UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Chris Wilson 17cfd91f39 drm: Avoid NULL deference when disabling a plane from userspace 
To disable a plane, userspace passes in an framebuffer id of 0. This
causes us to pass CRTC == NULL to setplane_internal, who promptly
deferences it to grab the struct drm_device. Oops.

[ 1296.467327] BUG: unable to handle kernel NULL pointer dereference at   (null)
[ 1296.467332] IP: [<c134dc51>] setplane_internal+0x11/0x280
[ 1296.467338] *pde = 00000000
[ 1296.467341] Oops: 0000 [#1] SMP
[ 1296.467344] Modules linked in: ccm bnep bluetooth snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_codec_generic snd_hda_intel arc4 iwldvm snd_hda_controller snd_hda_codec mac80211 snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer iwlwifi sdhci_pci snd cfg80211 x86_pkg_temp_thermal hp_wmi sdhci sparse_keymap mmc_core crc32c_intel rfkill microcode hp_accel lpc_ich lis3lv02d wmi mfd_core serio_raw input_polldev soundcore e1000e ptp pps_core
[ 1296.467367] CPU: 1 PID: 672 Comm: Xorg Tainted: G        W     3.15.0-rc8+ #351
[ 1296.467369] Hardware name: Hewlett-Packard HP ProBook 6360b/1620, BIOS 68SCF Ver. B.42 12/29/2010
[ 1296.467371] task: f423b5c0 ti: c2332000 task.ti: c2332000
[ 1296.467374] EIP: 0060:[<c134dc51>] EFLAGS: 00013286 CPU: 1
[ 1296.467376] EIP is at setplane_internal+0x11/0x280
[ 1296.467378] EAX: 00000000 EBX: c2333e90 ECX: 00000000 EDX: f3165600
[ 1296.467380] ESI: f430f400 EDI: 00000000 EBP: c2333e14 ESP: c2333dd4
[ 1296.467382]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 1296.467384] CR0: 80050033 CR2: 00000000 CR3: 00159000 CR4: 000407d0
[ 1296.467385] Stack:
[ 1296.467387]  000200da 00000002 c2333de8 c15dc4a0 f430f400 c2333e00 c134c54f eeeeeeee
[ 1296.467391]  f430f400 00000007 f416b480 c2333e14 00000000 c2333e90 f430f400 00000000
[ 1296.467396]  c2333e4c c1350aed 00000000 00000000 00000000 00000000 00000000 00000000
[ 1296.467400] Call Trace:
[ 1296.467406]  [<c15dc4a0>] ? mutex_lock+0x10/0x28
[ 1296.467408]  [<c134c54f>] ? _object_find+0x5f/0x90
[ 1296.467413]  [<c1350aed>] drm_mode_setplane+0x10d/0x1f0
[ 1296.467416]  [<c13509e0>] ? drm_mode_getplane+0x100/0x100
[ 1296.467420]  [<c1342e4d>] drm_ioctl+0x1bd/0x4f0
[ 1296.467423]  [<c13509e0>] ? drm_mode_getplane+0x100/0x100
[ 1296.467427]  [<c111c023>] ? handle_mm_fault+0x5d3/0xb30
[ 1296.467431]  [<c1118f31>] ? tlb_finish_mmu+0x11/0x40
[ 1296.467435]  [<c1342c90>] ? drm_ioctl_flags+0x40/0x40
[ 1296.467438]  [<c11593d2>] do_vfs_ioctl+0x2f2/0x4d0
[ 1296.467443]  [<c1226512>] ? inode_has_perm.isra.32+0x32/0x40
[ 1296.467446]  [<c122662f>] ? file_has_perm+0x7f/0x90
[ 1296.467449]  [<c1226fec>] ? selinux_file_ioctl+0x4c/0xf0
[ 1296.467452]  [<c1159610>] SyS_ioctl+0x60/0x90
[ 1296.467456]  [<c15e578c>] sysenter_do_call+0x12/0x22
[ 1296.467457] Code: 3f cf ff eb dd ba 3f 00 00 00 b8 d9 c9 7f c1 e8 e6 3f cf ff eb d9 8d 74 26 00 55 89 e5 57 56 53 83 ec 34 66 66 66 66 90 89 45 f0 <8b> 00 85 c9 89 d6 89 cb 89 45 ec 0f 84 16 01 00 00 8b 45 f0 e8
[ 1296.467485] EIP: [<c134dc51>] setplane_internal+0x11/0x280 SS:ESP 0068:c2

Fixes regression from
commit b02fd7fd8a541c3d590bfdda23365a927b507ceb
Author: Matt Roper <matthew.d.roper@intel.com>
Date:   Tue Jun 10 08:28:10 2014 -0700

    drm: Support legacy cursor ioctls via universal planes when possible (v4)

While at it move the plane parameter to the first position in
setplane_internal since that's the main object we're manipulating.

Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Pallavi G<pallavi.g@intel.com>
Cc: Matt Roper <matthew.d.roper@intel.com>
Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
[danvet: Add note about parameter reordering.]
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
 		2014-06-13 17:45:21 +02:00
..
accessibility
acpi ACPI / thermal: fix workqueue destroy order 2014-05-26 14:34:07 +02:00
amba ARM: SoC: driver changes 2014-04-05 15:37:40 -07:00
ata libata: Blacklist queued trim for Crucial M500 2014-06-02 16:59:25 -07:00
atm atm: idt77105: Use del_timer_sync() in exit path 2014-03-25 21:06:02 -04:00
auxdisplay
base drivercore: deferral race condition fix 2014-04-29 15:44:05 +01:00
bcma bcma: gpio: register 32 GPIOs on BCM5357 2014-03-27 14:20:04 -04:00
block virtio_blk: fix race between start and stop queue 2014-05-27 08:41:10 -06:00
bluetooth Bluetooth: Add support for Lite-on [04ca:3007] 2014-04-25 09:47:16 +03:00
bus bus: mvebu-mbus: allow several windows with the same target/attribute 2014-04-24 03:48:08 +00:00
cdrom
char This fixes a BUG_ON-causing regression that was introduced during the 2014-05-21 18:56:35 +09:00
clk PLLE fixes for 3.15 2014-05-27 21:11:08 -07:00
clocksource clocksource: tcb_clksrc: Make tc_mode interrupt safe 2014-05-22 18:54:58 +02:00
connector net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-04-24 13:44:54 -04:00
cpufreq Merge branches 'pm-cpufreq' and 'acpi-thermal' 2014-05-26 23:20:16 +02:00
cpuidle Merge branch 'pm-cpuidle' 2014-04-08 13:27:40 +02:00
crypto crypto: caam - add allocation failure handling in SPRINTFCAT macro 2014-04-28 18:17:18 +08:00
dca
devfreq PM / devfreq: Rewrite devfreq_update_status() to fix multiple bugs 2014-03-21 11:16:30 +09:00
dio
dma Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma 2014-05-27 13:57:00 -07:00
edac Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-04-04 09:50:07 -07:00
eisa
extcon extcon: Move OF helper function to extcon core and change function name 2014-03-19 14:41:58 +09:00
firewire firewire: revert to 4 GB RDMA, fix protocols using Memory Space 2014-05-29 15:50:30 +02:00
firmware iscsi_ibft: Fix finding Broadcom specific ibft sign 2014-05-13 14:54:14 -04:00
fmc
gpio gpio: mcp23s08: Bug fix of SPI device tree registration. 2014-05-09 10:28:16 +02:00
gpu drm: Avoid NULL deference when disabling a plane from userspace 2014-06-13 17:45:21 +02:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2014-05-07 16:07:58 -07:00
hsi
hv Drivers: hv: vmbus: Negotiate version 3.0 when running on ws2012r2 hosts 2014-04-16 14:14:07 -07:00
hwmon hwmon: (ntc_thermistor) Fix OF device ID mapping 2014-05-25 17:23:08 +02:00
hwspinlock
i2c i2c: rcar: bail out on zero length transfers 2014-05-14 18:59:57 +02:00
ide
idle intel_idle: fix IVT idle state table setting 2014-04-21 23:36:07 +02:00
iio iio: adc: Nothing in ADC should be a bool CONFIG 2014-04-26 11:22:16 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-05-23 15:29:43 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2014-05-30 12:07:48 -07:00
iommu iommu/amd: fix enabling exclusion range for an exact device 2014-05-13 12:33:12 +02:00
ipack
irqchip mvebu irqchip ifxes for v3.15 2014-04-29 19:23:22 +02:00
isdn hisax/icc: add missing semicolon after label 2014-04-22 21:22:47 -04:00
leds Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds 2014-04-10 09:06:10 -07:00
lguest drivers/lguest/page_tables.c: rename do_set_pte() 2014-04-07 16:35:52 -07:00
macintosh
mailbox
mcb drivers: mcb: fix memory leak in chameleon_parse_cells() error path 2014-04-16 12:28:47 -07:00
md Two md bugfixes for possible corruption when restarting reshape 2014-06-02 17:04:37 -07:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2014-05-21 19:01:08 +09:00
memory memory: mvebu-devbus: fix the conversion of the bus width 2014-04-17 04:14:30 +00:00
memstick
message PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
mfd mmc: rtsx: Revert "mmc: rtsx: add support for pre_req and post_req" 2014-05-08 08:44:50 +01:00
misc misc: Grammar s/addition/additional/ 2014-04-16 12:28:47 -07:00
mmc mmc: rtsx: Revert "mmc: rtsx: add support for pre_req and post_req" 2014-05-08 08:44:50 +01:00
mtd MTD update for 3.15-rc5 2014-05-07 16:28:52 -07:00
net net: ec_bhf: Add runtime dependencies 2014-06-02 17:02:28 -07:00
nfc
ntb ntb: Use pci_enable_msix_range() instead of pci_enable_msix() 2014-04-07 10:59:20 -07:00
nubus
of of: make of_update_property() usable earlier in the boot process 2014-05-14 15:27:36 +01:00
oprofile oprofile, nmi-timer: Fix CPU hotplug callback registration 2014-03-20 13:43:46 +01:00
parisc
parport
pci PCI updates for v3.15: 2014-05-21 18:57:25 +09:00
pcmcia PCI changes for the v3.15 merge window: 2014-04-01 15:14:04 -07:00
phy phy: fix kernel oops in phy_lookup() 2014-04-24 12:53:38 -07:00
pinctrl pinctrl: vt8500: Ensure value reg is updated when setting direction 2014-05-22 23:46:10 +02:00
platform alienware-wmi: cover some scenarios where memory allocations would fail 2014-04-10 12:11:56 -04:00
pnp asmlinkage: Add explicit __visible to drivers/*, lib/*, kernel/* 2014-05-05 16:07:46 -07:00
power power/reset: vexpress: Fix restart/power off operation 2014-04-24 17:20:50 +01:00
powercap CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
pps
ps3
ptp ptp: fix kconfig dependency warnings 2014-05-12 00:27:26 -04:00
pwm Shiraz has moved 2014-04-18 16:40:08 -07:00
rapidio rapidio: rework device hierarchy and introduce mport class of devices 2014-04-07 16:36:07 -07:00
regulator regulator: pbias: Convert to use regmap helper functions 2014-04-14 22:16:25 +01:00
remoteproc
reset Merge branch 'reset/for_v3.15' of git://git.pengutronix.de/git/pza/linux into next/drivers 2014-03-27 01:28:19 +01:00
rpmsg
rtc drivers/rtc/rtc-hym8563.c: set uie_unsupported 2014-05-11 17:55:48 +09:00
s390 s390/chsc: fix SEI usage on old FW levels 2014-04-17 12:46:28 +02:00
sbus
scsi SCSI fixes on 20140524 2014-05-25 10:13:50 -07:00
sfi
sh drivers: sh: compile drivers/sh/pm_runtime.c if ARCH_SHMOBILE_MULTI 2014-05-12 16:05:01 +09:00
sn
spi Merge remote-tracking branches 'spi/fix/pxa2xx' and 'spi/fix/qup' into spi-linus 2014-05-13 19:08:34 +01:00
spmi
ssb
staging Merge branch 'topic/ipu-destaging' of git://git.pengutronix.de/git/pza/linux into drm-next 2014-06-11 10:13:58 +10:00
target target: fix memory leak on XCOPY 2014-05-17 15:49:40 -07:00
tc
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2014-04-10 09:15:46 -07:00
tty Staging: speakup: Update __speakup_paste_selection() tty (ab)usage to match vt 2014-05-24 02:25:11 +09:00
uio
usb xhci: delete endpoints from bandwidth list before freeing whole device 2014-05-28 14:53:53 -07:00
uwb uwb: don't call spin_unlock_irq in a USB completion handler 2014-04-24 12:45:40 -07:00
vfio VFIO updates for v3.15 include: 2014-04-03 14:05:02 -07:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2014-04-12 16:51:08 -07:00
video gpu: ipu-v3: Move i.MX IPUv3 core driver out of staging 2014-06-04 11:06:52 +02:00
virt
virtio
vlynq
vme vme_tsi148: Utilize to_pci_dev() macro 2014-04-16 14:08:37 -07:00
w1 w1: avoid recursive device_add 2014-04-16 14:07:51 -07:00
watchdog CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
xen Xen bug fixes for 3.15-rc5 2014-05-13 11:21:01 +09:00
zorro
Kconfig
Makefile SH Driver Update for v3.15 2014-05-22 04:26:23 +09:00