| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAOTY_-7wQd_m0G4+gvpH2O5HoWZQKViwZH_x9vqMiyZ9VT8Xg@mail.gmail.com>
Date: Thu, 14 Aug 2025 07:55:21 +0800
From: Chun-Kuang Hu <chunkuang.hu@...nel.org>
To: Jason-JH Lin <jason-jh.lin@...iatek.com>
Cc: Chun-Kuang Hu <chunkuang.hu@...nel.org>,
AngeloGioacchino Del Regno <angelogioacchino.delregno@...labora.com>, David Airlie <airlied@...il.com>,
Philipp Zabel <p.zabel@...gutronix.de>, Daniel Vetter <daniel@...ll.ch>,
Matthias Brugger <matthias.bgg@...il.com>, Nancy Lin <nancy.lin@...iatek.com>,
Singo Chang <singo.chang@...iatek.com>, Paul-PL Chen <paul-pl.chen@...iatek.com>,
Yongqiang Niu <yongqiang.niu@...iatek.com>, Zhenxing Qin <zhenxing.qin@...iatek.com>,
Xiandong Wang <xiandong.wang@...iatek.com>, Sirius Wang <sirius.wang@...iatek.com>,
Xavier Chang <xavier.chang@...iatek.com>, Jarried Lin <jarried.lin@...iatek.com>,
Fei Shao <fshao@...omium.org>, Chen-yu Tsai <wenst@...omium.org>, linux-kernel@...r.kernel.org,
linux-mediatek@...ts.infradead.org, linux-arm-kernel@...ts.infradead.org,
Project_Global_Chrome_Upstream_Group@...iatek.com
Subject: Re: [RESEND PATCH] drm/mediatek: Add error handling for old state
CRTC in atomic_disable
Hi, Jason:
Jason-JH Lin <jason-jh.lin@...iatek.com> 於 2025年7月28日 週一 上午10:50寫道:
>
> Introduce error handling to address an issue where, after a hotplug
> event, the cursor continues to update. This situation can lead to a
> kernel panic due to accessing the NULL `old_state->crtc`.
>
> E,g.
> Unable to handle kernel NULL pointer dereference at virtual address
> Call trace:
> mtk_crtc_plane_disable+0x24/0x140
> mtk_plane_atomic_update+0x8c/0xa8
> drm_atomic_helper_commit_planes+0x114/0x2c8
> drm_atomic_helper_commit_tail_rpm+0x4c/0x158
> commit_tail+0xa0/0x168
> drm_atomic_helper_commit+0x110/0x120
> drm_atomic_commit+0x8c/0xe0
> drm_atomic_helper_update_plane+0xd4/0x128
> __setplane_atomic+0xcc/0x110
> drm_mode_cursor_common+0x250/0x440
> drm_mode_cursor_ioctl+0x44/0x70
> drm_ioctl+0x264/0x5d8
> __arm64_sys_ioctl+0xd8/0x510
> invoke_syscall+0x6c/0xe0
> do_el0_svc+0x68/0xe8
> el0_svc+0x34/0x60
> el0t_64_sync_handler+0x1c/0xf8
> el0t_64_sync+0x180/0x188
>
> Adding NULL pointer checks to ensure stability by preventing operations
> on an invalid CRTC state.
Applied to mediatek-drm-fixes [1], thanks.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/log/?h=mediatek-drm-fixes
Regards,
Chun-Kuang.
>
> Fixes: d208261e9f7c ("drm/mediatek: Add wait_event_timeout when disabling plane")
> Signed-off-by: Jason-JH Lin <jason-jh.lin@...iatek.com>
> ---
> RESEND change:
> - Update author and Signed-off-by name.
> ---
> drivers/gpu/drm/mediatek/mtk_plane.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_plane.c b/drivers/gpu/drm/mediatek/mtk_plane.c
> index cbc4f37da8ba..02349bd44001 100644
> --- a/drivers/gpu/drm/mediatek/mtk_plane.c
> +++ b/drivers/gpu/drm/mediatek/mtk_plane.c
> @@ -292,7 +292,8 @@ static void mtk_plane_atomic_disable(struct drm_plane *plane,
> wmb(); /* Make sure the above parameter is set before update */
> mtk_plane_state->pending.dirty = true;
>
> - mtk_crtc_plane_disable(old_state->crtc, plane);
> + if (old_state && old_state->crtc)
> + mtk_crtc_plane_disable(old_state->crtc, plane);
> }
>
> static void mtk_plane_atomic_update(struct drm_plane *plane,
> --
> 2.43.0
>
Powered by blists - more mailing lists