[PATCH 08/13] drm/irq: Check for valid VBLANK before dereference
Thierry Reding
thierry.reding at gmail.com
Thu Aug 13 02:20:05 PDT 2015
On Wed, Aug 12, 2015 at 05:40:11PM +0200, Daniel Vetter wrote:
> On Wed, Aug 12, 2015 at 05:00:30PM +0200, Thierry Reding wrote:
> > From: Thierry Reding <treding at nvidia.com>
> >
> > When accessing the array of per-CRTC VBLANK structures we must always
> > check that the index into the array is valid before dereferencing to
> > avoid crashing.
> >
> > Signed-off-by: Thierry Reding <treding at nvidia.com>
>
> This misses vblank_reset (I guess that function is newer than your
> patches). Can you please do a follow-up? I merged this one meanwhile.
We only have drm_crtc_vblank_reset(), in which case there's no need to
check the index because it's obtained directly from a struct drm_crtc *
and hence will be valid.
Thierry
> > ---
> > drivers/gpu/drm/drm_irq.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
> > index 5c666c780fe9..a957b9618e85 100644
> > --- a/drivers/gpu/drm/drm_irq.c
> > +++ b/drivers/gpu/drm/drm_irq.c
> > @@ -1110,10 +1110,10 @@ void drm_vblank_put(struct drm_device *dev, int crtc)
> > {
> > struct drm_vblank_crtc *vblank = &dev->vblank[crtc];
> >
> > - if (WARN_ON(atomic_read(&vblank->refcount) == 0))
> > + if (WARN_ON(crtc >= dev->num_crtcs))
> > return;
> >
> > - if (WARN_ON(crtc >= dev->num_crtcs))
> > + if (WARN_ON(atomic_read(&vblank->refcount) == 0))
> > return;
> >
> > /* Last user schedules interrupt disable */
> > @@ -1158,6 +1158,9 @@ void drm_wait_one_vblank(struct drm_device *dev, int crtc)
> > int ret;
> > u32 last;
> >
> > + if (WARN_ON(crtc >= dev->num_crtcs))
> > + return;
> > +
> > ret = drm_vblank_get(dev, crtc);
> > if (WARN(ret, "vblank not available on crtc %i, ret=%i\n", crtc, ret))
> > return;
> > @@ -1428,6 +1431,9 @@ void drm_vblank_post_modeset(struct drm_device *dev, int crtc)
> > if (!dev->num_crtcs)
> > return;
> >
> > + if (WARN_ON(crtc >= dev->num_crtcs))
> > + return;
> > +
> > if (vblank->inmodeset) {
> > spin_lock_irqsave(&dev->vbl_lock, irqflags);
> > dev->vblank_disable_allowed = true;
> > --
> > 2.4.5
> >
>
> --
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/dri-devel/attachments/20150813/3bdec4f5/attachment.sig>
More information about the dri-devel
mailing list