On Mon, Jan 13, 2025 at 4:59 PM Mario Limonciello
<mario.limonciello@xxxxxxx> wrote:
>
> On 1/13/2025 08:19, Mario Limonciello wrote:
> > On 1/11/2025 12:59, Chris Bainbridge wrote:
> >> Commit c6a837088bed ("drm/amd/display: Fetch the EDID from _DDC if
> >> available for eDP") added function dm_helpers_probe_acpi_edid, which
> >> fetches the EDID from the BIOS by calling acpi_video_get_edid.
> >> acpi_video_get_edid returns a pointer to the EDID, but this pointer does
> >> not originate from kmalloc - it is actually the internal "pointer" field
> >> from an acpi_buffer struct (which did come from kmalloc).
> >> dm_helpers_probe_acpi_edid then attempts to kfree the EDID pointer,
> >> resulting in memory corruption which leads to random, intermittent
> >> crashes (e.g. 4% of boots will fail with some Oops).
> >>
> >> Fix this by allocating a new array (which can be safely freed) for the
> >> EDID data, and correctly freeing the acpi_buffer pointer.
> >>
> >> The only other caller of acpi_video_get_edid is nouveau_acpi_edid:
> >> remove the extraneous kmemdup here as the EDID data is now copied in
> >> acpi_video_device_EDID.
> >>
> >> Signed-off-by: Chris Bainbridge <chris.bainbridge@xxxxxxxxx>
> >> Fixes: c6a837088bed ("drm/amd/display: Fetch the EDID from _DDC if
> >> available for eDP")
> >
> > Two minor documentation related comments to consider, otherwise I think
> > the code change looks good. Feel free to include:
> >
> > Reviewed-by: Mario Limonciello <mario.limonciello@xxxxxxx>
>
> A few more tags to collate from another thread:
>
> Reported-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> Closes:
> https://lore.kernel.org/amd-gfx/20250110175252.GBZ4FedNKqmBRaY4T3@fat_crate.local/T/#m324a23eb4c4c32fa7e89e31f8ba96c781e496fb1
> Tested-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Applied as a fix for 6.13, thanks everyone!
