From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tina Zhang <tina.zhang@intel.com>,
Adam Jackson <ajax@redhat.com>, Dave Airlie <airlied@redhat.com>,
Daniel Vetter <daniel@ffwll.ch>,
Daniel Vetter <daniel.vetter@ffwll.ch>
Subject: [PATCH 4.19 31/44] drm/modes: Prevent division by zero htotal
Date: Wed, 13 Feb 2019 19:38:32 +0100 [thread overview]
Message-ID: <20190213183654.403766877@linuxfoundation.org> (raw)
In-Reply-To: <20190213183651.648060257@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tina Zhang <tina.zhang@intel.com>
commit a2fcd5c84f7a7825e028381b10182439067aa90d upstream.
This patch prevents division by zero htotal.
In a follow-up mail Tina writes:
> > How did you manage to get here with htotal == 0? This needs backtraces (or if
> > this is just about static checkers, a mention of that).
> > -Daniel
>
> In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe
> (a.k.a htotal=0), then we met the following kernel panic:
>
> [ 32.832048] divide error: 0000 [#1] SMP PTI
> [ 32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33
> [ 32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014
> [ 32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40
> [ 32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
> [ 32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
> [ 32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
> [ 32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
> [ 32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
> [ 32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
> [ 32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
> [ 32.836004] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
> [ 32.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
> [ 32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 32.836004] Call Trace:
> [ 32.836004] intel_mode_from_pipe_config+0x72/0x90
> [ 32.836004] intel_modeset_setup_hw_state+0x569/0xf90
> [ 32.836004] intel_modeset_init+0x905/0x1db0
> [ 32.836004] i915_driver_load+0xb8c/0x1120
> [ 32.836004] i915_pci_probe+0x4d/0xb0
> [ 32.836004] local_pci_probe+0x44/0xa0
> [ 32.836004] ? pci_assign_irq+0x27/0x130
> [ 32.836004] pci_device_probe+0x102/0x1c0
> [ 32.836004] driver_probe_device+0x2b8/0x480
> [ 32.836004] __driver_attach+0x109/0x110
> [ 32.836004] ? driver_probe_device+0x480/0x480
> [ 32.836004] bus_for_each_dev+0x67/0xc0
> [ 32.836004] ? klist_add_tail+0x3b/0x70
> [ 32.836004] bus_add_driver+0x1e8/0x260
> [ 32.836004] driver_register+0x5b/0xe0
> [ 32.836004] ? mipi_dsi_bus_init+0x11/0x11
> [ 32.836004] do_one_initcall+0x4d/0x1eb
> [ 32.836004] kernel_init_freeable+0x197/0x237
> [ 32.836004] ? rest_init+0xd0/0xd0
> [ 32.836004] kernel_init+0xa/0x110
> [ 32.836004] ret_from_fork+0x35/0x40
> [ 32.836004] Modules linked in:
> [ 32.859183] ---[ end trace 525608b0ed0e8665 ]---
> [ 32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40
> [ 32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
> [ 32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
> [ 32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
> [ 32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
> [ 32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
> [ 32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
> [ 32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
> [ 32.868075] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
> [ 32.868983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
> [ 32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [ 32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [ 32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
>
> Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0.
Signed-off-by: Tina Zhang <tina.zhang@intel.com>
Cc: Adam Jackson <ajax@redhat.com>
Cc: Dave Airlie <airlied@redhat.com>
Cc: Daniel Vetter <daniel@ffwll.ch>
[danvet: Add additional explanations + cc: stable.]
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1548228539-3061-1-git-send-email-tina.zhang@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_modes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_modes.c
+++ b/drivers/gpu/drm/drm_modes.c
@@ -758,7 +758,7 @@ int drm_mode_hsync(const struct drm_disp
if (mode->hsync)
return mode->hsync;
- if (mode->htotal < 0)
+ if (mode->htotal <= 0)
return 0;
calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
next prev parent reply other threads:[~2019-02-13 18:51 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-13 18:38 [PATCH 4.19 00/44] 4.19.22-stable review Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 01/44] mtd: Make sure mtd->erasesize is valid even if the partition is of size 0 Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 02/44] mtd: spinand: Handle the case where PROGRAM LOAD does not reset the cache Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 03/44] mtd: spinand: Fix the error/cleanup path in spinand_init() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 04/44] mtd: rawnand: gpmi: fix MX28 bus master lockup problem Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 05/44] libata: Add NOLPM quirk for SAMSUNG MZ7TE512HMHP-000L1 SSD Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 06/44] tools: iio: iio_generic_buffer: make num_loops signed Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 07/44] iio: adc: axp288: Fix TS-pin handling Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 08/44] iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 09/44] iio: ti-ads8688: Update buffer allocation for timestamps Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 10/44] signal: Always notice exiting tasks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 11/44] signal: Better detection of synchronous signals Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 12/44] misc: vexpress: Off by one in vexpress_syscfg_exec() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 13/44] mei: me: add ice lake point device id Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 14/44] samples: mei: use /dev/mei0 instead of /dev/mei Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 15/44] debugfs: fix debugfs_rename parameter checking Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 16/44] pinctrl: sunxi: Correct number of IRQ banks on H6 main pin controller Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 17/44] pinctrl: cherryview: fix Strago DMI workaround Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 18/44] tracing: uprobes: Fix typo in pr_fmt string Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 19/44] mips: cm: reprime error cause Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 20/44] MIPS: OCTEON: dont set octeon_dma_bar_type if PCI is disabled Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 21/44] MIPS: VDSO: Use same -m%-float cflag as the kernel proper Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 22/44] mips: loongson64: remove unreachable(), fix loongson_poweroff() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 23/44] MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 24/44] ARM: iop32x/n2100: fix PCI IRQ mapping Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 25/44] ARM: tango: Improve ARCH_MULTIPLATFORM compatibility Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 26/44] ARM: dts: da850: fix interrupt numbers for clocksource Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 27/44] firmware: arm_scmi: provide the mandatory device release callback Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 28/44] powerpc/radix: Fix kernel crash with mremap() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 29/44] mic: vop: Fix use-after-free on remove Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 30/44] mac80211: ensure that mgmt tx skbs have tailroom for encryption Greg Kroah-Hartman
2019-02-13 18:38 ` Greg Kroah-Hartman [this message]
2019-02-13 18:38 ` [PATCH 4.19 32/44] drm/amd/powerplay: Fix missing break in switch Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 33/44] drm/i915: always return something on DDI clock selection Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 34/44] drm/vmwgfx: Fix setting of dma masks Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 35/44] drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 36/44] [STABLE PATCH] SUNRPC: Always drop the XPRT_LOCK on XPRT_CLOSE_WAIT Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 37/44] xfrm: Make set-mark default behavior backward compatible Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 38/44] Revert "ext4: use ext4_write_inode() when fsyncing w/o a journal" Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 39/44] libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 40/44] xfrm: refine validation of template and selector families Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 41/44] batman-adv: Avoid WARN on net_device without parent in netns Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 42/44] batman-adv: Force mac header to start of data on xmit Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 43/44] svcrdma: Reduce max_send_sges Greg Kroah-Hartman
2019-02-13 18:38 ` [PATCH 4.19 44/44] svcrdma: Remove max_sge check at connect time Greg Kroah-Hartman
2019-02-14 16:46 ` [PATCH 4.19 00/44] 4.19.22-stable review Dan Rue
2019-02-14 19:17 ` Guenter Roeck
2019-02-14 22:23 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190213183654.403766877@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=airlied@redhat.com \
--cc=ajax@redhat.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel@ffwll.ch \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tina.zhang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).