From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Ville Syrjälä" <ville.syrjala@linux.intel.com>,
"Alain Volmat" <alain.volmat@foss.st.com>,
"Daniel Vetter" <daniel.vetter@ffwll.ch>,
"Sasha Levin" <sashal@kernel.org>,
airlied@gmail.com, daniel@ffwll.ch,
dri-devel@lists.freedesktop.org
Subject: [PATCH AUTOSEL 4.14 13/23] drm/sti: Use drm_mode_copy()
Date: Sun, 18 Dec 2022 11:21:39 -0500 [thread overview]
Message-ID: <20221218162149.935047-13-sashal@kernel.org> (raw)
In-Reply-To: <20221218162149.935047-1-sashal@kernel.org>
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
[ Upstream commit 442cf8e22ba25a77cb9092d78733fdbac9844e50 ]
struct drm_display_mode embeds a list head, so overwriting
the full struct with another one will corrupt the list
(if the destination mode is on a list). Use drm_mode_copy()
instead which explicitly preserves the list head of
the destination mode.
Even if we know the destination mode is not on any list
using drm_mode_copy() seems decent as it sets a good
example. Bad examples of not using it might eventually
get copied into code where preserving the list head
actually matters.
Obviously one case not covered here is when the mode
itself is embedded in a larger structure and the whole
structure is copied. But if we are careful when copying
into modes embedded in structures I think we can be a
little more reassured that bogus list heads haven't been
propagated in.
@is_mode_copy@
@@
drm_mode_copy(...)
{
...
}
@depends on !is_mode_copy@
struct drm_display_mode *mode;
expression E, S;
@@
(
- *mode = E
+ drm_mode_copy(mode, &E)
|
- memcpy(mode, E, S)
+ drm_mode_copy(mode, E)
)
@depends on !is_mode_copy@
struct drm_display_mode mode;
expression E;
@@
(
- mode = E
+ drm_mode_copy(&mode, &E)
|
- memcpy(&mode, E, S)
+ drm_mode_copy(&mode, E)
)
@@
struct drm_display_mode *mode;
@@
- &*mode
+ mode
Cc: Alain Volmat <alain.volmat@foss.st.com>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20221107192545.9896-8-ville.syrjala@linux.intel.com
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/sti/sti_dvo.c | 2 +-
drivers/gpu/drm/sti/sti_hda.c | 2 +-
drivers/gpu/drm/sti/sti_hdmi.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/sti/sti_dvo.c b/drivers/gpu/drm/sti/sti_dvo.c
index 852bf2293b05..872a06670b34 100644
--- a/drivers/gpu/drm/sti/sti_dvo.c
+++ b/drivers/gpu/drm/sti/sti_dvo.c
@@ -288,7 +288,7 @@ static void sti_dvo_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
- memcpy(&dvo->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&dvo->mode, mode);
/* According to the path used (main or aux), the dvo clocks should
* have a different parent clock. */
diff --git a/drivers/gpu/drm/sti/sti_hda.c b/drivers/gpu/drm/sti/sti_hda.c
index 0399bb18d387..9a7a9aa5445e 100644
--- a/drivers/gpu/drm/sti/sti_hda.c
+++ b/drivers/gpu/drm/sti/sti_hda.c
@@ -518,7 +518,7 @@ static void sti_hda_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
- memcpy(&hda->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&hda->mode, mode);
if (!hda_get_mode_idx(hda->mode, &mode_idx)) {
DRM_ERROR("Undefined mode\n");
diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c
index bbb195a92e93..c5b2f36c5feb 100644
--- a/drivers/gpu/drm/sti/sti_hdmi.c
+++ b/drivers/gpu/drm/sti/sti_hdmi.c
@@ -924,7 +924,7 @@ static void sti_hdmi_set_mode(struct drm_bridge *bridge,
DRM_DEBUG_DRIVER("\n");
/* Copy the drm display mode in the connector local structure */
- memcpy(&hdmi->mode, mode, sizeof(struct drm_display_mode));
+ drm_mode_copy(&hdmi->mode, mode);
/* Update clock framerate according to the selected mode */
ret = clk_set_rate(hdmi->clk_pix, mode->clock * 1000);
--
2.35.1
next prev parent reply other threads:[~2022-12-18 17:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-18 16:21 [PATCH AUTOSEL 4.14 01/23] wifi: ath9k: verify the expected usb_endpoints are present Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 02/23] wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 03/23] ASoC: codecs: rt298: Add quirk for KBL-R RVP platform Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 04/23] ipmi: fix memleak when unload ipmi driver Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 05/23] bpf: make sure skb->len != 0 when redirecting to a tunneling device Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 06/23] net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 07/23] hamradio: baycom_epp: Fix return type of baycom_send_packet() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 08/23] wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 09/23] igb: Do not free q_vector unless new one was allocated Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 10/23] s390/ctcm: Fix return type of ctc{mp,}m_tx() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 11/23] s390/netiucv: Fix return type of netiucv_tx() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 12/23] s390/lcs: Fix return type of lcs_start_xmit() Sasha Levin
2022-12-18 16:21 ` Sasha Levin [this message]
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 14/23] md/raid1: stop mdx_raid1 thread when raid1 array run failed Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 15/23] mrp: introduce active flags to prevent UAF when applicant uninit Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 16/23] ppp: associate skb with a device at tx Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 17/23] media: dvb-frontends: fix leak of memory fw Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 18/23] media: dvbdev: adopts refcnt to avoid UAF Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 19/23] media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 20/23] blk-mq: fix possible memleak when register 'hctx' failed Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 21/23] mmc: f-sdh30: Add quirks for broken timeout clock capability Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 22/23] media: si470x: Fix use-after-free in si470x_int_in_callback() Sasha Levin
2022-12-18 16:21 ` [PATCH AUTOSEL 4.14 23/23] clk: st: Fix memory leak in st_of_quadfs_setup() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221218162149.935047-13-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=airlied@gmail.com \
--cc=alain.volmat@foss.st.com \
--cc=daniel.vetter@ffwll.ch \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ville.syrjala@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox