Re: [Intel-gfx] [PATCH] drm: Check if primary mst is null
Thanks for noticing this one! With the changes that Ville mentioned in their
response:
Reviewed-by: Lyude Paul
If you need me to push this for you; poke me here or on IRC
On Wed, 2018-11-07 at 18:11 +0200, Stanislav Lisovskiy wrote:
> Unfortunately drm_dp_get_mst_branch_device which is called from both
> drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
> on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
> cleared with simultaneous mode set, if probing fails or in other case.
> mgr->lock mutex doesn't protect against that as it might just get assigned
> to NULL
> right before, not simultaneously.
> There are currently bugs 107738, 108816 bugs which crash in
> drm_dp_get_mst_branch_device, caused by this issue.
>
> Signed-off-by: Stanislav Lisovskiy
> ---
> drivers/gpu/drm/drm_dp_mst_topology.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
> b/drivers/gpu/drm/drm_dp_mst_topology.c
> index 5ff1d79b86c4..fb90ed4cdc3a 100644
> --- a/drivers/gpu/drm/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
> @@ -1273,6 +1273,12 @@ static struct drm_dp_mst_branch
> *drm_dp_get_mst_branch_device(struct drm_dp_mst_
> /* find the port by iterating down */
>
> mutex_lock(>lock);
> +
> + if (!mgr->mst_primary) {
> + mstb = NULL;
> + goto out;
> + }
> +
> mstb = mgr->mst_primary;
>
> for (i = 0; i < lct - 1; i++) {
--
Cheers,
Lyude Paul
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
Re: [Intel-gfx] [PATCH] drm: Check if primary mst is null
On Wed, Nov 07, 2018 at 06:11:30PM +0200, Stanislav Lisovskiy wrote:
> Unfortunately drm_dp_get_mst_branch_device which is called from both
> drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
> on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
> cleared with simultaneous mode set, if probing fails or in other case.
> mgr->lock mutex doesn't protect against that as it might just get assigned to
> NULL
> right before, not simultaneously.
> There are currently bugs 107738, 108816 bugs which crash in
> drm_dp_get_mst_branch_device, caused by this issue.
Use the proper Bugzilla: tags for those. This also seems like cc:stable
material.
>
> Signed-off-by: Stanislav Lisovskiy
> ---
> drivers/gpu/drm/drm_dp_mst_topology.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
> b/drivers/gpu/drm/drm_dp_mst_topology.c
> index 5ff1d79b86c4..fb90ed4cdc3a 100644
> --- a/drivers/gpu/drm/drm_dp_mst_topology.c
> +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
> @@ -1273,6 +1273,12 @@ static struct drm_dp_mst_branch
> *drm_dp_get_mst_branch_device(struct drm_dp_mst_
> /* find the port by iterating down */
>
> mutex_lock(>lock);
> +
> + if (!mgr->mst_primary) {
> + mstb = NULL;
> + goto out;
> + }
> +
> mstb = mgr->mst_primary;
>
Or a bit simpler:
mstb = mgr->mst_primary;
+ if (!mstb)
+ goto out;
ccing Lyude as well..
> for (i = 0; i < lct - 1; i++) {
> --
> 2.17.1
>
> ___
> dri-devel mailing list
> dri-de...@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel
--
Ville Syrjälä
Intel
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
[Intel-gfx] [PATCH] drm: Check if primary mst is null
Unfortunately drm_dp_get_mst_branch_device which is called from both
drm_dp_mst_handle_down_rep and drm_dp_mst_handle_up_rep seem to rely
on that mgr->mst_primary is not NULL, which seem to be wrong as it can be
cleared with simultaneous mode set, if probing fails or in other case.
mgr->lock mutex doesn't protect against that as it might just get assigned to
NULL
right before, not simultaneously.
There are currently bugs 107738, 108816 bugs which crash in
drm_dp_get_mst_branch_device, caused by this issue.
Signed-off-by: Stanislav Lisovskiy
---
drivers/gpu/drm/drm_dp_mst_topology.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c
b/drivers/gpu/drm/drm_dp_mst_topology.c
index 5ff1d79b86c4..fb90ed4cdc3a 100644
--- a/drivers/gpu/drm/drm_dp_mst_topology.c
+++ b/drivers/gpu/drm/drm_dp_mst_topology.c
@@ -1273,6 +1273,12 @@ static struct drm_dp_mst_branch
*drm_dp_get_mst_branch_device(struct drm_dp_mst_
/* find the port by iterating down */
mutex_lock(>lock);
+
+ if (!mgr->mst_primary) {
+ mstb = NULL;
+ goto out;
+ }
+
mstb = mgr->mst_primary;
for (i = 0; i < lct - 1; i++) {
--
2.17.1
___
Intel-gfx mailing list
Intel-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/intel-gfx
