From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thierry Reding <thierry.reding@gmail.com>
Subject: Re: [PATCH 08/13] drm/irq: Check for valid VBLANK before dereference
Date: Thu, 13 Aug 2015 11:20:05 +0200
Message-ID: <20150813092005.GB21842@ulmo>
References: <1439391635-29166-1-git-send-email-thierry.reding@gmail.com>
 <1439391635-29166-8-git-send-email-thierry.reding@gmail.com>
 <20150812154011.GN17734@phenom.ffwll.local>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0710484183=="
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com
 [209.85.212.176])
 by gabe.freedesktop.org (Postfix) with ESMTPS id 8FD2E7A12B
 for <dri-devel@lists.freedesktop.org>; Thu, 13 Aug 2015 02:21:01 -0700 (PDT)
Received: by wijp15 with SMTP id p15so250346802wij.0
 for <dri-devel@lists.freedesktop.org>; Thu, 13 Aug 2015 02:21:00 -0700 (PDT)
In-Reply-To: <20150812154011.GN17734@phenom.ffwll.local>
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: Daniel Vetter <daniel@ffwll.ch>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>, dri-devel@lists.freedesktop.org
List-Id: dri-devel@lists.freedesktop.org


--===============0710484183==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="U+BazGySraz5kW0T"
Content-Disposition: inline


--U+BazGySraz5kW0T
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 12, 2015 at 05:40:11PM +0200, Daniel Vetter wrote:
> On Wed, Aug 12, 2015 at 05:00:30PM +0200, Thierry Reding wrote:
> > From: Thierry Reding <treding@nvidia.com>
> >=20
> > When accessing the array of per-CRTC VBLANK structures we must always
> > check that the index into the array is valid before dereferencing to
> > avoid crashing.
> >=20
> > Signed-off-by: Thierry Reding <treding@nvidia.com>
>=20
> This misses vblank_reset (I guess that function is newer than your
> patches). Can you please do a follow-up? I merged this one meanwhile.

We only have drm_crtc_vblank_reset(), in which case there's no need to
check the index because it's obtained directly from a struct drm_crtc *
and hence will be valid.

Thierry

> > ---
> >  drivers/gpu/drm/drm_irq.c | 10 ++++++++--
> >  1 file changed, 8 insertions(+), 2 deletions(-)
> >=20
> > diff --git a/drivers/gpu/drm/drm_irq.c b/drivers/gpu/drm/drm_irq.c
> > index 5c666c780fe9..a957b9618e85 100644
> > --- a/drivers/gpu/drm/drm_irq.c
> > +++ b/drivers/gpu/drm/drm_irq.c
> > @@ -1110,10 +1110,10 @@ void drm_vblank_put(struct drm_device *dev, int=
 crtc)
> >  {
> >  	struct drm_vblank_crtc *vblank =3D &dev->vblank[crtc];
> > =20
> > -	if (WARN_ON(atomic_read(&vblank->refcount) =3D=3D 0))
> > +	if (WARN_ON(crtc >=3D dev->num_crtcs))
> >  		return;
> > =20
> > -	if (WARN_ON(crtc >=3D dev->num_crtcs))
> > +	if (WARN_ON(atomic_read(&vblank->refcount) =3D=3D 0))
> >  		return;
> > =20
> >  	/* Last user schedules interrupt disable */
> > @@ -1158,6 +1158,9 @@ void drm_wait_one_vblank(struct drm_device *dev, =
int crtc)
> >  	int ret;
> >  	u32 last;
> > =20
> > +	if (WARN_ON(crtc >=3D dev->num_crtcs))
> > +		return;
> > +
> >  	ret =3D drm_vblank_get(dev, crtc);
> >  	if (WARN(ret, "vblank not available on crtc %i, ret=3D%i\n", crtc, re=
t))
> >  		return;
> > @@ -1428,6 +1431,9 @@ void drm_vblank_post_modeset(struct drm_device *d=
ev, int crtc)
> >  	if (!dev->num_crtcs)
> >  		return;
> > =20
> > +	if (WARN_ON(crtc >=3D dev->num_crtcs))
> > +		return;
> > +
> >  	if (vblank->inmodeset) {
> >  		spin_lock_irqsave(&dev->vbl_lock, irqflags);
> >  		dev->vblank_disable_allowed =3D true;
> > --=20
> > 2.4.5
> >=20
>=20
> --=20
> Daniel Vetter
> Software Engineer, Intel Corporation
> http://blog.ffwll.ch

--U+BazGySraz5kW0T
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJVzGFEAAoJEN0jrNd/PrOhs6QQAJ9H8jqv1WxLCbxDfJHbHxCf
36aegt+6wcSgJKjvqX+hDGb4Hxt7rYi1CtfUwE9DUhX+dwA22B0x5vd9OJSCw4Jv
jCtldAKZ+Tcw9+MAcsRci3ryGtJLwPzNyVkTat6bYCTrxFnpcJcpYGwi3n/0BK+X
HoKgKhUMmND1fOVJNFMikdUTEULWM/B42a4EtoqHCb2eDopo0F8h97fyZIE2Ahhb
uGqJ1yxFsg/7nP3x3Fj9Xq+KNbQYnseiCjxjFMfwGyw0TClW36+yVpbbuShgUBXo
AoUt8MCjo+a2kpw8DB7cqpJXoAo7mNUNUHn9yK0sF1OJnWGyYSMEK9GfIR6B/xNB
AN8iAAcMfIJghTZ6V2n+5nrQq9UnjGOAt3QYggy62TP2vQGB74yPufNblAGylI1B
MImL2kanWkIXjYKGauOzuHgQzyFu8aqWGsaLHzfqcMMrHW9QpjO8FodSpnH/D5Am
0+Y/8fVSqNmmUtkUC5X/dvf6qJe3fZ49Wj7dg7zx7alOX14iKIG2UpwH4rp5DHAQ
mXrE7cG77dEPnQNIPHhh6Uej5SiNoNOu46MQvcsaNb3hfTQB0U7DKy2wCYs7F4c2
Bm9ma9njU4YWMjP/s0wna/PLIfR5od2uSJzbweNblsQxC6fh/Tuyv5Unfc45nuua
aOsef4StY95FvPmdT07j
=+Pzi
-----END PGP SIGNATURE-----

--U+BazGySraz5kW0T--

--===============0710484183==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs
IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHA6Ly9saXN0
cy5mcmVlZGVza3RvcC5vcmcvbWFpbG1hbi9saXN0aW5mby9kcmktZGV2ZWwK

--===============0710484183==--