| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d5c31ec9-84c1-45ea-8c0d-aba78ebd6481@samsung.com> Date: Thu, 21 Aug 2025 11:50:48 +0200 From: Michal Wilczynski <m.wilczynski@...sung.com> To: Maud Spierings <maud_spierings@...mail.com> Cc: Laurent.pinchart@...asonboard.com, airlied@...il.com, andrzej.hajda@...el.com, conor+dt@...nel.org, devicetree@...r.kernel.org, dri-devel@...ts.freedesktop.org, fustini@...nel.org, guoren@...nel.org, heiko@...ech.de, jernej.skrabec@...il.com, jonas@...boo.se, krzk+dt@...nel.org, linux-kernel@...r.kernel.org, linux-riscv@...ts.infradead.org, maarten.lankhorst@...ux.intel.com, mripard@...nel.org, neil.armstrong@...aro.org, p.zabel@...gutronix.de, rabenda.cn@...il.com, rfoss@...nel.org, robh@...nel.org, simona@...ll.ch, tzimmermann@...e.de, uwu@...nowy.me, wefu@...hat.com, ziyao@...root.org Subject: Re: [RFC PATCH 3/8] drm: verisilicon: add a driver for Verisilicon display controllers On 8/21/25 11:38, Maud Spierings wrote: >> So I am trying to make it work on JH7110 as well, and here is the >> problem: >> >> [ 5.564433] ------------[ cut here ]------------ [ 5.569161] refcount_t: addition on 0; use-after-free. [ 5.574485] WARNING: CPU: 2 PID: 71 at lib/refcount.c:25 refcount_warn_saturate+0x110/0x162 [ 5.574537] Modules linked in: [ 5.574560] CPU: 2 UID: 0 PID: 71 Comm: kworker/u17:2 Not tainted 6.17.0-rc1-g60ec647ec20c-dirty #77 NONE [ 5.574596] Hardware name: StarFive >> VisionFive 2 v1.2A (DT) [ 5.574613] Workqueue: events_unbound deferred_probe_work_func [ 5.574654] epc : refcount_warn_saturate+0x110/0x162 [ 5.574682] ra : refcount_warn_saturate+0x110/0x162 [ 5.574710] epc : ffffffff81336608 ra : ffffffff81336608 sp : ffffffc6006e7530 [ 5.574732] gp : ffffffff8514c1c0 tp : ffffffd6c14ba580 t0 : >> ffffffc6006e7134 [ 5.574753] t1 : fffffffef0a29898 t2 : 5f746e756f636665 s0 : ffffffc6006e7550 [ 5.574774] s1 : ffffffff83c058a8 a0 : 000000000000002a a1 : 0000000000000004 [ 5.574794] a2 : 0000000000000000 a3 : ffffffff801ef586 a4 : 0000000000000000 [ 5.574813] a5 : 0000000000000000 a6 : fffffffef0a29899 a7 : 0000000000000003 [ 5.574833] s2 : ffffffd6c35e68e8 s3 : ffffffd6c35e6990 s4 : >> ffffffd6c33dc008 [ 5.574854] s5 : 0000000000000000 s6 : 1ffffffad867b801 s7 : 0000000000000000 [ 5.574873] s8 : ffffffd6c35e6990 s9 : 0000000000000000 s10: ffffffd6c3099058 [ 5.574894] s11: 1ffffffad861320b t3 : 1ffffff8c00dce34 t4 : fffffffef0a29898 [ 5.574915] t5 : fffffffef0a29899 t6 : ffffffc6006e6f38 [ 5.574933] status: 0000000200000120 badaddr: 0000000000000000 cause: >> 0000000000000003 [ 5.574952] [<ffffffff81336608>] refcount_warn_saturate+0x110/0x162 [ 5.574985] [<ffffffff8193a506>] drm_bridge_get+0x66/0x6e [ 5.575022] [<ffffffff8001f26e>] drm_bridge_attach+0x54/0x5a2 [ 5.575055] [<ffffffff8002740e>] vs_bridge_init+0x3bc/0x4ba [ 5.575087] [<ffffffff82313026>] >> vs_drm_initialize+0xe0/0x2f2 [ 5.575126] [<ffffffff80027ca4>] vs_dc_probe+0x758/0x85c [ 5.575156] [<ffffffff8233123c>] platform_probe+0xac/0x138 [ 5.575186] [<ffffffff8232b2a8>] really_probe+0x164/0x59e [ 5.575221] [<ffffffff8232b818>] __driver_probe_device+0x136/0x266 >> [ 5.575257] [<ffffffff8232bb18>] driver_probe_device+0x56/0x214 >> [ 5.575292] [<ffffffff8232bdf0>] __device_attach_driver+0x11a/0x278 >> [ 5.575329] [<ffffffff823272d8>] bus_for_each_drv+0xea/0x16e >> [ 5.575363] [<ffffffff8232c680>] __device_attach+0x160/0x2d4 >> [ 5.575398] [<ffffffff8232ca06>] device_initial_probe+0xe/0x16 >> [ 5.575434] [<ffffffff823291d8>] bus_probe_device+0xfe/0x134 >> [ 5.575468] [<ffffffff82329c62>] deferred_probe_work_func+0x128/0x1d6 >> [ 5.575503] [<ffffffff80126aae>] process_one_work+0x5c0/0xe76 >> [ 5.575543] [<ffffffff80129da6>] worker_thread+0x6d4/0x1316 >> [ 5.575572] [<ffffffff801429ce>] kthread+0x29a/0x570 >> [ 5.575608] [<ffffffff8004693e>] ret_from_fork_kernel+0x10/0x9a >> [ 5.575643] [<ffffffff835f55f6>] ret_from_fork_kernel_asm+0x16/0x18 >> [ 5.575682] ---[ end trace 0000000000000000 ]--- >> >> >> When a bridge is allocated with kzalloc, its kref count is initialized >> to zero. The drm_bridge_attach() function then calls drm_bridge_get() on >> this bridge, which sees the zero refcount and triggers a use-after-free >> warning because it assumes the object has already been freed. >> >> To fix this, the bridge's refcount must be initialized with kref_init() >> after allocation and before it's attached. > > Do you have a tree I can look at? I am very interested in getting this working on the jh7110. looked at it myself a week ago, but got lost quite quickly. If you end up upstreaming it I will definetly be there to test it. I first started working od getting the Keith version working and have the 'old' tree here [1]. It works with older version of the DC driver. [1] - https://github.com/mwilczy/linux/commits/dpu_Aug_9_2/ So the above version works, however the display was 'purple-ish', colors were skewed. I shared the image in the 'Mainline Linux for RISC-V' telegram chat. For the current version from Icenowy it's still a bit messy to share however it includes addition to inno-hdmi driver to make it works a bit more like dw-hdmi currently - introduce a probe function, not just bind, so it doesn't use component framework. Plus changes to clocks/resets that were discussed. > > Did you actually manage to get display out over hdmi? The hdmi output from last years starfive driver gave me some strange output issues that I'm currently just living with, but would love to see it gone. > On the current version of the DC driver I'm still working on it. Best regards, -- Michal Wilczynski <m.wilczynski@...sung.com>
Powered by blists - more mailing lists