korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-14 09:44:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
a3f83ab1a7
linux/drivers/gpu/drm
History
Igor Murzov a3f83ab1a7 drm/radeon: fix invalid memory access in radeon_atrm_get_bios() 
At a boot time I observed following bug:

 BUG: unable to handle kernel paging request at ffff8800a4244000
 IP: [<ffffffff81275b5b>] memcpy+0xb/0x120
 PGD 1816063 PUD 1fe7d067 PMD 1ff9f067 PTE 80000000a4244160
 Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
 CPU 0
 Modules linked in: btusb bluetooth brcmsmac brcmutil crc8 cordic b43 radeon(+)
  mac80211 cfg80211 ttm ohci_hcd drm_kms_helper rfkill drm ssb agpgart mmc_core
  sp5100_tco video battery ac thermal processor rtc_cmos thermal_sys snd_hda_codec_hdmi
  joydev snd_hda_codec_conexant button bcma pcmcia snd_hda_intel snd_hda_codec
  snd_hwdep snd_pcm shpchp pcmcia_core k8temp snd_timer atl1c snd psmouse hwmon
  i2c_piix4 i2c_algo_bit soundcore evdev i2c_core ehci_hcd sg serio_raw snd_page_alloc
  loop btrfs

 Pid: 1008, comm: modprobe Not tainted 3.3.0-rc1 #21 LENOVO 20046                           /AMD CRB
 RIP: 0010:[<ffffffff81275b5b>]  [<ffffffff81275b5b>] memcpy+0xb/0x120
 RSP: 0018:ffff8800aa72db00  EFLAGS: 00010246
 RAX: ffff8800a4150000 RBX: 0000000000001000 RCX: 0000000000000087
 RDX: 0000000000000000 RSI: ffff8800a4244000 RDI: ffff8800a4150bc8
 RBP: ffff8800aa72db78 R08: 0000000000000010 R09: ffffffff8174bbec
 R10: ffffffff812ee010 R11: 0000000000000001 R12: 0000000000001000
 R13: 0000000000010000 R14: ffff8800a4140000 R15: ffff8800aaba1800
 FS:  00007ff9a3bd4720(0000) GS:ffff8800afa00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: ffff8800a4244000 CR3: 00000000a9c18000 CR4: 00000000000006f0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
 Process modprobe (pid: 1008, threadinfo ffff8800aa72c000, task ffff8800aa0e4000)
 Stack:
  ffffffffa04e7c7b 0000000000000001 0000000000010000 ffff8800aa72db28
  ffffffff00000001 0000000000001000 ffffffff8113cbef 0000000000000020
  ffff8800a4243420 ffff880000000002 ffff8800aa72db08 ffff8800a9d42000
 Call Trace:
  [<ffffffffa04e7c7b>] ? radeon_atrm_get_bios_chunk+0x8b/0xd0 [radeon]
  [<ffffffff8113cbef>] ? kmalloc_order_trace+0x3f/0xb0
  [<ffffffffa04a9298>] radeon_get_bios+0x68/0x2f0 [radeon]
  [<ffffffffa04c7a30>] rv770_init+0x40/0x280 [radeon]
  [<ffffffffa047d740>] radeon_device_init+0x560/0x600 [radeon]
  [<ffffffffa047ef4f>] radeon_driver_load_kms+0xaf/0x170 [radeon]
  [<ffffffffa043cdde>] drm_get_pci_dev+0x18e/0x2c0 [drm]
  [<ffffffffa04e7e95>] radeon_pci_probe+0xad/0xb5 [radeon]
  [<ffffffff81296c5f>] local_pci_probe+0x5f/0xd0
  [<ffffffff81297418>] pci_device_probe+0x88/0xb0
  [<ffffffff813417aa>] ? driver_sysfs_add+0x7a/0xb0
  [<ffffffff813418d8>] really_probe+0x68/0x180
  [<ffffffff81341be5>] driver_probe_device+0x45/0x70
  [<ffffffff81341cb3>] __driver_attach+0xa3/0xb0
  [<ffffffff81341c10>] ? driver_probe_device+0x70/0x70
  [<ffffffff813400ce>] bus_for_each_dev+0x5e/0x90
  [<ffffffff8134172e>] driver_attach+0x1e/0x20
  [<ffffffff81341298>] bus_add_driver+0xc8/0x280
  [<ffffffff813422c6>] driver_register+0x76/0x140
  [<ffffffff812976d6>] __pci_register_driver+0x66/0xe0
  [<ffffffffa043d021>] drm_pci_init+0x111/0x120 [drm]
  [<ffffffff8133c67a>] ? vga_switcheroo_register_handler+0x3a/0x60
  [<ffffffffa0229000>] ? 0xffffffffa0228fff
  [<ffffffffa02290ec>] radeon_init+0xec/0xee [radeon]
  [<ffffffff810002f2>] do_one_initcall+0x42/0x180
  [<ffffffff8109d8d2>] sys_init_module+0x92/0x1e0
  [<ffffffff815407a9>] system_call_fastpath+0x16/0x1b
 Code: 58 2a 43 50 88 43 4e 48 83 c4 08 5b c9 c3 66 90 e8 cb fd ff ff eb
  e6 90 90 90 90 90 90 90 90 90 48 89 f8 89 d1 c1 e9 03 83 e2 07 <f3> 48
  a5 89 d1 f3 a4 c3 20 48 83 ea 20 4c 8b 06 4c 8b 4e 08 4c
 RIP  [<ffffffff81275b5b>] memcpy+0xb/0x120
  RSP <ffff8800aa72db00>
 CR2: ffff8800a4244000
 ---[ end trace fcffa1599cf56382 ]---

Call to acpi_evaluate_object() not always returns 4096 bytes chunks,
on my system it can return 2048 bytes chunk, so pass the length of
retrieved chunk to memcpy(), not the length of the recieving buffer.

Signed-off-by: Igor Murzov <e-mail@date.by>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2012-01-24 17:34:02 +00:00
..
exynos drm: add support for private planes 2012-01-05 10:00:16 +00:00
gma500 gma500: Discard modes that don't fit in stolen memory 2012-01-13 09:02:06 +00:00
i2c gpu: add module.h to drivers/gpu files as required. 2011-10-31 19:32:03 -04:00
i810 drm/i810: don't acces hw regs in lastclose 2011-12-22 19:54:58 +01:00
i915 Merge branch 'drm-core-next' of git://people.freedesktop.org/~airlied/linux 2012-01-10 11:04:36 -08:00
mga drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
nouveau nouveau: Support Optimus models for vga_switcheroo 2012-01-13 09:09:15 +00:00
r128 drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
radeon drm/radeon: fix invalid memory access in radeon_atrm_get_bios() 2012-01-24 17:34:02 +00:00
savage drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
sis gpu, drm, sis: Don't return uninitialized variable from sis_driver_load() 2012-01-23 11:00:47 +00:00
tdfx drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
ttm ttm/dma: Remove the WARN() which is not useful. 2012-01-13 08:59:47 +00:00
via drm/sis|via: don't return stack garbage from free_mem ioctl 2012-01-09 12:11:39 +00:00
vmwgfx Merge branch 'drm-core-next' of git://people.freedesktop.org/~airlied/linux 2012-01-10 11:04:36 -08:00
ati_pcigart.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_agpsupport.c
drm_auth.c
drm_buffer.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_bufs.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_cache.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_context.c drm: make DRM_UNLOCKED ioctls with their own mutex 2012-01-05 14:43:02 +00:00
drm_crtc_helper.c drm: Add drm_format_num_planes() utility function 2011-12-20 20:34:32 +00:00
drm_crtc.c drm: add support for private planes 2012-01-05 10:00:16 +00:00
drm_debugfs.c drm: serialize access to list of debugfs files 2011-11-11 11:05:19 +00:00
drm_dma.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_dp_i2c_helper.c
drm_drv.c drm: make DRM_UNLOCKED ioctls with their own mutex 2012-01-05 14:43:02 +00:00
drm_edid_modes.h drm/edid: support CEA video modes. 2011-12-19 14:53:16 +00:00
drm_edid.c Fix wrong assumptions in cea_for_each_detailed_block v2 2011-12-20 09:51:10 +00:00
drm_encoder_slave.c gpu: add module.h to drivers/gpu files as required. 2011-10-31 19:32:03 -04:00
drm_fb_helper.c drm: avoid switching to text console if there is no panic timeout 2011-11-10 21:27:34 +00:00
drm_fops.c drm: Make the per-driver file_operations struct const 2011-11-11 11:14:47 +00:00
drm_gem.c drm/gem: add functions for mmap offset creation 2011-08-30 11:06:06 +01:00
drm_global.c
drm_hashtab.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_info.c Merge remote branch 'intel/drm-intel-next' of ../drm-next into drm-core-next 2011-03-14 14:15:13 +10:00
drm_ioc32.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_ioctl.c drm: make DRM_UNLOCKED ioctls with their own mutex 2012-01-05 14:43:02 +00:00
drm_irq.c drm: Remove utterly bogus preempt_disable() sections 2011-11-14 09:28:50 +00:00
drm_lock.c drm: add missing exports for i810 driver. 2011-12-22 19:09:01 +00:00
drm_memory.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_mm.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_modes.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_pci.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_platform.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_proc.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_scatter.c drivers: use kzalloc/kcalloc instead of 'kmalloc+memset', where possible 2011-07-25 20:57:13 -07:00
drm_stub.c drm: Create and use drm_err 2011-04-28 14:53:02 +10:00
drm_sysfs.c switch device_get_devnode() and ->devnode() to umode_t * 2012-01-03 22:54:55 -05:00
drm_trace_points.c
drm_trace.h
drm_usb.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
drm_vm.c gpu: Add export.h as required to drivers/gpu files. 2011-10-31 19:32:03 -04:00
Kconfig Merge tag 'v3.2-rc6' of /home/airlied/devel/kernel/linux-2.6 into drm-core-next 2011-12-20 14:43:53 +00:00
Makefile drm: kill drm_sman 2011-12-22 00:33:23 +01:00
README.drm

README.drm 

************************************************************
* For the very latest on DRI development, please see:      *
*     http://dri.freedesktop.org/                          *
************************************************************

The Direct Rendering Manager (drm) is a device-independent kernel-level
device driver that provides support for the XFree86 Direct Rendering
Infrastructure (DRI).

The DRM supports the Direct Rendering Infrastructure (DRI) in four major
ways:

    1. The DRM provides synchronized access to the graphics hardware via
       the use of an optimized two-tiered lock.

    2. The DRM enforces the DRI security policy for access to the graphics
       hardware by only allowing authenticated X11 clients access to
       restricted regions of memory.

    3. The DRM provides a generic DMA engine, complete with multiple
       queues and the ability to detect the need for an OpenGL context
       switch.

    4. The DRM is extensible via the use of small device-specific modules
       that rely extensively on the API exported by the DRM module.


Documentation on the DRI is available from:
    http://dri.freedesktop.org/wiki/Documentation
    http://sourceforge.net/project/showfiles.php?group_id=387
    http://dri.sourceforge.net/doc/

For specific information about kernel-level support, see:

    The Direct Rendering Manager, Kernel Support for the Direct Rendering
    Infrastructure
    http://dri.sourceforge.net/doc/drm_low_level.html

    Hardware Locking for the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/hardware_locking_low_level.html

    A Security Analysis of the Direct Rendering Infrastructure
    http://dri.sourceforge.net/doc/security_low_level.html