Home Home > GIT Browse > stable
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJiri Slaby <jslaby@suse.cz>2019-02-15 10:23:48 +0100
committerJiri Slaby <jslaby@suse.cz>2019-02-15 10:24:10 +0100
commit2317378194983572ec5368409d5a8a7568f4f64e (patch)
treeafe86e2323ea286e36a87f1f6df74d0486ca704d
parentf78a8ac32044f3a962c8e1260f0a48065ce85334 (diff)
drm/modes: Prevent division by zero htotal (bnc#1012628).
-rw-r--r--patches.kernel.org/4.20.9-037-drm-modes-Prevent-division-by-zero-htotal.patch107
-rw-r--r--series.conf1
2 files changed, 108 insertions, 0 deletions
diff --git a/patches.kernel.org/4.20.9-037-drm-modes-Prevent-division-by-zero-htotal.patch b/patches.kernel.org/4.20.9-037-drm-modes-Prevent-division-by-zero-htotal.patch
new file mode 100644
index 0000000000..9537dc064b
--- /dev/null
+++ b/patches.kernel.org/4.20.9-037-drm-modes-Prevent-division-by-zero-htotal.patch
@@ -0,0 +1,107 @@
+From: Tina Zhang <tina.zhang@intel.com>
+Date: Wed, 23 Jan 2019 15:28:59 +0800
+Subject: [PATCH] drm/modes: Prevent division by zero htotal
+References: bnc#1012628
+Patch-mainline: 4.20.9
+Git-commit: a2fcd5c84f7a7825e028381b10182439067aa90d
+
+commit a2fcd5c84f7a7825e028381b10182439067aa90d upstream.
+
+This patch prevents division by zero htotal.
+
+In a follow-up mail Tina writes:
+
+> > How did you manage to get here with htotal == 0? This needs backtraces (or if
+> > this is just about static checkers, a mention of that).
+> > -Daniel
+>
+> In GVT-g, we are trying to enable a virtual display w/o setting timings for a pipe
+> (a.k.a htotal=0), then we met the following kernel panic:
+>
+> [ 32.832048] divide error: 0000 [#1] SMP PTI
+> [ 32.833614] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.18.0-rc4-sriov+ #33
+> [ 32.834438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.10.1-0-g8891697-dirty-20180511_165818-tinazhang-linux-1 04/01/2014
+> [ 32.835901] RIP: 0010:drm_mode_hsync+0x1e/0x40
+> [ 32.836004] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
+> [ 32.836004] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
+> [ 32.836004] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
+> [ 32.836004] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
+> [ 32.836004] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
+> [ 32.836004] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
+> [ 32.836004] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
+> [ 32.836004] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
+> [ 32.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+> [ 32.836004] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
+> [ 32.836004] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+> [ 32.836004] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+> [ 32.836004] Call Trace:
+> [ 32.836004] intel_mode_from_pipe_config+0x72/0x90
+> [ 32.836004] intel_modeset_setup_hw_state+0x569/0xf90
+> [ 32.836004] intel_modeset_init+0x905/0x1db0
+> [ 32.836004] i915_driver_load+0xb8c/0x1120
+> [ 32.836004] i915_pci_probe+0x4d/0xb0
+> [ 32.836004] local_pci_probe+0x44/0xa0
+> [ 32.836004] ? pci_assign_irq+0x27/0x130
+> [ 32.836004] pci_device_probe+0x102/0x1c0
+> [ 32.836004] driver_probe_device+0x2b8/0x480
+> [ 32.836004] __driver_attach+0x109/0x110
+> [ 32.836004] ? driver_probe_device+0x480/0x480
+> [ 32.836004] bus_for_each_dev+0x67/0xc0
+> [ 32.836004] ? klist_add_tail+0x3b/0x70
+> [ 32.836004] bus_add_driver+0x1e8/0x260
+> [ 32.836004] driver_register+0x5b/0xe0
+> [ 32.836004] ? mipi_dsi_bus_init+0x11/0x11
+> [ 32.836004] do_one_initcall+0x4d/0x1eb
+> [ 32.836004] kernel_init_freeable+0x197/0x237
+> [ 32.836004] ? rest_init+0xd0/0xd0
+> [ 32.836004] kernel_init+0xa/0x110
+> [ 32.836004] ret_from_fork+0x35/0x40
+> [ 32.836004] Modules linked in:
+> [ 32.859183] ---[ end trace 525608b0ed0e8665 ]---
+> [ 32.859722] RIP: 0010:drm_mode_hsync+0x1e/0x40
+> [ 32.860287] Code: 31 c0 c3 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 8b 87 d8 00 00 00 85 c0 75 22 8b 4f 68 85 c9 78 1b 69 47 58 e8 03 00 00 99 <f7> f9 b9 d3 4d 62 10 05 f4 01 00 00 f7 e1 89 d0 c1 e8 06 f3 c3 66
+> [ 32.862680] RSP: 0000:ffffc900000ebb90 EFLAGS: 00010206
+> [ 32.863309] RAX: 0000000000000000 RBX: ffff88001c67c8a0 RCX: 0000000000000000
+> [ 32.864182] RDX: 0000000000000000 RSI: ffff88001c67c000 RDI: ffff88001c67c8a0
+> [ 32.865206] RBP: ffff88001c7d03a0 R08: ffff88001c67c8a0 R09: ffff88001c7d0330
+> [ 32.866359] R10: ffffffff822c3a98 R11: 0000000000000001 R12: ffff88001c67c000
+> [ 32.867213] R13: ffff88001c7d0370 R14: ffffffff8207eb78 R15: ffff88001c67c800
+> [ 32.868075] FS: 0000000000000000(0000) GS:ffff88001da00000(0000) knlGS:0000000000000000
+> [ 32.868983] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+> [ 32.869659] CR2: 0000000000000000 CR3: 000000000220a000 CR4: 00000000000006f0
+> [ 32.870599] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+> [ 32.871598] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+> [ 32.872549] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
+>
+> Since drm_mode_hsync() has the logic to check mode->htotal, I just extend it to cover the case htotal==0.
+
+Signed-off-by: Tina Zhang <tina.zhang@intel.com>
+Cc: Adam Jackson <ajax@redhat.com>
+Cc: Dave Airlie <airlied@redhat.com>
+Cc: Daniel Vetter <daniel@ffwll.ch>
+[danvet: Add additional explanations + cc: stable.]
+Cc: stable@vger.kernel.org
+Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Link: https://patchwork.freedesktop.org/patch/msgid/1548228539-3061-1-git-send-email-tina.zhang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/gpu/drm/drm_modes.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/drm_modes.c b/drivers/gpu/drm/drm_modes.c
+index 02db9ac82d7a..a3104d79b48f 100644
+--- a/drivers/gpu/drm/drm_modes.c
++++ b/drivers/gpu/drm/drm_modes.c
+@@ -758,7 +758,7 @@ int drm_mode_hsync(const struct drm_display_mode *mode)
+ if (mode->hsync)
+ return mode->hsync;
+
+- if (mode->htotal < 0)
++ if (mode->htotal <= 0)
+ return 0;
+
+ calc_val = (mode->clock * 1000) / mode->htotal; /* hsync in Hz */
+--
+2.20.1
+
diff --git a/series.conf b/series.conf
index d2c4abe74e..12000bad4d 100644
--- a/series.conf
+++ b/series.conf
@@ -1119,6 +1119,7 @@
patches.kernel.org/4.20.9-034-powerpc-radix-Fix-kernel-crash-with-mremap.patch
patches.kernel.org/4.20.9-035-mic-vop-Fix-use-after-free-on-remove.patch
patches.kernel.org/4.20.9-036-mac80211-ensure-that-mgmt-tx-skbs-have-tailroo.patch
+ patches.kernel.org/4.20.9-037-drm-modes-Prevent-division-by-zero-htotal.patch
########################################################
# Build fixes that apply to the vanilla kernel too.