https://github.com/torvalds/linux
Revision e94bd1736f1f60e916a85a80c0b0ebeaae36cce5 authored by Michel Dänzer on 30 November 2016, 08:30:01 UTC, committed by Daniel Vetter on 30 November 2016, 09:13:00 UTC
Fixes oops if userspace calls DRM_IOCTL_GET_CAP for
DRM_CAP_PAGE_FLIP_TARGET on a non-KMS device node. (Normal userspace
doesn't do that, discovered by syzkaller)
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: f837297ad824 ("drm: Add DRM_MODE_PAGE_FLIP_TARGET_ABSOLUTE/RELATIVE flags v2")
Cc: stable@vger.kernel.org
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/20161130083002.1520-1-michel@daenzer.net
1 parent e5517c2
Tip revision: e94bd1736f1f60e916a85a80c0b0ebeaae36cce5 authored by Michel Dänzer on 30 November 2016, 08:30:01 UTC
drm: Don't call drm_for_each_crtc with a non-KMS driver
drm: Don't call drm_for_each_crtc with a non-KMS driver
Tip revision: e94bd17
cpu-notifier-error-inject.c
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/cpu.h>
#include "notifier-error-inject.h"
static int priority;
module_param(priority, int, 0);
MODULE_PARM_DESC(priority, "specify cpu notifier priority");
#define UP_PREPARE 0
#define UP_PREPARE_FROZEN 0
#define DOWN_PREPARE 0
#define DOWN_PREPARE_FROZEN 0
static struct notifier_err_inject cpu_notifier_err_inject = {
.actions = {
{ NOTIFIER_ERR_INJECT_ACTION(UP_PREPARE) },
{ NOTIFIER_ERR_INJECT_ACTION(UP_PREPARE_FROZEN) },
{ NOTIFIER_ERR_INJECT_ACTION(DOWN_PREPARE) },
{ NOTIFIER_ERR_INJECT_ACTION(DOWN_PREPARE_FROZEN) },
{}
}
};
static int notf_err_handle(struct notifier_err_inject_action *action)
{
int ret;
ret = action->error;
if (ret)
pr_info("Injecting error (%d) to %s\n", ret, action->name);
return ret;
}
static int notf_err_inj_up_prepare(unsigned int cpu)
{
if (!cpuhp_tasks_frozen)
return notf_err_handle(&cpu_notifier_err_inject.actions[0]);
else
return notf_err_handle(&cpu_notifier_err_inject.actions[1]);
}
static int notf_err_inj_dead(unsigned int cpu)
{
if (!cpuhp_tasks_frozen)
return notf_err_handle(&cpu_notifier_err_inject.actions[2]);
else
return notf_err_handle(&cpu_notifier_err_inject.actions[3]);
}
static struct dentry *dir;
static int err_inject_init(void)
{
int err;
dir = notifier_err_inject_init("cpu", notifier_err_inject_dir,
&cpu_notifier_err_inject, priority);
if (IS_ERR(dir))
return PTR_ERR(dir);
err = cpuhp_setup_state_nocalls(CPUHP_NOTF_ERR_INJ_PREPARE,
"cpu-err-notif:prepare",
notf_err_inj_up_prepare,
notf_err_inj_dead);
if (err)
debugfs_remove_recursive(dir);
return err;
}
static void err_inject_exit(void)
{
cpuhp_remove_state_nocalls(CPUHP_NOTF_ERR_INJ_PREPARE);
debugfs_remove_recursive(dir);
}
module_init(err_inject_init);
module_exit(err_inject_exit);
MODULE_DESCRIPTION("CPU notifier error injection module");
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Akinobu Mita <akinobu.mita@gmail.com>");
Computing file changes ...
