lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56655db6-b087-4a94-b5d5-fba2f368b5ea@igalia.com>
Date: Tue, 6 Jan 2026 08:24:25 +0000
From: Tvrtko Ursulin <tvrtko.ursulin@...lia.com>
To: Nathan Chancellor <nathan@...nel.org>,
 Jocelyn Falempe <jfalempe@...hat.com>,
 Javier Martinez Canillas <javierm@...hat.com>,
 Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
 Maxime Ripard <mripard@...nel.org>, Thomas Zimmermann <tzimmermann@...e.de>
Cc: dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] drm/panic: Ensure drm_panic_type is initialized to a
 valid value


On 06/01/2026 06:19, Nathan Chancellor wrote:
> If a user has set an invalid CONFIG_DRM_PANIC_SCREEN value (such as
> "qr_code" without CONFIG_DRM_PANIC_SCREEN_QR_CODE=y due to missing or
> incorrect Rust dependencies), there is a panic when accessing
> /sys/module/drm/parameters/panic_screen:
> 
>    [   12.218375] BUG: unable to handle page fault for address: 0000000796dd8818
>    [   12.219737] #PF: supervisor read access in kernel mode
>    ...
>    [   12.227167] RIP: 0010:drm_panic_type_get+0x1b/0x30
> 
> If drm_panic_type_set() does not find a valid drm_panic_type enumeration
> in drm_panic_type_map based on the provided value, it does not change
> drm_panic_type from the default -1 value, which is not a valid index for
> accessing drm_panic_type_map in drm_panic_type_get(), resulting in the
> crash.
> 
> Validate the value of CONFIG_DRM_PANIC_SCREEN at boot time via the
> return value of drm_panic_type_set() in drm_panic_init() and explicitly
> fall back to the default of "user" with a message to the user so that
> they can adjust their configuration or fix missing dependencies.
> 
>    [    0.800697] Unsupported value for CONFIG_DRM_PANIC_SCREEN ('qr_code'), falling back to 'user'...
> 
> Fixes: e85e9ccf3f84 ("drm/panic: Report invalid or unsupported panic modes")
> Signed-off-by: Nathan Chancellor <nathan@...nel.org>
> ---
>   drivers/gpu/drm/drm_panic.c | 7 +++++--
>   1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_panic.c b/drivers/gpu/drm/drm_panic.c
> index eb7ef17b9c71..0cd574dd9d88 100644
> --- a/drivers/gpu/drm/drm_panic.c
> +++ b/drivers/gpu/drm/drm_panic.c
> @@ -1072,8 +1072,11 @@ void drm_panic_unregister(struct drm_device *dev)
>    */
>   void __init drm_panic_init(void)
>   {
> -	if (drm_panic_type == -1)
> -		drm_panic_type_set(CONFIG_DRM_PANIC_SCREEN, NULL);
> +	if (drm_panic_type == -1 && drm_panic_type_set(CONFIG_DRM_PANIC_SCREEN, NULL)) {
> +		pr_warn("Unsupported value for CONFIG_DRM_PANIC_SCREEN ('%s'), falling back to 'user'...\n",
> +			CONFIG_DRM_PANIC_SCREEN);
> +		drm_panic_type = DRM_PANIC_TYPE_USER;
> +	}
>   	drm_panic_qr_init();
>   }

I actually tested bad string on the kernel command line but did not 
think to test a bad string in CONFIG_DRM_PANIC_SCREEN. :( And that is 
despite the fact I saw that the kconfig is a free-form input so again my 
bad. Even worse is, I briefly considered converting kconfig to a 
mutually exclusive fixed list but then gave up not wanting to think 
about kconfig backward compatibility issues. We should probably tackle 
that problem since free form inputs are bad. We have another one in DRM 
as well for the fbdev client IIRC.

Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@...lia.com>

Regards,

Tvrtko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ