[PATCH 3.19.y-ckt 120/196] drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
3.19.8-ckt16 -stable review patch. If anyone has any objections, please let me
know.
---8<
From: Mario Kleiner <mario.kleiner...@gmail.com>
commit bb74fc1bf3072bd3ab4ed5f43afd287a63baf2d7 upstream.
drm_vblank_offdelay can have three different types of values:
< 0 is to be always treated the same as dev->vblank_disable_immediate
= 0 is to be treated as "never disable vblanks"
> 0 is to be treated as disable immediate if kms driver wants it
that way via dev->vblank_disable_immediate. Otherwise it is
a disable timeout in msecs.
This got broken in Linux 3.18+ for the implementation of
drm_vblank_on. If the user specified a value of zero which should
always reenable vblank irqs in this function, a kms driver could
override the users choice by setting vblank_disable_immediate
to true. This patch fixes the regression and keeps the user in
control.
v2: Only reenable vblank if there are clients left or the user
requested to "never disable vblanks" via offdelay 0. Enabling
vblanks even in the "delayed disable" case (offdelay > 0) was
specifically added by Ville in commit cd19e52aee922
("drm: Kick start vblank interrupts at drm_vblank_on()"),
but after discussion it turns out that this was done by accident.
Citing Ville: "I think it just ended up as a mess due to changing
some of the semantics of offdelay<0 vs. offdelay==0 vs.
disable_immediate during the review of the series. So yeah, given
how drm_vblank_put() works now, I'd just make this check for
offdelay==0."
Signed-off-by: Mario Kleiner
Reviewed-by: Daniel Vetter
Cc: michel at daenzer.net
Cc: vbabka at suse.cz
Cc: ville.syrjala at linux.intel.com
Cc: daniel.vetter at ffwll.ch
Cc: dri-devel at lists.freedesktop.org
Cc: alexander.deucher at amd.com
Cc: christian.koenig at amd.com
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_irq.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index 68193a6..5409518 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1264,8 +1264,7 @@ void drm_vblank_on(struct drm_device *dev, int crtc)
* re-enable interrupts if there are users left, or the
* user wishes vblank interrupts to be enabled all the time.
*/
- if (atomic_read(>refcount) != 0 ||
- (!dev->vblank_disable_immediate && drm_vblank_offdelay == 0))
+ if (atomic_read(>refcount) != 0 || drm_vblank_offdelay == 0)
WARN_ON(drm_vblank_enable(dev, crtc));
spin_unlock_irqrestore(>vbl_lock, irqflags);
}
--
2.7.0
[3.19.y-ckt stable] Patch "drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)" has been added to the 3.19.y-ckt tree
This is a note to let you know that I have just added a patch titled
drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
to the linux-3.19.y-queue branch of the 3.19.y-ckt extended stable tree
which can be found at:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.19.y-queue
This patch is scheduled to be released in version 3.19.8-ckt16.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 3.19.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
---8<
>From 526ff19b2357c8cb1ac1e08705cdab839611a037 Mon Sep 17 00:00:00 2001
From: Mario Kleiner <mario.kleiner...@gmail.com>
Date: Fri, 12 Feb 2016 20:30:30 +0100
Subject: drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
commit bb74fc1bf3072bd3ab4ed5f43afd287a63baf2d7 upstream.
drm_vblank_offdelay can have three different types of values:
< 0 is to be always treated the same as dev->vblank_disable_immediate
= 0 is to be treated as "never disable vblanks"
> 0 is to be treated as disable immediate if kms driver wants it
that way via dev->vblank_disable_immediate. Otherwise it is
a disable timeout in msecs.
This got broken in Linux 3.18+ for the implementation of
drm_vblank_on. If the user specified a value of zero which should
always reenable vblank irqs in this function, a kms driver could
override the users choice by setting vblank_disable_immediate
to true. This patch fixes the regression and keeps the user in
control.
v2: Only reenable vblank if there are clients left or the user
requested to "never disable vblanks" via offdelay 0. Enabling
vblanks even in the "delayed disable" case (offdelay > 0) was
specifically added by Ville in commit cd19e52aee922
("drm: Kick start vblank interrupts at drm_vblank_on()"),
but after discussion it turns out that this was done by accident.
Citing Ville: "I think it just ended up as a mess due to changing
some of the semantics of offdelay<0 vs. offdelay==0 vs.
disable_immediate during the review of the series. So yeah, given
how drm_vblank_put() works now, I'd just make this check for
offdelay==0."
Signed-off-by: Mario Kleiner
Reviewed-by: Daniel Vetter
Cc: michel at daenzer.net
Cc: vbabka at suse.cz
Cc: ville.syrjala at linux.intel.com
Cc: daniel.vetter at ffwll.ch
Cc: dri-devel at lists.freedesktop.org
Cc: alexander.deucher at amd.com
Cc: christian.koenig at amd.com
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_irq.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index 68193a6..5409518 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1264,8 +1264,7 @@ void drm_vblank_on(struct drm_device *dev, int crtc)
* re-enable interrupts if there are users left, or the
* user wishes vblank interrupts to be enabled all the time.
*/
- if (atomic_read(>refcount) != 0 ||
- (!dev->vblank_disable_immediate && drm_vblank_offdelay == 0))
+ if (atomic_read(>refcount) != 0 || drm_vblank_offdelay == 0)
WARN_ON(drm_vblank_enable(dev, crtc));
spin_unlock_irqrestore(>vbl_lock, irqflags);
}
--
2.7.0
[PATCH 4.2.y-ckt 170/273] drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
4.2.8-ckt5 -stable review patch. If anyone has any objections, please let me
know.
---8<
From: Mario Kleiner <mario.kleiner...@gmail.com>
commit bb74fc1bf3072bd3ab4ed5f43afd287a63baf2d7 upstream.
drm_vblank_offdelay can have three different types of values:
< 0 is to be always treated the same as dev->vblank_disable_immediate
= 0 is to be treated as "never disable vblanks"
> 0 is to be treated as disable immediate if kms driver wants it
that way via dev->vblank_disable_immediate. Otherwise it is
a disable timeout in msecs.
This got broken in Linux 3.18+ for the implementation of
drm_vblank_on. If the user specified a value of zero which should
always reenable vblank irqs in this function, a kms driver could
override the users choice by setting vblank_disable_immediate
to true. This patch fixes the regression and keeps the user in
control.
v2: Only reenable vblank if there are clients left or the user
requested to "never disable vblanks" via offdelay 0. Enabling
vblanks even in the "delayed disable" case (offdelay > 0) was
specifically added by Ville in commit cd19e52aee922
("drm: Kick start vblank interrupts at drm_vblank_on()"),
but after discussion it turns out that this was done by accident.
Citing Ville: "I think it just ended up as a mess due to changing
some of the semantics of offdelay<0 vs. offdelay==0 vs.
disable_immediate during the review of the series. So yeah, given
how drm_vblank_put() works now, I'd just make this check for
offdelay==0."
Signed-off-by: Mario Kleiner
Reviewed-by: Daniel Vetter
Cc: michel at daenzer.net
Cc: vbabka at suse.cz
Cc: ville.syrjala at linux.intel.com
Cc: daniel.vetter at ffwll.ch
Cc: dri-devel at lists.freedesktop.org
Cc: alexander.deucher at amd.com
Cc: christian.koenig at amd.com
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_irq.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index b50fa0a..6447b48 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1338,8 +1338,7 @@ void drm_vblank_on(struct drm_device *dev, int crtc)
* re-enable interrupts if there are users left, or the
* user wishes vblank interrupts to be enabled all the time.
*/
- if (atomic_read(>refcount) != 0 ||
- (!dev->vblank_disable_immediate && drm_vblank_offdelay == 0))
+ if (atomic_read(>refcount) != 0 || drm_vblank_offdelay == 0)
WARN_ON(drm_vblank_enable(dev, crtc));
spin_unlock_irqrestore(>vbl_lock, irqflags);
}
--
2.7.0
[4.2.y-ckt stable] Patch "drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)" has been added to the 4.2.y-ckt tree
This is a note to let you know that I have just added a patch titled
drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree
which can be found at:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-queue
This patch is scheduled to be released in version 4.2.8-ckt5.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 4.2.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
---8<
>From 5e9a7dec7acb148f29a0b24f66c6e22caa1aa592 Mon Sep 17 00:00:00 2001
From: Mario Kleiner <mario.kleiner...@gmail.com>
Date: Fri, 12 Feb 2016 20:30:30 +0100
Subject: drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
commit bb74fc1bf3072bd3ab4ed5f43afd287a63baf2d7 upstream.
drm_vblank_offdelay can have three different types of values:
< 0 is to be always treated the same as dev->vblank_disable_immediate
= 0 is to be treated as "never disable vblanks"
> 0 is to be treated as disable immediate if kms driver wants it
that way via dev->vblank_disable_immediate. Otherwise it is
a disable timeout in msecs.
This got broken in Linux 3.18+ for the implementation of
drm_vblank_on. If the user specified a value of zero which should
always reenable vblank irqs in this function, a kms driver could
override the users choice by setting vblank_disable_immediate
to true. This patch fixes the regression and keeps the user in
control.
v2: Only reenable vblank if there are clients left or the user
requested to "never disable vblanks" via offdelay 0. Enabling
vblanks even in the "delayed disable" case (offdelay > 0) was
specifically added by Ville in commit cd19e52aee922
("drm: Kick start vblank interrupts at drm_vblank_on()"),
but after discussion it turns out that this was done by accident.
Citing Ville: "I think it just ended up as a mess due to changing
some of the semantics of offdelay<0 vs. offdelay==0 vs.
disable_immediate during the review of the series. So yeah, given
how drm_vblank_put() works now, I'd just make this check for
offdelay==0."
Signed-off-by: Mario Kleiner
Reviewed-by: Daniel Vetter
Cc: michel at daenzer.net
Cc: vbabka at suse.cz
Cc: ville.syrjala at linux.intel.com
Cc: daniel.vetter at ffwll.ch
Cc: dri-devel at lists.freedesktop.org
Cc: alexander.deucher at amd.com
Cc: christian.koenig at amd.com
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_irq.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
index b50fa0a..6447b48 100644
--- a/drivers/gpu/drm/drm_irq.c
+++ b/drivers/gpu/drm/drm_irq.c
@@ -1338,8 +1338,7 @@ void drm_vblank_on(struct drm_device *dev, int crtc)
* re-enable interrupts if there are users left, or the
* user wishes vblank interrupts to be enabled all the time.
*/
- if (atomic_read(>refcount) != 0 ||
- (!dev->vblank_disable_immediate && drm_vblank_offdelay == 0))
+ if (atomic_read(>refcount) != 0 || drm_vblank_offdelay == 0)
WARN_ON(drm_vblank_enable(dev, crtc));
spin_unlock_irqrestore(>vbl_lock, irqflags);
}
--
2.7.0
[PATCH 4.2.y-ckt 088/211] drm: Use userspace compatible type in fourcc_mod_code macro
4.2.8-ckt1 -stable review patch. If anyone has any objections, please let me
know.
--
From: Tvrtko Ursulin <tvrtko.ursu...@intel.com>
commit 6172180c6b37ea164bf8a9bad70bb348d0a16563 upstream.
__u64 should be used instead of u64.
Feature originally added in:
commit e3eb3250d84ef97b766312345774367b6a310db8
Author: Rob Clark
Date: Thu Feb 5 14:41:52 2015 +
drm: add support for tiled/compressed/etc modifier in addfb2
Signed-off-by: Tvrtko Ursulin
Cc: Rob Clark
Cc: Daniel Stone
Cc: Daniel Vetter
Cc: dri-devel at lists.freedesktop.org
Fixes: e3eb3250d84e ("drm: add support for tiled/compressed/etc modifier in
addfb2")
Reviewed-by: Ville Syrjälä
Link:
http://patchwork.freedesktop.org/patch/msgid/1442999431-28568-1-git-send-email-tvrtko.ursulin
at linux.intel.com
Signed-off-by: Jani Nikula
Signed-off-by: Kamal Mostafa
---
include/uapi/drm/drm_fourcc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/drm/drm_fourcc.h b/include/uapi/drm/drm_fourcc.h
index 2f295cd..904c798 100644
--- a/include/uapi/drm/drm_fourcc.h
+++ b/include/uapi/drm/drm_fourcc.h
@@ -151,7 +151,7 @@
/* add more to the end as needed */
#define fourcc_mod_code(vendor, val) \
- u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val &
0x00ffULL))
+ __u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val &
0x00ffULL))
/*
* Format Modifier tokens:
--
1.9.1
[4.2.y-ckt stable] Patch "drm: Use userspace compatible type in fourcc_mod_code macro" has been added to staging queue
This is a note to let you know that I have just added a patch titled
drm: Use userspace compatible type in fourcc_mod_code macro
to the linux-4.2.y-queue branch of the 4.2.y-ckt extended stable tree
which can be found at:
http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-4.2.y-queue
This patch is scheduled to be released in version 4.2.8-ckt1.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 4.2.y-ckt tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
--
>From 821230d84141c4d2da394038db09fcba3fbf57ba Mon Sep 17 00:00:00 2001
From: Tvrtko Ursulin <tvrtko.ursu...@intel.com>
Date: Wed, 23 Sep 2015 10:10:31 +0100
Subject: drm: Use userspace compatible type in fourcc_mod_code macro
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit 6172180c6b37ea164bf8a9bad70bb348d0a16563 upstream.
__u64 should be used instead of u64.
Feature originally added in:
commit e3eb3250d84ef97b766312345774367b6a310db8
Author: Rob Clark
Date: Thu Feb 5 14:41:52 2015 +
drm: add support for tiled/compressed/etc modifier in addfb2
Signed-off-by: Tvrtko Ursulin
Cc: Rob Clark
Cc: Daniel Stone
Cc: Daniel Vetter
Cc: dri-devel at lists.freedesktop.org
Fixes: e3eb3250d84e ("drm: add support for tiled/compressed/etc modifier in
addfb2")
Reviewed-by: Ville Syrjälä
Link:
http://patchwork.freedesktop.org/patch/msgid/1442999431-28568-1-git-send-email-tvrtko.ursulin
at linux.intel.com
Signed-off-by: Jani Nikula
Signed-off-by: Kamal Mostafa
---
include/uapi/drm/drm_fourcc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/uapi/drm/drm_fourcc.h b/include/uapi/drm/drm_fourcc.h
index 2f295cd..904c798 100644
--- a/include/uapi/drm/drm_fourcc.h
+++ b/include/uapi/drm/drm_fourcc.h
@@ -151,7 +151,7 @@
/* add more to the end as needed */
#define fourcc_mod_code(vendor, val) \
- u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val &
0x00ffULL))
+ __u64)DRM_FORMAT_MOD_VENDOR_## vendor) << 56) | (val &
0x00ffULL))
/*
* Format Modifier tokens:
--
1.9.1
[PATCH 3.8 57/91] drm: Pad drm_mode_get_connector to 64-bit boundary
3.8.13.13 -stable review patch. If anyone has any objections, please let me
know.
--
From: Chris Wilson <ch...@chris-wilson.co.uk>
commit bc5bd37ce48c66e9192ad2e7231e9678880f6f8e upstream.
Pavel Roskin reported that DRM_IOCTL_MODE_GETCONNECTOR was overwritting
the 4 bytes beyond the end of its structure with a 32-bit userspace
running on a 64-bit kernel. This is due to the padding gcc inserts as
the drm_mode_get_connector struct includes a u64 and its size is not a
natural multiple of u64s.
64-bit kernel:
sizeof(drm_mode_get_connector)=80, alignof=8
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
32-bit userspace:
sizeof(drm_mode_get_connector)=76, alignof=4
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
Fortuituously we can insert explicit padding to the tail of our
structures without breaking ABI.
Reported-by: Pavel Roskin
Signed-off-by: Chris Wilson
Cc: Dave Airlie
Cc: dri-devel at lists.freedesktop.org
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
include/uapi/drm/drm_mode.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/drm/drm_mode.h b/include/uapi/drm/drm_mode.h
index 3d6301b..f604a1a 100644
--- a/include/uapi/drm/drm_mode.h
+++ b/include/uapi/drm/drm_mode.h
@@ -223,6 +223,8 @@ struct drm_mode_get_connector {
__u32 connection;
__u32 mm_width, mm_height; /**< HxW in millimeters */
__u32 subpixel;
+
+ __u32 pad;
};
#define DRM_MODE_PROP_PENDING (1<<0)
--
1.8.1.2
[PATCH 3.8 56/91] drm: Prevent overwriting from userspace underallocating core ioctl structs
3.8.13.13 -stable review patch. If anyone has any objections, please let me
know.
--
From: Chris Wilson <ch...@chris-wilson.co.uk>
commit b062672e305ce071f21eb9e18b102c2a430e0999 upstream.
Apply the protections from
commit 1b2f1489633888d4a06028315dc19d65768a1c05
Author: Dave Airlie
Date: Sat Aug 14 20:20:34 2010 +1000
drm: block userspace under allocating buffer and having drivers overwrite
it (v2)
to the core ioctl structs as well, for we found one instance where there
is a 32-/64-bit size mismatch and were guilty of writing beyond the end
of the user's buffer.
Signed-off-by: Chris Wilson
Cc: Dave Airlie
Reviewed-by: Ville Syrj?l?
Cc: dri-devel at lists.freedesktop.org
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_drv.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index be174ca..4177780 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -411,9 +411,16 @@ long drm_ioctl(struct file *filp,
asize = drv_size;
}
else if ((nr >= DRM_COMMAND_END) || (nr < DRM_COMMAND_BASE)) {
+ u32 drv_size;
+
ioctl = _ioctls[nr];
- cmd = ioctl->cmd;
+
+ drv_size = _IOC_SIZE(ioctl->cmd);
usize = asize = _IOC_SIZE(cmd);
+ if (drv_size > asize)
+ asize = drv_size;
+
+ cmd = ioctl->cmd;
} else
goto err_i1;
--
1.8.1.2
[3.8.y.z extended stable] Patch "drm: Pad drm_mode_get_connector to 64-bit boundary" has been added to staging queue
This is a note to let you know that I have just added a patch titled
drm: Pad drm_mode_get_connector to 64-bit boundary
to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree
which can be found at:
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue
This patch is scheduled to be released in version 3.8.13.13.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
--
>From 2deab1c555d964b0269d6f603401fd78d9fd8df8 Mon Sep 17 00:00:00 2001
From: Chris Wilson <ch...@chris-wilson.co.uk>
Date: Wed, 16 Oct 2013 09:49:02 +0100
Subject: drm: Pad drm_mode_get_connector to 64-bit boundary
commit bc5bd37ce48c66e9192ad2e7231e9678880f6f8e upstream.
Pavel Roskin reported that DRM_IOCTL_MODE_GETCONNECTOR was overwritting
the 4 bytes beyond the end of its structure with a 32-bit userspace
running on a 64-bit kernel. This is due to the padding gcc inserts as
the drm_mode_get_connector struct includes a u64 and its size is not a
natural multiple of u64s.
64-bit kernel:
sizeof(drm_mode_get_connector)=80, alignof=8
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
32-bit userspace:
sizeof(drm_mode_get_connector)=76, alignof=4
sizeof(drm_mode_get_encoder)=20, alignof=4
sizeof(drm_mode_modeinfo)=68, alignof=4
Fortuituously we can insert explicit padding to the tail of our
structures without breaking ABI.
Reported-by: Pavel Roskin
Signed-off-by: Chris Wilson
Cc: Dave Airlie
Cc: dri-devel at lists.freedesktop.org
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
include/uapi/drm/drm_mode.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/include/uapi/drm/drm_mode.h b/include/uapi/drm/drm_mode.h
index 3d6301b..f604a1a 100644
--- a/include/uapi/drm/drm_mode.h
+++ b/include/uapi/drm/drm_mode.h
@@ -223,6 +223,8 @@ struct drm_mode_get_connector {
__u32 connection;
__u32 mm_width, mm_height; /**< HxW in millimeters */
__u32 subpixel;
+
+ __u32 pad;
};
#define DRM_MODE_PROP_PENDING (1<<0)
--
1.8.1.2
[3.8.y.z extended stable] Patch "drm: Prevent overwriting from userspace underallocating core ioctl" has been added to staging queue
This is a note to let you know that I have just added a patch titled
drm: Prevent overwriting from userspace underallocating core ioctl
to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree
which can be found at:
http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue
This patch is scheduled to be released in version 3.8.13.13.
If you, or anyone else, feels it should not be added to this tree, please
reply to this email.
For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable
Thanks.
-Kamal
--
>From 95e3ee2e369592d92a2d67da82b855907e4f9898 Mon Sep 17 00:00:00 2001
From: Chris Wilson <ch...@chris-wilson.co.uk>
Date: Wed, 16 Oct 2013 11:22:44 +0100
Subject: drm: Prevent overwriting from userspace underallocating core ioctl
structs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit b062672e305ce071f21eb9e18b102c2a430e0999 upstream.
Apply the protections from
commit 1b2f1489633888d4a06028315dc19d65768a1c05
Author: Dave Airlie
Date: Sat Aug 14 20:20:34 2010 +1000
drm: block userspace under allocating buffer and having drivers overwrite
it (v2)
to the core ioctl structs as well, for we found one instance where there
is a 32-/64-bit size mismatch and were guilty of writing beyond the end
of the user's buffer.
Signed-off-by: Chris Wilson
Cc: Dave Airlie
Reviewed-by: Ville Syrj?l?
Cc: dri-devel at lists.freedesktop.org
Signed-off-by: Dave Airlie
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/drm_drv.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
index be174ca..4177780 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -411,9 +411,16 @@ long drm_ioctl(struct file *filp,
asize = drv_size;
}
else if ((nr >= DRM_COMMAND_END) || (nr < DRM_COMMAND_BASE)) {
+ u32 drv_size;
+
ioctl = _ioctls[nr];
- cmd = ioctl->cmd;
+
+ drv_size = _IOC_SIZE(ioctl->cmd);
usize = asize = _IOC_SIZE(cmd);
+ if (drv_size > asize)
+ asize = drv_size;
+
+ cmd = ioctl->cmd;
} else
goto err_i1;
--
1.8.1.2
[PATCH] drm/i915: i915.quirks_set/quirks_mask overrides dmi match
Boot params quirks_set and quirks_mask allow the user to enable or
inhibit any dmi-matched quirks, overriding the dmi match table. Examples:
i915.quirks_set=0x2 - enables QUIRK_LVDS_SSC_DISABLE
i915.quirks_set=0x8 - enables QUIRK_NO_PCH_PWM_ENABLE
i915.quirks_mask=0x8 - disables QUIRK_NO_PCH_PWM_ENABLE
i915.quirks_mask=0xFF - disables all quirks
Signed-off-by: Kamal Mostafa ka...@canonical.com
Cc: sta...@vger.kernel.org
---
drivers/gpu/drm/i915/intel_display.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/drivers/gpu/drm/i915/intel_display.c
b/drivers/gpu/drm/i915/intel_display.c
index d88057e..a6af11c 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -10028,8 +10028,19 @@ static struct intel_quirk intel_quirks[] = {
{ 0x0166, 0x1028, 0x058b, quirk_no_pcm_pwm_enable },
};
+unsigned long i915_quirks_set __read_mostly = 0;
+module_param_named(quirks_set, i915_quirks_set, ulong, 0600);
+MODULE_PARM_DESC(quirks_set,
+ Enable specified quirks bits.);
+
+unsigned long i915_quirks_mask __read_mostly = 0;
+module_param_named(quirks_mask, i915_quirks_mask, ulong, 0600);
+MODULE_PARM_DESC(quirks_mask,
+ Disable specified quirks bits (override dmi match).);
+
static void intel_init_quirks(struct drm_device *dev)
{
+ struct drm_i915_private *dev_priv = dev-dev_private;
struct pci_dev *d = dev-pdev;
int i;
@@ -10047,6 +10058,10 @@ static void intel_init_quirks(struct drm_device *dev)
if (dmi_check_system(*intel_dmi_quirks[i].dmi_id_list) != 0)
intel_dmi_quirks[i].hook(dev);
}
+
+ /* handle user-specified quirks overrides */
+ dev_priv-quirks |= i915_quirks_set;
+ dev_priv-quirks = ~i915_quirks_mask;
}
/* Disable the VGA plane that we never use */
--
1.8.1.2
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm/i915: i915.disable_pch_pwm overrides PCH_PWM_ENABLE quirk
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=47941
Some BIOS configurations of Dell XPS13 are adversely affected by e85843b
(drm/i915: quirk no PCH_PWM_ENABLE for Dell XPS13 backlight) so provide a
boot param to inhibit the quirk, or force it on.
i915.disable_pch_pwm can be set to
-1: auto (default; allows the disabling of pch_pwm by dmi quirk table match)
0: inhibits the disabling of pch_pwm (overrides dmi quirk table match)
1: forces the disabling of pch_pwm
Signed-off-by: Kamal Mostafa ka...@canonical.com
---
drivers/gpu/drm/i915/i915_drv.c | 4
drivers/gpu/drm/i915/i915_drv.h | 1 +
drivers/gpu/drm/i915/intel_display.c | 11 ---
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
index 72e2be7..fee05df 100644
--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -154,6 +154,10 @@ module_param_named(prefault_disable,
i915_prefault_disable, bool, 0600);
MODULE_PARM_DESC(prefault_disable,
Disable page prefaulting for pread/pwrite/reloc
(default:false). For developers only.);
+int i915_disable_pch_pwm __read_mostly = -1;
+module_param_named(disable_pch_pwm, i915_disable_pch_pwm, int, 0600);
+MODULE_PARM_DESC(disable_pch_pwm, disable PCH_PWM (default: -1 (auto)));
+
static struct drm_driver driver;
extern int intel_agp_enabled;
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index 769c138..e6f2a34 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -1726,6 +1726,7 @@ extern bool i915_fastboot __read_mostly;
extern int i915_enable_pc8 __read_mostly;
extern int i915_pc8_timeout __read_mostly;
extern bool i915_prefault_disable __read_mostly;
+extern int i915_disable_pch_pwm __read_mostly;
extern int i915_suspend(struct drm_device *dev, pm_message_t state);
extern int i915_resume(struct drm_device *dev);
diff --git a/drivers/gpu/drm/i915/intel_display.c
b/drivers/gpu/drm/i915/intel_display.c
index 30e5946..86fa722 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -9948,9 +9948,8 @@ static void quirk_invert_brightness(struct drm_device
*dev)
*/
static void quirk_no_pcm_pwm_enable(struct drm_device *dev)
{
- struct drm_i915_private *dev_priv = dev-dev_private;
- dev_priv-quirks |= QUIRK_NO_PCH_PWM_ENABLE;
- DRM_INFO(applying no-PCH_PWM_ENABLE quirk\n);
+ if (i915_disable_pch_pwm 0)
+ i915_disable_pch_pwm = 1;
}
struct intel_quirk {
@@ -10048,6 +10047,12 @@ static void intel_init_quirks(struct drm_device *dev)
if (dmi_check_system(*intel_dmi_quirks[i].dmi_id_list) != 0)
intel_dmi_quirks[i].hook(dev);
}
+
+ if (i915_disable_pch_pwm == 1) {
+ struct drm_i915_private *dev_priv = dev-dev_private;
+ dev_priv-quirks |= QUIRK_NO_PCH_PWM_ENABLE;
+ DRM_INFO(applying no-PCH_PWM_ENABLE quirk\n);
+ }
}
/* Disable the VGA plane that we never use */
--
1.8.1.2
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
Re: [PATCH] drm/i915: i915.disable_pch_pwm overrides PCH_PWM_ENABLE quirk
On Tue, 2013-09-03 at 19:50 +0200, Daniel Vetter wrote:
On Tue, Sep 3, 2013 at 7:37 PM, Kamal Mostafa ka...@canonical.com wrote:
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=47941
Some BIOS configurations of Dell XPS13 are adversely affected by e85843b
(drm/i915: quirk no PCH_PWM_ENABLE for Dell XPS13 backlight) so provide a
boot param to inhibit the quirk, or force it on.
i915.disable_pch_pwm can be set to
-1: auto (default; allows the disabling of pch_pwm by dmi quirk table
match)
0: inhibits the disabling of pch_pwm (overrides dmi quirk table match)
1: forces the disabling of pch_pwm
Signed-off-by: Kamal Mostafa ka...@canonical.com
Nack. Piling quirk over quirk isn't the right approach
I understand your reluctance, but this isn't actually any new quirk
functionality, just a way to manually enable/disable the original
PCH_PWM_ENABLE quirk. I think this is the least crazy approach,
because:
Most XPS13 configurations do need the quirk (and maybe some other yet to
be identified machines also), but dmi matching cannot discern the one
particular XPS13 configuration (Ivy Bridge booting UEFI mode without
Legacy Option ROM) that is adversely affected by it. We could
alternately consider trying to detect that specific configuration with
code in i915, but that seemed a lot crazier (and less generally useful)
than just providing an override switch for rare or yet-to-be-discovered
configurations.
Hmmm. What if we had a pair of boot params i915.quirks_set and
i915.quirks_mask boot params that could be used to manually set or
mask _all_ the bits in dev_priv-quirks? Such params would surely come
in handy for cases just like this one, and would be useful for testing
future machines easily. (Would you take that if I submitted it?)
and I think I
should just revert the pch_pwm enable quirk again.
-Daniel
But reverting the original quirk would break ALL the XPS13
configurations, which nobody is requesting. Please don't revert the
quirk. At most, you might want to disable the Ivy Bridge dmi match (but
I don't recommend this either):
/* Dell XPS13 HD and XPS13 FHD Ivy Bridge */
{ 0x0166, 0x1028, 0x058b, quirk_no_pcm_pwm_enable },
-Kamal
signature.asc
Description: This is a digitally signed message part
___
dri-devel mailing list
dri-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/dri-devel
[PATCH] drm/i915: quirk no PCH_PWM_ENABLE for Dell XPS13 backlight
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=47941
BugLink: https://bugs.launchpad.net/bugs/1163720
BugLink: https://bugs.launchpad.net/bugs/1162026
Some machines suffer from non-functional backlight controls if
BLM_PCH_PWM_ENABLE is set, so provide a quirk to avoid doing so.
Apply this quirk to Dell XPS 13 models.
Tested-by: Eric Griffith
Tested-by: Kent Baxley
Cc: # v3.8+
Signed-off-by: Kamal Mostafa
---
drivers/gpu/drm/i915/i915_drv.h | 1 +
drivers/gpu/drm/i915/intel_display.c | 16
drivers/gpu/drm/i915/intel_panel.c | 3 ++-
3 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index a416645..204c3ec 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -555,6 +555,7 @@ enum intel_sbi_destination {
#define QUIRK_PIPEA_FORCE (1<<0)
#define QUIRK_LVDS_SSC_DISABLE (1<<1)
#define QUIRK_INVERT_BRIGHTNESS (1<<2)
+#define QUIRK_NO_PCH_PWM_ENABLE (1<<3)
struct intel_fbdev;
struct intel_fbc_work;
diff --git a/drivers/gpu/drm/i915/intel_display.c
b/drivers/gpu/drm/i915/intel_display.c
index 85f3eb7..42e207e 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -9398,6 +9398,17 @@ static void quirk_invert_brightness(struct drm_device
*dev)
DRM_INFO("applying inverted panel brightness quirk\n");
}
+/*
+ * Some machines (Dell XPS13) suffer broken backlight controls if
+ * BLM_PCH_PWM_ENABLE is set.
+ */
+static void quirk_no_pcm_pwm_enable(struct drm_device *dev)
+{
+ struct drm_i915_private *dev_priv = dev->dev_private;
+ dev_priv->quirks |= QUIRK_NO_PCH_PWM_ENABLE;
+ DRM_INFO("applying no-PCH_PWM_ENABLE quirk\n");
+}
+
struct intel_quirk {
int device;
int subsystem_vendor;
@@ -9467,6 +9478,11 @@ static struct intel_quirk intel_quirks[] = {
/* Acer Aspire 4736Z */
{ 0x2a42, 0x1025, 0x0260, quirk_invert_brightness },
+
+ /* Dell XPS13 HD Sandy Bridge */
+ { 0x0116, 0x1028, 0x052e, quirk_no_pcm_pwm_enable },
+ /* Dell XPS13 HD and XPS13 FHD Ivy Bridge */
+ { 0x0166, 0x1028, 0x058b, quirk_no_pcm_pwm_enable },
};
static void intel_init_quirks(struct drm_device *dev)
diff --git a/drivers/gpu/drm/i915/intel_panel.c
b/drivers/gpu/drm/i915/intel_panel.c
index 80bea1d..01b5a51 100644
--- a/drivers/gpu/drm/i915/intel_panel.c
+++ b/drivers/gpu/drm/i915/intel_panel.c
@@ -580,7 +580,8 @@ void intel_panel_enable_backlight(struct drm_device *dev,
POSTING_READ(reg);
I915_WRITE(reg, tmp | BLM_PWM_ENABLE);
- if (HAS_PCH_SPLIT(dev)) {
+ if (HAS_PCH_SPLIT(dev) &&
+ !(dev_priv->quirks & QUIRK_NO_PCH_PWM_ENABLE)) {
tmp = I915_READ(BLC_PWM_PCH_CTL1);
tmp |= BLM_PCH_PWM_ENABLE;
tmp &= ~BLM_PCH_OVERRIDE_ENABLE;
--
1.8.1.2
