- 04 Sep, 2022 8 commits
-
-
Guillaume Ranquet authored
Add External DisplayPort support to the MT8195 eDP driver. Signed-off-by:
Guillaume Ranquet <granquet@baylibre.com> Signed-off-by:
Bo-Chen Chen <rex-bc.chen@mediatek.com> Reviewed-by:
CK Hu <ck.hu@mediatek.com> Tested-by:
AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Reviewed-by:
Dmitry Osipenko <dmitry.osipenko@collabora.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220901044149.16782-9-rex-bc.chen@mediatek.com
-
Bo-Chen Chen authored
It's not necessary to have a next_bridge for DP device, so we add this patch to judge this. Signed-off-by:
-
Bo-Chen Chen authored
The calibration data formats of eDP and DP are different. We add "const struct mtk_dp_efuse_fmt *efuse_fmt" to the device data to define them. Signed-off-by:
-
Bo-Chen Chen authored
The smc commands of eDP and DP are different. We add smc_cmd to the device data to define them. Signed-off-by:
-
Bo-Chen Chen authored
The bridge types of eDP and DP are different. We add device data to this driver and add bridge_type to the device data to define them. Signed-off-by:
-
Markus Schneider-Pargmann authored
This patch adds a embedded displayport driver for the MediaTek mt8195 SoC. It supports the MT8195, the embedded DisplayPort units. It offers DisplayPort 1.4 with up to 4 lanes. The driver creates a child device for the phy. The child device will never exist without the parent being active. As they are sharing a register range, the parent passes a regmap pointer to the child so that both can work with the same register range. The phy driver sets device data that is read by the parent to get the phy device that can be used to control the phy properties. This driver is based on an initial version by Jitao shi <jitao.shi@mediatek.com> Signed-off-by:
Markus Schneider-Pargmann <msp@baylibre.com> Signed-off-by:
-
Markus Schneider-Pargmann authored
Similar to HDMI, DP uses audio infoframes as well which are structured very similar to the HDMI ones. This patch adds a helper function to pack the HDMI audio infoframe for DP, called hdmi_audio_infoframe_pack_for_dp(). hdmi_audio_infoframe_pack_only() is split into two parts. One of them packs the payload only and can be used for HDMI and DP. Also constify the frame parameter in hdmi_audio_infoframe_check() as it is passed to hdmi_audio_infoframe_check_only() which expects a const. Signed-off-by:
-
Markus Schneider-Pargmann authored
This controller is present on several mediatek hardware. Currently mt8195 and mt8395 have this controller without a functional difference, so only one compatible field is added. The controller can have two forms, as a normal display port and as an embedded display port. Signed-off-by:
Rob Herring <robh@kernel.org> Reviewed-by:
-
- 02 Sep, 2022 6 commits
-
-
Chris Morgan authored
Add the option to set the byteswap order in the devicetree. For the official HDMI DIP for the NTC CHIP the byteswap order needs to be RGB, however the driver sets it as BGR. With this patch the driver will remain at BGR unless manually specified via devicetree. Signed-off-by:
Chris Morgan <macromorgan@hotmail.com> Reviewed-by:
Robert Foss <robert.foss@linaro.org> Signed-off-by:
-
Chris Morgan authored
Update dt-binding documentation to add support for setting byteswap of chrontel ch7033. New property name of chrontel,byteswap added to set the byteswap order. This property is optional. Signed-off-by:
-
Laurent Pinchart authored
Implement the bridge connector-related .get_edid() and .detect() operations for full DP mode, and report the related bridge capabilities and type. Signed-off-by:
Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com> Signed-off-by:
Kieran Bingham <kieran.bingham+renesas@ideasonboard.com> Signed-off-by:
Tomi Valkeinen <tomi.valkeinen+renesas@ideasonboard.com> Reviewed-by:
Douglas Anderson <dianders@chromium.org> Signed-off-by:
-
Laurent Pinchart authored
Despite the SN65DSI86 being an eDP bridge, on some systems its output is routed to a DisplayPort connector. Enable DisplayPort mode when the next component in the display pipeline is detected as a DisplayPort connector, and disable eDP features in that case. Signed-off-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Reviewed-by:
-
Tomi Valkeinen authored
The front and back porch registers are 8 bits, and pulse width registers are 15 bits, so reject any modes with larger periods. Signed-off-by:
-
Imre Deak authored
If an MST connector was disabled in the old state during a commit, the connector's best_encoder will be NULL, so we can't look up mst_mgr via it. Do the lookup instead via intel_connector->mst_port which always points to the primary encoder. This fixes the following: [ 58.922866] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 58.922867] #PF: supervisor read access in kernel mode [ 58.922868] #PF: error_code(0x0000) - not-present page [ 58.922869] PGD 0 P4D 0 [ 58.922870] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 58.922872] CPU: 0 PID: 133 Comm: kworker/0:2 Tainted: G U 6.0.0-rc3-imre+ #560 [ 58.922874] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR5 RVP, BIOS ADLPFWI1.R00.3135.A00.2203251419 03/25/2022 [ 58.922874] Workqueue: events output_poll_execute [drm_kms_helper] [ 58.922879] RIP: 0010:intel_dp_mst_atomic_check+0xbb/0x1c0 [i915] [ 58.922955] Code: 5b 7b f6 ff 84 c0 75 41 48 8b 44 24 18 65 48 2b 04 25 28 00 00 00 0f 85 ff 00 00 00 48 8b 45 10 48 8b 93 10 07 00 00 4c 89 e7 <48> 8b b0 70 01 00 00 48 83 c4 20 5b 5d 48 81 c6 f0 0c 00 00 41 5c [ 58.922956] RSP: 0018:ffffc90000633a88 EFLAGS: 00010246 [ 58.922957] RAX: 0000000000000000 RBX: ffff888117d19000 RCX: ffff888101893308 [ 58.922958] RDX: ffff888122981000 RSI: ffffffff82309ecc RDI: ffff888114da6800 [ 58.922959] RBP: ffff8881094bab48 R08: 0000000081917436 R09: 0000000068191743 [ 58.922960] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888114da6800 [ 58.922960] R13: ffff8881143f8000 R14: 0000000000000000 R15: ffff888119bf2000 [ 58.922961] FS: 0000000000000000(0000) GS:ffff888496200000(0000) knlGS:0000000000000000 [ 58.922962] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.922962] CR2: 0000000000000170 CR3: 0000000005612004 CR4: 0000000000770ef0 [ 58.922963] PKRU: 55555554 [ 58.922963] Call Trace: [ 58.922964] <TASK> [ 58.922966] drm_atomic_helper_check_modeset+0x3f8/0xc70 [drm_kms_helper] [ 58.922972] intel_atomic_check+0xb1/0x3180 [i915] [ 58.923059] ? find_held_lock+0x2b/0x80 [ 58.923064] drm_atomic_check_only+0x5d3/0xa60 [drm] [ 58.923082] drm_atomic_commit+0x56/0xc0 [drm] [ 58.923097] ? drm_plane_get_damage_clips.cold+0x1c/0x1c [drm] [ 58.923114] drm_client_modeset_commit_atomic+0x235/0x280 [drm] [ 58.923132] drm_client_modeset_commit_locked+0x5b/0x190 [drm] [ 58.923148] drm_client_modeset_commit+0x24/0x50 [drm] [ 58.923164] drm_fb_helper_set_par+0xae/0xe0 [drm_kms_helper] [ 58.923171] drm_fb_helper_hotplug_event+0xd5/0xf0 [drm_kms_helper] [ 58.923178] output_poll_execute+0xac/0x200 [drm_kms_helper] [ 58.923187] process_one_work+0x268/0x580 [ 58.923190] ? process_one_work+0x580/0x580 [ 58.923191] worker_thread+0x52/0x3b0 [ 58.923193] ? process_one_work+0x580/0x580 [ 58.923195] kthread+0xf0/0x120 [ 58.923196] ? kthread_complete_and_exit+0x20/0x20 [ 58.923198] ret_from_fork+0x1f/0x30 [ 58.923202] </TASK> Fixes: ffac9721 ("drm/display/dp_mst: Don't open code modeset checks for releasing time slots") Cc: Lyude Paul <lyude@redhat.com> Signed-off-by:
Imre Deak <imre.deak@intel.com> Reviewed-by:
Lyude Paul <lyude@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220901161933.1004778-1-imre.deak@intel.com
-
- 01 Sep, 2022 4 commits
-
-
Michał Winiarski authored
Expecting to observe a specific value, when the function responsible for setting the value has failed will lead to extra noise in test output. Use assert when the situation calls for it. Also - very small tidying up around the changed areas (whitespace). v2: Leave out the locals (drm_connector is huge) (lkp) Signed-off-by:
Michał Winiarski <michal.winiarski@intel.com> Reviewed-by:
Maíra Canal <mairacanal@riseup.net> Signed-off-by:
-
Michał Winiarski authored
Negative tests can be expressed as a single parameterized test case, which highlights that we're following the same test logic (passing invalid cmdline and expecting drm_mode_parse_command_line_for_connector to fail), which improves readability. v2: s/negative/invalid to be consistent with other testcases in DRM Signed-off-by:
-
Tetsuo Handa authored
Like commit c4f135d6 ("workqueue: Wrap flush_workqueue() using a macro") says, flush_scheduled_work() is dangerous and will be forbidden. We are on the way for removing all flush_scheduled_work() callers from the kernel, and this patch is for removing flush_scheduled_work() call from cadence driver. Since cdns-mhdp8546 driver uses 4 works mhdp->modeset_retry_work mhdp->hpd_work mhdp->hdcp.check_work mhdp->hdcp.prop_work I assume that flush_scheduled_work() in cdns_mhdp_remove() needs to wait for only these 4 works. Since mhdp->modeset_retry_work already uses cancel_work_sync(), I assume that flush_scheduled_work() needs to wait for only 3 works. But I came to wonder whether mhdp->hdcp.check_work should be flushed or cancelled. While flush_scheduled_work() waits for completion of works which were already queued to system_wq, mhdp->hdcp.check_work is a delayed work. That is, this work won't be queued to system_wq unless timeout expires. Current code will wait for mhdp->hdcp.check_work only if timeout already expired. If timeout is not expired yet, flush_scheduled_work() will fail to cancel mhdp->hdcp.check_work, and cdns_mhdp_hdcp_check_work() which is triggered by mhdp->hdcp.check_work will schedule hdcp->check_work, which is too late for flush_scheduled_work() to wait for completion of cdns_mhdp_hdcp_prop_work(). But since I couldn't get comments on how do we want to handle this race window [1], this patch chose "do nothing" for mhdp->hdcp.check_work and mhdp->hdcp.prop_work. That is, I assume that flush_scheduled_work() in cdns_mhdp_remove() needs to wait for only mhdp->hpd_work work. Link: https://lkml.kernel.org/r/943273cb-c2ec-24e3-5edb-64eacc6e2d30@I-love.SAKURA.ne.jp [1] Signed-off-by:
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by:
-
Robin Murphy authored
Convert to io-pgtable's bulk {map,unmap}_pages() APIs, to help the old single-page interfaces eventually go away. Unmapping heap BOs still wants to be done a page at a time, but everything else can get the full benefit of the more efficient interface. Signed-off-by:Robin Murphy <robin.murphy@arm.com> Acked-by:
Alyssa Rosenzweig <alyssa@collabora.com> Reviewed-by:
Steven Price <steven.price@arm.com> Signed-off-by:
-
- 30 Aug, 2022 4 commits
-
-
Douglas Anderson authored
panel-edp changes go through the drm-misc tree (as per the "DRM PANEL DRIVERS" entry in MAINTAINERS), but ever since splitting panel-edp out of panel-simple I've been trying to keep a close eye on it. Make that official by listing me as a reviewer. Signed-off-by:
Sam Ravnborg <sam@ravnborg.org> Link: https://patchwork.freedesktop.org/patch/msgid/20220822105340.1.I66a9a5577f9b0af66492ef13c47bc78ed85e5d6b@changeid
-
Pin-yen Lin authored
Send DP_SET_POWER_D3 command to the downstream before stopping DP, so the suspend process will not be interrupted by the HPD interrupt. Also modify the order in .atomic_enable callback to make the callbacks symmetric. Fixes: 46ca7da7 ("drm/bridge: it6505: Send DPCD SET_POWER to downstream") Signed-off-by:
Pin-yen Lin <treapking@chromium.org> Reviewed-by:
-
Zheyu Ma authored
When removing the module we will get the following warning: [ 31.911505] i2c-core: driver [stdp2690-ge-b850v3-fw] unregistered [ 31.912484] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.913338] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 31.915280] RIP: 0010:drm_bridge_remove+0x97/0x130 [ 31.921825] Call Trace: [ 31.922533] stdp4028_ge_b850v3_fw_remove+0x34/0x60 [megachips_stdpxxxx_ge_b850v3_fw] [ 31.923139] i2c_device_remove+0x181/0x1f0 The two bridges (stdp2690, stdp4028) do not probe at the same time, so the driver does not call ge_b850v3_resgiter() when probing, causing the driver to try to remove the object that has not been initialized. Fix this by checking whether both the bridges are probed. Fixes: 11632d4a ("drm/bridge: megachips: Ensure both bridges are probed before registration") Signed-off-by:
Zheyu Ma <zheyuma97@gmail.com> Signed-off-by:
-
Jani Nikula authored
Add a helper for getting the DP PHY name. In the interest of caller simplicity and to avoid allocations and passing in of buffers, duplicate the const strings to return. It's a minor penalty to pay for simplicity in all the call sites. v2: Rebase, add kernel-doc, ensure non-NULL always Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> Reviewed-by:
Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by:
Jani Nikula <jani.nikula@intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/b08dc12a7e621a48ec35546d6cd1ed4b1434810d.1660553850.git.jani.nikula@intel.com
-
- 29 Aug, 2022 7 commits
-
-
Hsin-Yi Wang authored
The double reset power-on sequence is a workaround for the hardware flaw in some chip that SPI Clock output glitch and cause internal MPU unable to read firmware correctly. The sequence is suggested in ps8640 application note. Signed-off-by:
Hsin-Yi Wang <hsinyi@chromium.org> Reviewed-by:
Rock Chiu <rock.chiu@paradetech.corp-partner.google.com> Signed-off-by:
-
Lucas Stach authored
There are two events that signal a real change of the link state: HPD going high means the sink is newly connected or wants the source to re-read the EDID, RX sense going low is a indication that the link has been disconnected. Ignore the other two events that also trigger interrupts, but don't need immediate attention: HPD going low does not necessarily mean the link has been lost and should not trigger a immediate read of the status. RX sense going high also does not require a detect cycle, as HPD going high is the right point in time to read the EDID. Signed-off-by:
Lucas Stach <l.stach@pengutronix.de> Reviewed-by: Neil Armstrong <narmstrong@baylibre.com> (v1) Reviewed-by:
-
Marek Vasut authored
The drm_of_lvds_get_data_mapping() returns either negative value on error or MEDIA_BUS_FMT_* otherwise. The check for 'ret' would also catch the positive case of MEDIA_BUS_FMT_* and lead to probe failure every time 'data-mapping' DT property is specified. Fixes: 7c4dd0a2 ("drm: of: Add drm_of_lvds_get_data_mapping") Signed-off-by:
Marek Vasut <marex@denx.de> Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Cc: Sam Ravnborg <sam@ravnborg.org> To: dri-devel@lists.freedesktop.org Reviewed-by:
Neil Armstrong <narmstrong@baylibre.com> Signed-off-by:
-
Marek Vasut authored
Currently the driver only handles panel directly connected to the DPI output. Handle the case where a bridge is connected past DPI output of this bridge. This could be e.g. DPI to LVDS encoder chip. Signed-off-by:
-
Xin Ji authored
1. Support HDMI_I2S audio format. 2. Return 0 if there is no sink connection in .hw_param callback. Signed-off-by:
Xin Ji <xji@analogixsemi.com> Acked-by:
-
Jason Wang authored
The double `the' is duplicated in the comment, remove one. Signed-off-by:
Jason Wang <wangborong@cdjrlc.com> Signed-off-by:
Patrik Jakobsson <patrik.r.jakobsson@gmail.com> Link: https://patchwork.freedesktop.org/patch/msgid/20220804114751.46714-1-wangborong@cdjrlc.com
-
Patrik Jakobsson authored
At some point the DRM printers started adding a newline after each print. This caused SDVO command debug printing to look weird. Fix this by using snprintf to print into a buffer which can be printed as a whole by DRM_DEBUG_KMS(). Code is heavily inspired by i915. Signed-off-by:
Daniel Vetter <daniel@ffwll.ch> Link: https://patchwork.freedesktop.org/patch/msgid/20220610130925.8650-1-patrik.r.jakobsson@gmail.com
-
- 26 Aug, 2022 6 commits
-
-
Linus Walleij authored
The "ret" variable is ambiguously returning something that could be zero in the tve200_modeset_init() function, assign it an explicit error return code to make this unambiguous. Reported-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Reviewed-by:
-
Marek Vasut authored
The ICN6211 is capable of deriving its internal PLL clock from either MIPI DSI HS clock, external REFCLK clock, or even internal oscillator. Currently supported is only the first option. Add support for external REFCLK clock input in addition to that. There is little difference between these options, except that in case of MIPI DSI HS clock input, the HS clock are pre-divided by a fixed /4 divider before being fed to the PLL input, while in case of external REFCLK, the RECLK clock are fed directly into the PLL input. Per exceptionally poor documentation, the REFCLK must be in range of 10..154 MHz. Signed-off-by:
-
Marek Vasut authored
The ICN6211 is capable of deriving its internal PLL clock from either MIPI DSI HS clock, external REFCLK clock, or even internal oscillator. Currently supported is only the first option. Document support for external REFCLK clock input in addition to that. Signed-off-by:
-
Marek Vasut authored
Fill in hs_rate and lp_rate to struct mipi_dsi_device for this bridge and adjust DSI input frequency calculations such that they expect the DSI host to configure HS clock according to hs_rate. This is an optimization for the DSI burst mode case. In case the DSI device supports DSI burst mode, it is recommended to operate the DSI interface at the highest possible HS clock frequency which the DSI device supports. This permits the DSI host to send as short as possible bursts of data on the DSI link and keep the DSI data lanes in LP mode otherwise, which reduces power consumption. Signed-off-by:
-
Randy Dunlap authored
drm_mipi_dbi needs lots of DRM_KMS_HELPER support, so select that Kconfig symbol like it is done is most other uses, and the way that it was before MIPS_DBI was moved from tinydrm to its core location. Fixes these build errors: ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_buf_copy': drivers/gpu/drm/drm_mipi_dbi.c:205: undefined reference to `drm_gem_fb_get_obj' ld: drivers/gpu/drm/drm_mipi_dbi.c:211: undefined reference to `drm_gem_fb_begin_cpu_access' ld: drivers/gpu/drm/drm_mipi_dbi.c:215: undefined reference to `drm_gem_fb_vmap' ld: drivers/gpu/drm/drm_mipi_dbi.c:222: undefined reference to `drm_fb_swab' ld: drivers/gpu/drm/drm_mipi_dbi.c:224: undefined reference to `drm_fb_memcpy' ld: drivers/gpu/drm/drm_mipi_dbi.c:227: undefined reference to `drm_fb_xrgb8888_to_rgb565' ld: drivers/gpu/drm/drm_mipi_dbi.c:235: undefined reference to `drm_gem_fb_vunmap' ld: drivers/gpu/drm/drm_mipi_dbi.c:237: undefined reference to `drm_gem_fb_end_cpu_access' ld: drivers/gpu/drm/drm_mipi_dbi.o: in function `mipi_dbi_dev_init_with_formats': ld: drivers/gpu/drm/drm_mipi_dbi.o:/X64/../drivers/gpu/drm/drm_mipi_dbi.c:469: undefined reference to `drm_gem_fb_create_with_dirty' Fixes: 174102f4 ("drm/tinydrm: Move mipi-dbi") Signed-off-by:
Randy Dunlap <rdunlap@infradead.org> Reported-by:
kernel test robot <lkp@intel.com> Cc: Dillon Min <dillon.minfei@gmail.com> Cc: Linus Walleij <linus.walleij@linaro.org> Cc: Sam Ravnborg <sam@ravnborg.org> Cc: Noralf Trønnes <noralf@tronnes.org> Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: Thierry Reding <thierry.reding@gmail.com> Cc: dri-devel@lists.freedesktop.org Cc: David Airlie <airlied@linux.ie> Cc: Daniel Vetter <daniel@ffwll.ch> Signed-off-by:
-
Randy Dunlap authored
Use 'select' instead of 'depends on' for DRM helpers for the Ilitek ILI9341 panel driver. This is what is done in the vast majority of other cases and this makes it possible to fix a build error with drm_mipi_dbi. Fixes: 5a042273 ("drm/panel: Add ilitek ili9341 panel driver") Signed-off-by:
-
- 25 Aug, 2022 5 commits
-
-
Rob Clark authored
When VIRTGPU_EXECBUF_RING_IDX is used, we should be considering the timeline that the EB if running on rather than the global driver fence context. Fixes: 85c83ea9 ("drm/virtio: implement context init: allocate an array of fence contexts") Signed-off-by:
Rob Clark <robdclark@chromium.org> Link: http://patchwork.freedesktop.org/patch/msgid/20220812224001.2806463-1-robdclark@gmail.comSigned-off-by:
Gerd Hoffmann <kraxel@redhat.com>
-
Vivek Kasireddy authored
When userspace tries to map the dmabuf and if for some reason (e.g. OOM) the creation of the sg table fails, ubuf->sg needs to be set to NULL. Otherwise, when the userspace subsequently closes the dmabuf fd, we'd try to erroneously free the invalid sg table from release_udmabuf resulting in the following crash reported by syzbot: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 3609 Comm: syz-executor487 Not tainted 5.19.0-syzkaller-13930-g7ebfc85e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline] RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline] RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 04 00 00 48 8d 7d 0c 4c 8b 63 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 e2 RSP: 0018:ffffc900037efd30 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffffffff8cb67800 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff84ad27e0 RDI: 0000000000000000 RBP: fffffffffffffff4 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: 000000000008c07c R12: ffff88801fa05000 R13: ffff888073db07e8 R14: ffff888025c25440 R15: 0000000000000000 FS: 0000555555fc4300(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc1c0ce06e4 CR3: 00000000715e6000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> dma_buf_release+0x157/0x2d0 drivers/dma-buf/dma-buf.c:78 __dentry_kill+0x42b/0x640 fs/dcache.c:612 dentry_kill fs/dcache.c:733 [inline] dput+0x806/0xdb0 fs/dcache.c:913 __fput+0x39c/0x9d0 fs/file_table.c:333 task_work_run+0xdd/0x1a0 kernel/task_work.c:177 ptrace_notify+0x114/0x140 kernel/signal.c:2353 ptrace_report_syscall include/linux/ptrace.h:420 [inline] ptrace_report_syscall_exit include/linux/ptrace.h:482 [inline] syscall_exit_work kernel/entry/common.c:249 [inline] syscall_exit_to_user_mode_prepare+0x129/0x280 kernel/entry/common.c:276 __syscall_exit_to_user_mode_work kernel/entry/common.c:281 [inline] syscall_exit_to_user_mode+0x9/0x50 kernel/entry/common.c:294 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fc1c0c35b6b Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffd78a06090 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000007 RCX: 00007fc1c0c35b6b RDX: 0000000020000280 RSI: 0000000040086200 RDI: 0000000000000006 RBP: 0000000000000007 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c R13: 0000000000000003 R14: 00007fc1c0cfe4a0 R15: 00007ffd78a06140 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:dma_unmap_sgtable include/linux/dma-mapping.h:378 [inline] RIP: 0010:put_sg_table drivers/dma-buf/udmabuf.c:89 [inline] RIP: 0010:release_udmabuf+0xcb/0x4f0 drivers/dma-buf/udmabuf.c:114 Reported-by: syzbot+c80e9ef5d8bb45894db0@syzkaller.appspotmail.com Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by:
Vivek Kasireddy <vivek.kasireddy@intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/20220825063522.801264-1-vivek.kasireddy@intel.comSigned-off-by:
-
Danilo Krummrich authored
In vc4_hvs_dump_state() potentially freed resources are protected from being accessed with drm_dev_enter()/drm_dev_exit(). Also include drm_print_regset32() in the protected section, since drm_print_regset32() does access memory that is typically mapped via devm_* calls. Fixes: 969cfae1 ("drm/vc4: hvs: Protect device resources after removal") Signed-off-by:
Danilo Krummrich <dakr@redhat.com> Signed-off-by:
Maxime Ripard <maxime@cerno.tech> Link: https://lore.kernel.org/r/20220824161327.330627-5-dakr@redhat.com
-
Danilo Krummrich authored
(Hardware) resources which are bound to the driver and device lifecycle must not be accessed after the device and driver are unbound. However, the DRM device isn't freed as long as the last user closed it, hence userspace can still call into the driver. Therefore protect the critical sections which are accessing those resources with drm_dev_enter() and drm_dev_exit(). Fixes: 7cc4214c ("drm/vc4: crtc: Switch to drmm_kzalloc") Signed-off-by:
-
Danilo Krummrich authored
(Hardware) resources which are bound to the driver and device lifecycle must not be accessed after the device and driver are unbound. However, the DRM device isn't freed as long as the last user closed it, hence userspace can still call into the driver. Therefore protect the critical sections which are accessing those resources with drm_dev_enter() and drm_dev_exit(). Fixes: 9872c7a3 ("drm/vc4: plane: Switch to drmm_universal_plane_alloc()") Signed-off-by:
-
