Skip to content

L
linux
Switch branch/tag
Find file BlameHistoryPermalink
  • Dmitry Baryshkov's avatar
    drm/msm/dpu: fix stack smashing in dpu_hw_ctl_setup_blendstage · 1c1ded39
    Dmitry Baryshkov authored 
    The rewritten dpu_hw_ctl_setup_blendstage() can lightly smash the stack
when setting the SSPP_NONE pipe. However it was unnoticed until the
kernel was tested under AOSP (with some kind of stack protection/check).

This fixes the following backtrace:

Unexpected kernel BRK exception at EL1
Internal error: BRK handler: 00000000f20003e8 [#1] PREEMPT SMP
Hardware name: Thundercomm Dragonboard 845c (DT)
pstate: a0400005 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : dpu_hw_ctl_setup_blendstage+0x26c/0x278 [msm]
lr : _dpu_crtc_blend_setup+0x4b4/0x5a0 [msm]
sp : ffffffc00bdcb720
x29: ffffffc00bdcb720 x28: ffffff8085debac0 x27: 0000000000000002
x26: ffffffd74af18320 x25: ffffff8083af75a0 x24: ffffffc00bdcb878
x23: 0000000000000001 x22: 0000000000000000 x21: ffffff8085a70000
x20: ffffff8083012dc0 x19: 0000000000000001 x18: 0000000000000000
x17: 000000040044ffff x16: 045000f4b5593519 x15: 0000000000000000
x14: 000000000000000b x13: 0000000000000001 x12: 0000000000000000
x11: 0000000000000001 x10: ffffffc00bdcb764 x9 : ffffffd74af06a08
x8 : 0000000000000001 x7 : 0000000000000001 x6 : 0000000000000000
x5 : ffffffc00bdcb878 x4 : 0000000000000002 x3 : ffffffffffffffff
x2 : ffffffc00bdcb878 x1 : 0000000000000000 x0 : 0000000000000002
Call trace:
 dpu_hw_ctl_setup_blendstage+0x26c/0x278 [msm]
 _dpu_crtc_blend_setup+0x4b4/0x5a0 [msm]
 dpu_crtc_atomic_begin+0xd8/0x22c [msm]
 drm_atomic_helper_commit_planes+0x80/0x208 [drm_kms_helper]
 msm_atomic_commit_tail+0x134/0x6f0 [msm]
 commit_tail+0xa4/0x1a4 [drm_kms_helper]
 drm_atomic_helper_commit+0x170/0x184 [drm_kms_helper]
 drm_atomic_commit+0xac/0xe8
 drm_mode_atomic_ioctl+0xbf0/0xdac
 drm_ioctl_kernel+0xc4/0x178
 drm_ioctl+0x2c8/0x608
 __arm64_sys_ioctl+0xa8/0xec
 invoke_syscall+0x44/0x104
 el0_svc_common.constprop.0+0x44/0xec
 do_el0_svc+0x38/0x98
 el0_svc+0x2c/0xb4
 el0t_64_sync_handler+0xb8/0xbc
 el0t_64_sync+0x1a0/0x1a4
Code: 52800016 52800017 52800018 17ffffc7 (d4207d00)

Fixes: 4488f71f ("drm/msm/dpu: simplify blend configuration")
Reported-by: default avatarAmit Pundir <amit.pundir@linaro.org>
Signed-off-by: default avatarDmitry Baryshkov <dmitry.baryshkov@linaro.org>
Tested-by: default avatarAmit Pundir <amit.pundir@linaro.org>
Reviewed-by: default avatarAbhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/523778/
Link: https://lore.kernel.org/r/20230223095708.3688148-1-dmitry.baryshkov@linaro.orgSigned-off-by: default avatarAbhinav Kumar <quic_abhinavk@quicinc.com>
    1c1ded39
dpu_hw_ctl.c 17.3 KB
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7