This is a note to let you know that I've just added the patch titled
drm/i915: Fix dereferencing invalid connectors in is_crtc_connector_off()
to the 3.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
drm-i915-fix-dereferencing-invalid-connectors-in-is_crtc_connector_off.patch
and it can be found in the queue-3.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 2e57f47d317dd035b18634b0c602272529368fcc Mon Sep 17 00:00:00 2001
From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Jul 2013 12:14:40 +0100
Subject: drm/i915: Fix dereferencing invalid connectors in is_crtc_connector_off()
From: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
commit 2e57f47d317dd035b18634b0c602272529368fcc upstream.
In commit e3de42b68478a8c95dd27520e9adead2af9477a5
Author: Imre Deak <imre.deak@xxxxxxxxx>
Date: Fri May 3 19:44:07 2013 +0200
drm/i915: force full modeset if the connector is in DPMS OFF mode
a new function was added that walked over the set of connectors to see
if any of the currently associated CRTC was switched off. This function
walked an array of connectors, rather than the array of pointers to
connectors contained in the drm_mode_set - i.e. it was dereferencing far
past the end of the first connector. This only becomes an issue if we
attempt to use a clone mode (i.e. more than one connector per CRTC) such
that set->num_connectors > 1.
Reported-by: Timo Aaltonen <tjaalton@xxxxxxxxxx>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=65927
Signed-off-by: Chris Wilson <chris@xxxxxxxxxxxxxxxxxx>
Cc: Imre Deak <imre.deak@xxxxxxxxx>
Cc: Egbert Eich <eich@xxxxxxx>
Cc: Jesse Barnes <jbarnes@xxxxxxxxxxxxxxxx>
Cc: Daniel Vetter <daniel.vetter@xxxxxxxx>
Signed-off-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/gpu/drm/i915/intel_display.c | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -8146,15 +8146,20 @@ static void intel_set_config_restore_sta
}
static bool
-is_crtc_connector_off(struct drm_crtc *crtc, struct drm_connector *connectors,
- int num_connectors)
+is_crtc_connector_off(struct drm_mode_set *set)
{
int i;
- for (i = 0; i < num_connectors; i++)
- if (connectors[i].encoder &&
- connectors[i].encoder->crtc == crtc &&
- connectors[i].dpms != DRM_MODE_DPMS_ON)
+ if (set->num_connectors == 0)
+ return false;
+
+ if (WARN_ON(set->connectors == NULL))
+ return false;
+
+ for (i = 0; i < set->num_connectors; i++)
+ if (set->connectors[i]->encoder &&
+ set->connectors[i]->encoder->crtc == set->crtc &&
+ set->connectors[i]->dpms != DRM_MODE_DPMS_ON)
return true;
return false;
@@ -8167,10 +8172,8 @@ intel_set_config_compute_mode_changes(st
/* We should be able to check here if the fb has the same properties
* and then just flip_or_move it */
- if (set->connectors != NULL &&
- is_crtc_connector_off(set->crtc, *set->connectors,
- set->num_connectors)) {
- config->mode_changed = true;
+ if (is_crtc_connector_off(set)) {
+ config->mode_changed = true;
} else if (set->crtc->fb != set->fb) {
/* If we have no fb then treat it as a full mode set */
if (set->crtc->fb == NULL) {
Patches currently in stable-queue which might be from chris@xxxxxxxxxxxxxxxxxx are
queue-3.10/drm-i915-correctly-restore-fences-with-objects-attached.patch
queue-3.10/drm-i915-fix-write-read-race-with-multiple-rings.patch
queue-3.10/drm-i915-fix-long-standing-snb-regression-in-power-consumption-after-resume-v2.patch
queue-3.10/drm-i915-fix-dereferencing-invalid-connectors-in-is_crtc_connector_off.patch
queue-3.10/drm-i915-fix-incoherence-with-fence-updates-on-sandybridge.patch
queue-3.10/drm-i915-fix-up-gt-init-sequence-fallout.patch
queue-3.10/drm-i915-fix-up-ring-cleanup-for-the-i830-i845-cs-tlb-w-a.patch
queue-3.10/drm-i915-fix-missed-hunk-after-gt-access-breakage.patch
queue-3.10/drm-i915-serialize-almost-all-register-access.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html