leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
facd93f428
linux/drivers/gpu/drm
History
Maxime Ripard facd93f428
drm/vc4: hvs: Fix buffer overflow with the dlist handling 
Commit 0a038c1c29 ("drm/vc4: Move LBM creation out of
vc4_plane_mode_set()") changed the LBM allocation logic from first
allocating the LBM memory for the plane to running mode_set,
adding a gap in the LBM, and then running the dlist allocation filling
that gap.

The gap was introduced by incrementing the dlist array index, but was
never checking whether or not we were over the array length, leading
eventually to memory corruptions if we ever crossed this limit.

vc4_dlist_write had that logic though, and was reallocating a larger
dlist array when reaching the end of the buffer. Let's share the logic
between both functions.

Cc: Boris Brezillon <boris.brezillon@collabora.com>
Cc: Eric Anholt <eric@anholt.net>
Fixes: 0a038c1c29 ("drm/vc4: Move LBM creation out of vc4_plane_mode_set()")
Signed-off-by: Maxime Ripard <maxime@cerno.tech>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Reviewed-by: Dave Stevenson <dave.stevenson@raspberrypi.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20210129160647.128373-1-maxime@cerno.tech
2021-02-02 17:34:08 +01:00
..
amd drm/amd/display: Fix to be able to stop crc calculation 2021-01-14 14:06:43 -05:00
arc
arm drm/komeda: Fix bit check to import to value of proper type 2020-12-18 16:36:00 +00:00
armada drm/armada/armada_overlay: Staticify local function 'armada_overlay_duplicate_state' 2020-11-17 18:34:13 +01:00
aspeed drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
ast drm/ast: Reload gamma LUT after changing primary plane's color format 2020-11-25 09:13:20 +01:00
atmel-hlcdc drm/atmel-hlcdc/atmel_hlcdc_plane: Fix documentation formatting and add missing description 2020-11-12 20:26:47 +01:00
bochs drm/fb_helper: Support framebuffers in I/O memory 2020-11-09 09:20:00 +01:00
bridge drm/bridge/lontium-lt9611uxc: move HPD notification out of IRQ handler 2021-01-28 11:54:50 +01:00
etnaviv drm-misc-next for 5.11: 2020-12-15 10:21:48 +01:00
exynos drm for 5.11-rc1 2020-12-14 11:07:56 -08:00
fsl-dcu drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
gma500 drm for 5.11-rc1 2020-12-14 11:07:56 -08:00
hisilicon drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
i2c
i810
i915 drm/i915: Allow the sysadmin to override security mitigations 2021-01-12 19:03:40 +02:00
imx drm/imx/dcss: allow using nearest neighbor interpolation scaling 2020-11-26 11:29:44 +01:00
ingenic drm/ingenic: ipu: Search for scaling coefs up to 102% of the screen 2020-11-11 11:47:11 +00:00
kmb drm/Kconfig: rename keembay config 2020-11-13 14:53:34 +10:00
lib
lima UAPI Changes: 2020-12-18 12:38:28 -08:00
mcde drm-misc-next for 5.11: 2020-12-15 10:21:48 +01:00
mediatek ARM: SoC drivers for v5.11 2020-12-16 16:38:41 -08:00
meson drm/meson: dw-hdmi: Enable the iahb clock early enough 2020-11-20 16:41:10 +01:00
mga drm/mga/mga_state: Remove unused variable 'buf_priv' 2020-11-06 23:19:07 +01:00
mgag200 drm/shmem-helper: Removed drm_gem_shmem_create_object_cached() 2020-11-24 09:10:33 +01:00
msm Merge tag 'drm-msm-fixes-2021-01-07' of https://gitlab.freedesktop.org/drm/msm into drm-fixes 2021-01-08 09:53:03 +01:00
mxsfb Short summary of fixes pull (less than what git shortlog provides): 2020-12-15 17:25:55 +01:00
nouveau drm/nouveau/disp/ga10[24]: initial support 2021-01-15 10:25:24 +10:00
omapdrm drm-misc-next for 5.11: 2020-12-15 10:21:48 +01:00
panel drm-misc-next for 5.11: 2020-12-15 10:21:48 +01:00
panfrost UAPI Changes: 2020-12-18 12:38:28 -08:00
pl111 drm/pl111/pl111_debugfs: Make local function 'pl111_debugfs_regs()' static 2020-11-17 20:02:49 +01:00
qxl drm/qxl: don't allocate a dma_address array 2020-12-18 15:14:17 +01:00
r128 drm/r128/ati_pcigart: Source file headers are not good candidates for kernel-doc 2020-11-06 23:18:52 +01:00
radeon drm/radeon: stop re-init the TTM page pool 2021-01-07 14:24:54 +01:00
rcar-du drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
rockchip drm for 5.11-rc1 2020-12-14 11:07:56 -08:00
savage drm/savage/savage_bci: Remove set but never used 'aper_rsrc' and 'fb_rsrc' 2020-11-12 20:31:01 +01:00
scheduler Merge tag 'amd-drm-next-5.11-2020-12-09' of git://people.freedesktop.org/~agd5f/linux into drm-next 2020-12-10 16:55:53 +10:00
selftests drm/selftests/test-drm_dp_mst_helper: Move 'sideband_msg_req_encode_decode' onto the heap 2020-11-17 20:08:29 +01:00
shmobile drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
sis
sti drm/sti/sti_hdmi: Move 'colorspace_mode_names' array to where its used 2020-11-12 20:32:53 +01:00
stm drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
sun4i ARM: SoC drivers for v5.11 2020-12-16 16:38:41 -08:00
tdfx
tegra drm for 5.11-rc1 2020-12-14 11:07:56 -08:00
tidss drm/tidss: use devm_platform_ioremap_resource_byname 2020-11-10 14:34:16 +02:00
tilcdc drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
tiny drm/gem: Use struct dma_buf_map in GEM vmap ops and convert GEM backends 2020-11-09 09:19:24 +01:00
ttm drm/ttm: Use __GFP_NOWARN for huge pages in ttm_pool_alloc_page 2021-01-28 13:01:52 +01:00
tve200 drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
udl drm/shmem-helper: Removed drm_gem_shmem_create_object_cached() 2020-11-24 09:10:33 +01:00
v3d drm/shmem-helper: Use cached mappings by default 2020-11-24 09:10:21 +01:00
vboxvideo drm/gem: Use struct dma_buf_map in GEM vmap ops and convert GEM backends 2020-11-09 09:19:24 +01:00
vc4 drm/vc4: hvs: Fix buffer overflow with the dlist handling 2021-02-02 17:34:08 +01:00
vgem mm: introduce vma_set_file function v5 2020-11-19 10:36:36 +01:00
via drm/via: Fix fall-through warnings for Clang 2020-11-22 22:58:55 +01:00
virtio drm/shmem-helper: Use cached mappings by default 2020-11-24 09:10:21 +01:00
vkms drm/shmem-helper: Removed drm_gem_shmem_create_object_cached() 2020-11-24 09:10:33 +01:00
vmwgfx drm/ttm: add multihop infrastrucutre (v3) 2020-11-11 11:11:03 +10:00
xen drm/gem: Use struct dma_buf_map in GEM vmap ops and convert GEM backends 2020-11-09 09:19:24 +01:00
xlnx drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
zte drm/<drivers>: Constify struct drm_driver 2020-11-06 10:31:26 +01:00
drm_agpsupport.c
drm_atomic_helper.c drm/atomic: put state on error path 2021-01-19 14:35:22 +01:00
drm_atomic_state_helper.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_atomic_uapi.c drm: fix oops in drm_atomic_set_crtc_for_connector 2020-11-16 09:56:55 +01:00
drm_atomic.c Merge branch 'akpm' (patches from Andrew) 2020-12-15 12:53:37 -08:00
drm_auth.c
drm_blend.c drm: fix kernel-doc warnings for SCALING_FILTER 2020-11-24 16:36:48 +01:00
drm_bridge_connector.c gpu/drm: delete same check in if condition 2020-11-02 14:04:53 +01:00
drm_bridge.c
drm_bufs.c drm: Fix fall-through warnings for Clang 2020-11-22 22:58:54 +01:00
drm_cache.c
drm_client_modeset.c
drm_client.c drm/client: Depend on GEM object kmap ref-counting 2020-11-24 09:27:54 +01:00
drm_color_mgmt.c drm: unify formatting for color management documentation 2020-11-04 17:47:57 +01:00
drm_connector.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_context.c
drm_crtc_helper_internal.h
drm_crtc_helper.c
drm_crtc_internal.h drm: Introduce plane and CRTC scaling filter properties 2020-10-21 12:19:54 +03:00
drm_crtc.c drm: fix kernel-doc warnings for SCALING_FILTER 2020-11-24 16:36:48 +01:00
drm_damage_helper.c
drm_debugfs_crc.c
drm_debugfs.c
drm_dma.c
drm_dp_aux_dev.c drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() 2020-10-15 13:58:54 -04:00
drm_dp_cec.c
drm_dp_dual_mode_helper.c
drm_dp_helper.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_dp_mst_topology_internal.h
drm_dp_mst_topology.c drm/drm_dp_mst_topology: Remove set but never used variable 'len' 2020-11-17 18:34:13 +01:00
drm_drv.c drm: Allow const struct drm_driver 2020-11-06 10:31:26 +01:00
drm_dsc.c
drm_dumb_buffers.c
drm_edid_load.c
drm_edid.c drm/edid: fix objtool warning in drm_cvt_modes() 2020-12-17 09:27:57 -08:00
drm_encoder_slave.c
drm_encoder.c
drm_fb_cma_helper.c
drm_fb_helper.c drm/fb-helper: Acquire modeset lock around shadow-buffer flushing 2020-11-24 09:31:34 +01:00
drm_file.c drm: Compile out legacy chunks from struct drm_device 2020-11-06 10:31:26 +01:00
drm_flip_work.c
drm_format_helper.c
drm_fourcc.c drm/fourcc: Add AXBXGXRX106106106106 format 2020-10-20 20:51:42 +01:00
drm_framebuffer.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_gem_cma_helper.c drm/cma-helper: Make default object functions the default 2020-11-09 09:23:03 +01:00
drm_gem_framebuffer_helper.c
drm_gem_shmem_helper.c drm/shmem-helper: Removed drm_gem_shmem_create_object_cached() 2020-11-24 09:10:33 +01:00
drm_gem_ttm_helper.c drm/ttm: Add vmap/vunmap to TTM and TTM GEM helpers 2020-11-09 09:17:36 +01:00
drm_gem_vram_helper.c drm/vram-helper: Reuse existing page mappings in vmap 2021-01-19 15:37:14 +01:00
drm_gem.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_hashtab.c
drm_hdcp.c
drm_internal.h drm/gem: Update internal GEM vmap/vunmap interfaces to use struct dma_buf_map 2020-11-09 09:19:36 +01:00
drm_ioc32.c
drm_ioctl.c drm: Give irq_by_busid drm_legacy_ prefix 2020-10-21 18:05:11 +02:00
drm_irq.c
drm_kms_helper_common.c
drm_lease.c
drm_legacy_misc.c
drm_legacy.h
drm_lock.c
drm_managed.c
drm_memory.c
drm_mipi_dbi.c
drm_mipi_dsi.c
drm_mm.c
drm_mode_config.c
drm_mode_object.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_modes.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_panel_orientation_quirks.c
drm_panel.c
drm_pci.c drm: Give irq_by_busid drm_legacy_ prefix 2020-10-21 18:05:11 +02:00
drm_plane_helper.c
drm_plane.c drm: Check actual format for legacy pageflip. 2021-01-11 16:20:15 -05:00
drm_prime.c drm/gem: Update internal GEM vmap/vunmap interfaces to use struct dma_buf_map 2020-11-09 09:19:36 +01:00
drm_print.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_scatter.c
drm_scdc_helper.c drm: fix some kernel-doc markups 2020-11-16 20:48:20 +01:00
drm_self_refresh_helper.c
drm_simple_kms_helper.c drm: Use the state pointer directly in atomic_check 2020-11-03 12:20:09 +01:00
drm_syncobj.c drm/syncobj: Fix use-after-free 2021-01-20 10:28:39 +01:00
drm_sysfs.c
drm_trace_points.c
drm_trace.h
drm_vblank_work.c
drm_vblank.c drm: Compile out legacy chunks from struct drm_device 2020-11-06 10:31:26 +01:00
drm_vm.c drm: remove pgprot_decrypted() before calls to io_remap_pfn_range() 2020-11-10 17:19:14 +01:00
drm_vma_manager.c
drm_writeback.c
Kconfig drm/gem: Use struct dma_buf_map in GEM vmap ops and convert GEM backends 2020-11-09 09:19:24 +01:00
Makefile drm/kmb: Build files for KeemBay Display driver 2020-11-05 19:20:38 +01:00