] Call Trace:
[   72.009968]  dump_stack+0xc5/0x151
[   72.009996]  ? _atomic_dec_and_lock+0x10f/0x10f
[   72.010024]  ? show_regs_print_info+0x3c/0x3c
[   72.010072]  print_address_description+0x7f/0x240
[   72.010108]  kasan_report+0x216/0x370
[   72.010308]  ? bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915]
[   72.010349]  __asan_load2+0x74/0x80
[   72.010552]  bdw_load_gamma_lut.isra.3+0x15c/0x360 [i915]
[   72.010772]  broadwell_load_luts+0x1f0/0x300 [i915]
[   72.010997]  intel_color_load_luts+0x36/0x40 [i915]
[   72.011205]  intel_begin_crtc_commit+0xa1/0x310 [i915]
[   72.011283]  drm_atomic_helper_commit_planes_on_crtc+0xa6/0x320 [drm_kms_helper]
[   72.011316]  ? wait_for_completion_io+0x460/0x460
[   72.011524]  intel_update_crtc+0xe3/0x100 [i915]
[   72.011720]  skl_update_crtcs+0x360/0x3f0 [i915]
[   72.011945]  ? intel_update_crtcs+0xf0/0xf0 [i915]
[   72.012010]  ? drm_atomic_helper_wait_for_dependencies+0x3d9/0x400 [drm_kms_helper]
[   72.012231]  intel_atomic_commit_tail+0x8db/0x1500 [i915]
[   72.012273]  ? __lock_is_held+0x9c/0xc0
[   72.012494]  ? skl_update_crtcs+0x3f0/0x3f0 [i915]
[   72.012518]  ? find_next_bit+0xb/0x10
[   72.012544]  ? cpumask_next+0x1a/0x20
[   72.012745]  ? i915_sw_fence_complete+0x9d/0xe0 [i915]
[   72.012938]  ? __i915_sw_fence_complete+0x5d0/0x5d0 [i915]
[   72.013176]  intel_atomic_commit+0x528/0x570 [i915]
[   72.013280]  ? drm_atomic_get_property+0xc00/0xc00 [drm]
[   72.013466]  ? intel_atomic_commit_tail+0x1500/0x1500 [i915]
[   72.013496]  ? kmem_cache_alloc_trace+0x266/0x280
[   72.013714]  ? intel_atomic_commit_tail+0x1500/0x1500 [i915]
[   72.013812]  drm_atomic_commit+0x77/0x80 [drm]
[   72.013911]  set_property_atomic+0x14a/0x210 [drm]
[   72.014015]  ? drm_object_property_get_value+0x70/0x70 [drm]
[   72.014080]  ? mutex_unlock+0xd/0x10
[   72.014292]  ? intel_atomic_commit_tail+0x1500/0x1500 [i915]
[   72.014379]  drm_mode_obj_set_property_ioctl+0x1cf/0x310 [drm]
[   72.014481]  ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm]
[   72.014510]  ? lock_release+0x6c0/0x6c0
[   72.014602]  ? drm_is_current_master+0x46/0x60 [drm]
[   72.014706]  drm_ioctl_kernel+0x148/0x1d0 [drm]
[   72.014799]  ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm]
[   72.014898]  ? drm_ioctl_permit+0x100/0x100 [drm]
[   72.014936]  ? kasan_check_write+0x14/0x20
[   72.015039]  drm_ioctl+0x441/0x660 [drm]
[   72.015129]  ? drm_mode_obj_find_prop_id+0xa0/0xa0 [drm]
[   72.015235]  ? drm_getstats+0x20/0x20 [drm]
[   72.015287]  ? ___might_sleep+0x159/0x340
[   72.015311]  ? find_held_lock+0xcf/0xf0
[   72.015341]  ? __schedule_bug+0x110/0x110
[   72.015405]  do_vfs_ioctl+0xa88/0xb10
[   72.015449]  ? ioctl_preallocate+0x1a0/0x1a0
[   72.015487]  ? selinux_capable+0x20/0x20
[   72.015525]  ? rcu_dynticks_momentary_idle+0x40/0x40
[   72.015607]  SyS_ioctl+0x4e/0x80
[   72.015647]  entry_SYSCALL_64_fastpath+0x18/0xad
[   72.015670] RIP: 0033:0x7ff74a3d04d7
[   72.015691] RSP: 002b:00007ffc594bec08 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   72.015734] RAX: ffffffffffffffda RBX: ffffffff8718f54a RCX: 00007ff74a3d04d7
[   72.015756] RDX: 00007ffc594bec40 RSI: 00000000c01864ba RDI: 0000000000000003
[   72.015777] RBP: ffff880211c0ff98 R08: 0000000000000086 R09: 0000000000000000
[   72.015799] R10: 00007ff74a691b58 R11: 0000000000000246 R12: 0000000000000355
[   72.015821] R13: 00000000ff00eb00 R14: 0000000000000a00 R15: 00007ff746082000
[   72.015857]  ? trace_hardirqs_off_caller+0xfa/0x110

Signed-off-by: Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171005141520.23990-1-maarten.lankhorst@linux.intel.com
[mlankhorst: s/crtc_state_is_legacy/&_gamma/ (danvet)]
Reviewed-by: Daniel Vetter <daniel.vetter@...ll.ch>
Fixes: 82cf435b3134 ("drm/i915: Implement color management on bdw/skl/bxt/kbl")
(cherry picked from commit 0c3767b28186c8129f2a2cfec06a93dcd6102391)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@...el.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

---
 drivers/gpu/drm/i915/intel_color.c |   16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

--- a/drivers/gpu/drm/i915/intel_color.c
+++ b/drivers/gpu/drm/i915/intel_color.c
@@ -58,7 +58,7 @@
 #define I9XX_CSC_COEFF_1_0		\
 	((7 << 12) | I9XX_CSC_COEFF_FP(CTM_COEFF_1_0, 8))
 
-static bool crtc_state_is_legacy(struct drm_crtc_state *state)
+static bool crtc_state_is_legacy_gamma(struct drm_crtc_state *state)
 {
 	return !state->degamma_lut &&
 		!state->ctm &&
@@ -245,7 +245,7 @@ static void cherryview_load_csc_matrix(s
 	}
 
 	mode = (state->ctm ? CGM_PIPE_MODE_CSC : 0);
-	if (!crtc_state_is_legacy(state)) {
+	if (!crtc_state_is_legacy_gamma(state)) {
 		mode |= (state->degamma_lut ? CGM_PIPE_MODE_DEGAMMA : 0) |
 			(state->gamma_lut ? CGM_PIPE_MODE_GAMMA : 0);
 	}
@@ -426,7 +426,7 @@ static void broadwell_load_luts(struct d
 	struct intel_crtc_state *intel_state = to_intel_crtc_state(state);
 	enum pipe pipe = to_intel_crtc(state->crtc)->pipe;
 
-	if (crtc_state_is_legacy(state)) {
+	if (crtc_state_is_legacy_gamma(state)) {
 		haswell_load_luts(state);
 		return;
 	}
@@ -486,7 +486,7 @@ static void glk_load_luts(struct drm_crt
 
 	glk_load_degamma_lut(state);
 
-	if (crtc_state_is_legacy(state)) {
+	if (crtc_state_is_legacy_gamma(state)) {
 		haswell_load_luts(state);
 		return;
 	}
@@ -508,7 +508,7 @@ static void cherryview_load_luts(struct
 	uint32_t i, lut_size;
 	uint32_t word0, word1;
 
-	if (crtc_state_is_legacy(state)) {
+	if (crtc_state_is_legacy_gamma(state)) {
 		/* Turn off degamma/gamma on CGM block. */
 		I915_WRITE(CGM_PIPE_MODE(pipe),
 			   (state->ctm ? CGM_PIPE_MODE_CSC : 0));
@@ -589,12 +589,10 @@ int intel_color_check(struct drm_crtc *c
 		return 0;
 
 	/*
-	 * We also allow no degamma lut and a gamma lut at the legacy
+	 * We also allow no degamma lut/ctm and a gamma lut at the legacy
 	 * size (256 entries).
 	 */
-	if (!crtc_state->degamma_lut &&
-	    crtc_state->gamma_lut &&
-	    crtc_state->gamma_lut->length == LEGACY_LUT_LENGTH)
+	if (crtc_state_is_legacy_gamma(crtc_state))
 		return 0;
 
 	return -EINVAL;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ