1. 06 7月, 2017 8 次提交
  2. 04 7月, 2017 1 次提交
  3. 22 5月, 2017 1 次提交
  4. 09 5月, 2017 1 次提交
    • K
      format-security: move static strings to const · 06324664
      Kees Cook 提交于
      While examining output from trial builds with -Wformat-security enabled,
      many strings were found that should be defined as "const", or as a char
      array instead of char pointer.  This makes some static analysis easier,
      by producing fewer false positives.
      
      As these are all trivial changes, it seemed best to put them all in a
      single patch rather than chopping them up per maintainer.
      
      Link: http://lkml.kernel.org/r/20170405214711.GA5711@beastSigned-off-by: NKees Cook <keescook@chromium.org>
      Acked-by: Jes Sorensen <jes@trained-monkey.org>	[runner.c]
      Cc: Tony Lindgren <tony@atomide.com>
      Cc: Russell King <linux@armlinux.org.uk>
      Cc: "Maciej W. Rozycki" <macro@linux-mips.org>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
      Cc: Viresh Kumar <viresh.kumar@linaro.org>
      Cc: Daniel Vetter <daniel.vetter@intel.com>
      Cc: Jani Nikula <jani.nikula@linux.intel.com>
      Cc: Sean Paul <seanpaul@chromium.org>
      Cc: David Airlie <airlied@linux.ie>
      Cc: Yisen Zhuang <yisen.zhuang@huawei.com>
      Cc: Salil Mehta <salil.mehta@huawei.com>
      Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: Patrice Chotard <patrice.chotard@st.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Matt Redfearn <matt.redfearn@imgtec.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
      Cc: Mugunthan V N <mugunthanvnm@ti.com>
      Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
      Cc: Jarod Wilson <jarod@redhat.com>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: Antonio Quartulli <a@unstable.cc>
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Cc: Kejian Yan <yankejian@huawei.com>
      Cc: Daode Huang <huangdaode@hisilicon.com>
      Cc: Qianqian Xie <xieqianqian@huawei.com>
      Cc: Philippe Reynes <tremyfr@gmail.com>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Christian Gromm <christian.gromm@microchip.com>
      Cc: Andrey Shvetsov <andrey.shvetsov@k2l.de>
      Cc: Jason Litzinger <jlitzingerdev@gmail.com>
      Cc: WANG Cong <xiyou.wangcong@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      06324664
  5. 06 4月, 2017 3 次提交
  6. 01 4月, 2017 3 次提交
  7. 23 3月, 2017 1 次提交
  8. 02 3月, 2017 1 次提交
  9. 28 2月, 2017 2 次提交
  10. 27 2月, 2017 1 次提交
  11. 08 2月, 2017 4 次提交
  12. 03 2月, 2017 1 次提交
    • G
      drm: Rely on mode_config data for fb_helper initialization · e4563f6b
      Gabriel Krisman Bertazi 提交于
      Instead of receiving the num_crts as a parameter, we can read it
      directly from the mode_config structure.  I audited the drivers that
      invoke this helper and I believe all of them initialize the mode_config
      struct accordingly, prior to calling the fb_helper.
      
      I used the following coccinelle hack to make this transformation, except
      for the function headers and comment updates.  The first and second
      rules are split because I couldn't find a way to remove the unused
      temporary variables at the same time I removed the parameter.
      
      // <smpl>
      @r@
      expression A,B,D,E;
      identifier C;
      @@
      (
      - drm_fb_helper_init(A,B,C,D)
      + drm_fb_helper_init(A,B,D)
      |
      - drm_fbdev_cma_init_with_funcs(A,B,C,D,E)
      + drm_fbdev_cma_init_with_funcs(A,B,D,E)
      |
      - drm_fbdev_cma_init(A,B,C,D)
      + drm_fbdev_cma_init(A,B,D)
      )
      
      @@
      expression A,B,C,D,E;
      @@
      (
      - drm_fb_helper_init(A,B,C,D)
      + drm_fb_helper_init(A,B,D)
      |
      - drm_fbdev_cma_init_with_funcs(A,B,C,D,E)
      + drm_fbdev_cma_init_with_funcs(A,B,D,E)
      |
      - drm_fbdev_cma_init(A,B,C,D)
      + drm_fbdev_cma_init(A,B,D)
      )
      
      @@
      identifier r.C;
      type T;
      expression V;
      @@
      - T C;
      <...
      when != C
      - C = V;
      ...>
      // </smpl>
      
      Changes since v1:
       - Rebased on top of the tip of drm-misc-next.
       - Remove mention to sti since a proper fix got merged.
      Suggested-by: NDaniel Vetter <daniel.vetter@intel.com>
      Signed-off-by: NGabriel Krisman Bertazi <krisman@collabora.co.uk>
      Reviewed-by: NEric Anholt <eric@anholt.net>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Link: http://patchwork.freedesktop.org/patch/msgid/20170202162640.27261-1-krisman@collabora.co.uk
      e4563f6b
  13. 25 1月, 2017 1 次提交
  14. 09 1月, 2017 1 次提交
  15. 27 12月, 2016 1 次提交
  16. 18 12月, 2016 1 次提交
  17. 15 12月, 2016 2 次提交
    • V
      drm: Nuke fb->bits_per_pixel · 272725c7
      Ville Syrjälä 提交于
      Replace uses of fb->bits_per_pixel with fb->format->cpp[0]*8.
      Less duplicated information is a good thing.
      
      Note that I didn't put parens around the cpp*8 in the below cocci script,
      on account of not wanting spurious parens all over the place. Instead I
      did the unsafe way, and tried to look over the entire diff to spot if
      any dangerous expressions were produced. I didn't see any.
      
      There are some cases where previously the code did X*bpp/8, so the
      division happened after the multiplication. Those are now just X*cpp
      so the division effectively happens before the multiplication,
      but that is perfectly fine since bpp is always a multiple of 8.
      
      @@
      struct drm_framebuffer *FB;
      expression E;
      @@
       drm_helper_mode_fill_fb_struct(...) {
      	...
      -	FB->bits_per_pixel = E;
      	...
       }
      
      @@
      struct drm_framebuffer *FB;
      expression E;
      @@
       i9xx_get_initial_plane_config(...) {
      	...
      -	FB->bits_per_pixel = E;
      	...
       }
      
      @@
      struct drm_framebuffer *FB;
      expression E;
      @@
       ironlake_get_initial_plane_config(...) {
      	...
      -	FB->bits_per_pixel = E;
      	...
       }
      
      @@
      struct drm_framebuffer *FB;
      expression E;
      @@
       skylake_get_initial_plane_config(...) {
      	...
      -	FB->bits_per_pixel = E;
      	...
       }
      
      @@
      struct drm_framebuffer FB;
      expression E;
      @@
      (
      - E * FB.bits_per_pixel / 8
      + E * FB.format->cpp[0]
      |
      - FB.bits_per_pixel / 8
      + FB.format->cpp[0]
      |
      - E * FB.bits_per_pixel >> 3
      + E * FB.format->cpp[0]
      |
      - FB.bits_per_pixel >> 3
      + FB.format->cpp[0]
      |
      - (FB.bits_per_pixel + 7) / 8
      + FB.format->cpp[0]
      |
      - FB.bits_per_pixel
      + FB.format->cpp[0] * 8
      |
      - FB.format->cpp[0] * 8 != 8
      + FB.format->cpp[0] != 1
      )
      
      @@
      struct drm_framebuffer *FB;
      expression E;
      @@
      (
      - E * FB->bits_per_pixel / 8
      + E * FB->format->cpp[0]
      |
      - FB->bits_per_pixel / 8
      + FB->format->cpp[0]
      |
      - E * FB->bits_per_pixel >> 3
      + E * FB->format->cpp[0]
      |
      - FB->bits_per_pixel >> 3
      + FB->format->cpp[0]
      |
      - (FB->bits_per_pixel + 7) / 8
      + FB->format->cpp[0]
      |
      - FB->bits_per_pixel
      + FB->format->cpp[0] * 8
      |
      - FB->format->cpp[0] * 8 != 8
      + FB->format->cpp[0] != 1
      )
      
      @@
      struct drm_plane_state *state;
      expression E;
      @@
      (
      - E * state->fb->bits_per_pixel / 8
      + E * state->fb->format->cpp[0]
      |
      - state->fb->bits_per_pixel / 8
      + state->fb->format->cpp[0]
      |
      - E * state->fb->bits_per_pixel >> 3
      + E * state->fb->format->cpp[0]
      |
      - state->fb->bits_per_pixel >> 3
      + state->fb->format->cpp[0]
      |
      - (state->fb->bits_per_pixel + 7) / 8
      + state->fb->format->cpp[0]
      |
      - state->fb->bits_per_pixel
      + state->fb->format->cpp[0] * 8
      |
      - state->fb->format->cpp[0] * 8 != 8
      + state->fb->format->cpp[0] != 1
      )
      
      @@
      @@
      - (8 * 8)
      + 8 * 8
      
      @@
      struct drm_framebuffer FB;
      @@
      - (FB.format->cpp[0])
      + FB.format->cpp[0]
      
      @@
      struct drm_framebuffer *FB;
      @@
      - (FB->format->cpp[0])
      + FB->format->cpp[0]
      
      @@
      @@
       struct drm_framebuffer {
      	 ...
      -	 int bits_per_pixel;
      	 ...
       };
      
      v2: Clean up the 'cpp*8 != 8' and '(8 * 8)' cases (Laurent)
      v3: Adjusted the semantic patch a bit and regenerated due to code
          changes
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Reviewed-by: Alex Deucher <alexander.deucher@amd.com> (v1)
      Link: http://patchwork.freedesktop.org/patch/msgid/1481751140-18352-1-git-send-email-ville.syrjala@linux.intel.com
      272725c7
    • V
      drm: Nuke fb->depth · b00c600e
      Ville Syrjälä 提交于
      Replace uses of fb->depth with fb->format->depth. Less duplicate
      information is a good thing.
      
      @@
      struct drm_framebuffer *fb;
      expression E;
      @@
       drm_helper_mode_fill_fb_struct(...) {
      	...
      -	fb->depth = E;
      	...
       }
      
      @@
      struct nouveau_framebuffer *fb;
      @@
      - fb->base.depth
      + fb->base.format->depth
      
      @@
      struct drm_framebuffer fb;
      @@
      - fb.depth
      + fb.format->depth
      
      @@
      struct drm_framebuffer *fb;
      @@
      - fb->depth
      + fb->format->depth
      
      @@
      struct drm_framebuffer fb;
      @@
      - (fb.format->depth)
      + fb.format->depth
      
      @@
      struct drm_framebuffer *fb;
      @@
      - (fb->format->depth)
      + fb->format->depth
      
      @@
      @@
       struct drm_framebuffer {
      	 ...
      -	 unsigned int depth;
      	 ...
       };
      
      v2: Drop the vmw stuff (Daniel)
          Rerun spatch due to code changes
      Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: NLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Reviewed-by: NAlex Deucher <alexander.deucher@amd.com>
      Reviewed-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Link: http://patchwork.freedesktop.org/patch/msgid/1481751095-18249-1-git-send-email-ville.syrjala@linux.intel.com
      b00c600e
  18. 30 11月, 2016 3 次提交
    • C
      drm: Protect fb_helper list manipulation with a mutex · a53ca635
      Chris Wilson 提交于
      Though we only walk the kernel_fb_helper_list inside a panic (or single
      thread debugging), we still need to protect the list manipulation on
      creating/removing a framebuffer device in order to prevent list
      corruption.
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Reviewed-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: NSean Paul <seanpaul@chromium.org>
      Link: http://patchwork.freedesktop.org/patch/msgid/20161129120217.7344-3-chris@chris-wilson.co.uk
      a53ca635
    • C
      drm: Pull together probe + setup for drm_fb_helper · 64e94407
      Chris Wilson 提交于
      drm_fb_helper_probe_connector_modes() is always called before
      drm_setup_crtcs(), so just move the call into drm_setup_crtcs for a
      small bit of code compaction.
      
      Note that register_framebuffer will do a modeset (when fbcon is enabled)
      and hence must be moved out of the critical section. A follow-up patch
      will add new locking for the fb list, hence move all the related
      registration code together.
      Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Reviewed-by: NDaniel Vetter <daniel.vetter@intel.com>
      Signed-off-by: NSean Paul <seanpaul@chromium.org>
      Link: http://patchwork.freedesktop.org/patch/msgid/20161129120217.7344-2-chris@chris-wilson.co.uk
      64e94407
    • C
      drm: Hold mode_config.lock to prevent hotplug whilst setting up crtcs · 966a6a13
      Chris Wilson 提交于
      The fb_helper->connector_count is modified when a new connector is
      constructed following a hotplug event (e.g. DP-MST). This causes trouble
      for drm_setup_crtcs() and friends that assume that fb_helper is
      constant:
      
      [ 1250.872997] BUG: KASAN: slab-out-of-bounds in drm_setup_crtcs+0x320/0xf80 at addr ffff88074cdd2608
      [ 1250.873020] Write of size 40 by task kworker/u8:3/480
      [ 1250.873039] CPU: 2 PID: 480 Comm: kworker/u8:3 Tainted: G     U          4.9.0-rc6+ #285
      [ 1250.873043] Hardware name:                  /NUC6i3SYB, BIOS SYSKLi35.86A.0024.2015.1027.2142 10/27/2015
      [ 1250.873050] Workqueue: events_unbound async_run_entry_fn
      [ 1250.873056]  ffff88070f9d78f0 ffffffff814b72aa ffff88074e40c5c0 ffff88074cdd2608
      [ 1250.873067]  ffff88070f9d7918 ffffffff8124ff3c ffff88070f9d79b0 ffff88074cdd2600
      [ 1250.873079]  ffff88074e40c5c0 ffff88070f9d79a0 ffffffff812501e4 0000000000000005
      [ 1250.873090] Call Trace:
      [ 1250.873099]  [<ffffffff814b72aa>] dump_stack+0x67/0x9d
      [ 1250.873106]  [<ffffffff8124ff3c>] kasan_object_err+0x1c/0x70
      [ 1250.873113]  [<ffffffff812501e4>] kasan_report_error+0x204/0x4f0
      [ 1250.873120]  [<ffffffff81698df0>] ? drm_dev_printk+0x140/0x140
      [ 1250.873127]  [<ffffffff81250ac3>] kasan_report+0x53/0x60
      [ 1250.873134]  [<ffffffff81688b40>] ? drm_setup_crtcs+0x320/0xf80
      [ 1250.873142]  [<ffffffff8124f18e>] check_memory_region+0x13e/0x1a0
      [ 1250.873147]  [<ffffffff8124f5f3>] memset+0x23/0x40
      [ 1250.873154]  [<ffffffff81688b40>] drm_setup_crtcs+0x320/0xf80
      [ 1250.873161]  [<ffffffff810be7c5>] ? wake_up_q+0x45/0x80
      [ 1250.873169]  [<ffffffff81b0c180>] ? mutex_lock_nested+0x5a0/0x5a0
      [ 1250.873176]  [<ffffffff8168a0e6>] drm_fb_helper_initial_config+0x206/0x7a0
      [ 1250.873183]  [<ffffffff81689ee0>] ? drm_fb_helper_set_par+0x90/0x90
      [ 1250.873303]  [<ffffffffa0b68690>] ? intel_fbdev_fini+0x140/0x140 [i915]
      [ 1250.873387]  [<ffffffffa0b686b2>] intel_fbdev_initial_config+0x22/0x40 [i915]
      [ 1250.873391]  [<ffffffff810b50ff>] async_run_entry_fn+0x7f/0x270
      [ 1250.873394]  [<ffffffff810a64b0>] process_one_work+0x3d0/0x960
      [ 1250.873398]  [<ffffffff810a641d>] ? process_one_work+0x33d/0x960
      [ 1250.873401]  [<ffffffff810a60e0>] ? max_active_store+0xf0/0xf0
      [ 1250.873406]  [<ffffffff810f6f9d>] ? do_raw_spin_lock+0x10d/0x1a0
      [ 1250.873413]  [<ffffffff810a767d>] worker_thread+0x8d/0x840
      [ 1250.873419]  [<ffffffff810a75f0>] ? create_worker+0x2e0/0x2e0
      [ 1250.873426]  [<ffffffff810b0454>] kthread+0x194/0x1c0
      [ 1250.873432]  [<ffffffff810b02c0>] ? kthread_park+0x60/0x60
      [ 1250.873438]  [<ffffffff810f095d>] ? trace_hardirqs_on+0xd/0x10
      [ 1250.873446]  [<ffffffff810b02c0>] ? kthread_park+0x60/0x60
      [ 1250.873453]  [<ffffffff810b02c0>] ? kthread_park+0x60/0x60
      [ 1250.873457]  [<ffffffff81b12277>] ret_from_fork+0x27/0x40
      [ 1250.873460] Object at ffff88074cdd2608, in cache kmalloc-32 size: 32
      
      However, when holding the mode_config.lock around the fb_helper, we have
      to be careful of any callbacks that may reenter the fb_helper and so try
      to reacquire the mode_config.lock (e.g. register_framebuffer). To avoid
      the mutex recursion, we have to rearrange the sequence to move the
      registration into the caller outside of the mode_config.lock.
      
      v2: drop the 1; following the lockdep assertion inside the for(;;), I
      anticipated an error that doesn't happen!
      
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98826Signed-off-by: NChris Wilson <chris@chris-wilson.co.uk>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Signed-off-by: NSean Paul <seanpaul@chromium.org>
      Link: http://patchwork.freedesktop.org/patch/msgid/20161129120217.7344-1-chris@chris-wilson.co.uk
      966a6a13
  19. 28 11月, 2016 1 次提交
  20. 14 11月, 2016 1 次提交
    • S
      drm/fb-helper: fix segfaults in drm_fb_helper_debug_* · 1b99b724
      Stefan Christ 提交于
      A drm driver that is implementing
      
            fb_debug_enter and fb_debug_leave
      
      in struct fb_ops with drm fb helper functions
      
           drm_fb_helper_debug_enter and drm_fb_helper_debug_leave
      
      must also implement the callback 'mode_set_base_atomic' in struct
      drm_crtc_helper_funcs. See Documentation/DocBook/kgdb.tmpl.  The current
      implementation will segfault when 'mode_set_base_atomic' is a NULL
      pointer.
      
      Before this patch at least the drm drivers armada, ast, qxl, udl and
      virtio do not have a 'mode_set_base_atomic' implementation but using
      drm_fb_helper_debug_(enter|leave). So these drivers may segfault when
      callbacks fb_debug_(enter|leave) are called.
      
      Avoid the issue by just checking for NULL pointers. So all drivers can
      unconditionally implement fb_debug_(enter|leave) with the drm_fb_helper
      functions. If callback 'mode_set_base_atomic' is not implemented, the
      code in drm_fb_helper_debug_(enter|leave) does effectively nothing.
      Signed-off-by: NStefan Christ <contact@stefanchrist.eu>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Link: http://patchwork.freedesktop.org/patch/msgid/1479078208-25221-2-git-send-email-contact@stefanchrist.eu
      1b99b724
  21. 27 10月, 2016 1 次提交
    • V
      drm/fb-helper: Keep references for the current set of used connectors · a2889606
      Ville Syrjälä 提交于
      The fbdev helper code keeps around two lists of connectors. One is the
      list of all connectors it could use, and that list already holds
      references for all the connectors. However the other list, or rather
      lists, is the one actively being used. That list is tracked per-crtc
      and currently doesn't hold any extra references. Let's grab those
      extra references to avoid oopsing when the connector vanishes. The
      list of all possible connectors should get updated when the hpd happens,
      but the list of actively used connectors would not get updated until
      the next time the fb-helper picks through the set of possible connectors.
      And so we need to hang on to the connectors until that time.
      
      Since we need to clean up in drm_fb_helper_crtc_free() as well,
      let's pull the code to a common place. And while at it let's
      pull in up the modeset->mode cleanup in there as well. The case
      of modeset->fb is a bit less clear. I'm thinking we should probably
      hold a reference to it, but for now I just slapped on a FIXME.
      
      v2: Cleanup things drm_fb_helper_crtc_free() too (Chris)
      v3: Don't leak modeset->connectors (Chris)
      
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Cc: stable@vger.kernel.org
      Cc: Carlos Santa <carlos.santa@intel.com>
      Cc: Kirill A. Shutemov <kirill@shutemov.name>
      Tested-by: Carlos Santa <carlos.santa@intel.com> (v1)
      Tested-by: Kirill A. Shutemov <kirill@shutemov.name> (v1)
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97666Signed-off-by: NVille Syrjälä <ville.syrjala@linux.intel.com>
      Reviewed-by: NChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: NDaniel Vetter <daniel.vetter@ffwll.ch>
      Link: http://patchwork.freedesktop.org/patch/msgid/1477492878-4990-1-git-send-email-ville.syrjala@linux.intel.com
      a2889606
  22. 26 10月, 2016 1 次提交