Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/gpu/drm
History
Chris Bainbridge 14578923e8 ACPI: video: Fix random crashes due to bad kfree() 
Commit c6a837088b ("drm/amd/display: Fetch the EDID from _DDC if
available for eDP") added function dm_helpers_probe_acpi_edid(), which
fetches the EDID from the BIOS by calling acpi_video_get_edid().

acpi_video_get_edid() returns a pointer to the EDID, but this pointer
does not originate from kmalloc() - it is actually the internal
"pointer" field from an acpi_buffer struct (which did come from
kmalloc()).

dm_helpers_probe_acpi_edid() then attempts to kfree() the EDID pointer,
resulting in memory corruption which leads to random, intermittent
crashes (e.g. 4% of boots will fail with some Oops).

Fix this by allocating a new array (which can be safely freed) for the
EDID data, and correctly freeing the acpi_buffer pointer.

The only other caller of acpi_video_get_edid() is nouveau_acpi_edid():
remove the extraneous kmemdup() here as the EDID data is now copied in
acpi_video_device_EDID().

Signed-off-by: Chris Bainbridge <chris.bainbridge@gmail.com>
Fixes: c6a837088b ("drm/amd/display: Fetch the EDID from _DDC if available for eDP")
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Reported-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
Closes: https://lore.kernel.org/amd-gfx/20250110175252.GBZ4FedNKqmBRaY4T3@fat_crate.local/T/#m324a23eb4c4c32fa7e89e31f8ba96c781e496fb1
Link: https://patch.msgid.link/Z4K_oQL7eA9Owkbs@debian.local
[ rjw: Changed function description comment into a kerneldoc one ]
[ rjw: Subject and changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
 		2025-01-13 21:09:10 +01:00
..
amd drm/amdgpu: Add a lock when accessing the buddy trim function 2025-01-06 15:20:13 -05:00
arm Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
armada module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
aspeed Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
ast
atmel-hlcdc Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
bridge Merge tag 'drm-misc-fixes-2025-01-02' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes 2025-01-03 10:43:36 +10:00
ci
display drm/display: use ERR_PTR on DP tunnel manager creation fail 2024-12-13 18:57:34 +02:00
etnaviv module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
exynos module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
fsl-dcu Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
gma500
gud
hisilicon Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
hyperv
i2c
i915 Revert "drm/i915/hdcp: Don't enable HDCP1.4 directly from check_link" 2025-01-08 08:53:35 +00:00
imagination module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
imx Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
ingenic Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
kmb Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
lib
lima Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
logicvc Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
loongson
mcde Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
mediatek Mediatek DRM Fixes - 20250104 2025-01-10 16:57:59 +10:00
meson Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
mgag200
msm Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
mxsfb Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
nouveau ACPI: video: Fix random crashes due to bad kfree() 2025-01-13 21:09:10 +01:00
omapdrm module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
panel Merge tag 'drm-misc-fixes-2024-12-19' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes 2024-12-20 07:13:45 +10:00
panfrost Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
panthor Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
pl111
qxl
radeon
renesas Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
rockchip Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
scheduler drm/sched: Fix drm_sched_fini() docu generation 2024-12-19 16:03:56 +01:00
solomon module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
sprd Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
sti drm fixes for 6.13-rc2 2024-12-06 11:52:15 -08:00
stm Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
sun4i Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
tegra module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
tests
tidss Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
tilcdc Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
tiny Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
ttm
tve200 Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
udl
v3d drm fixes for 6.13-rc2 2024-12-06 11:52:15 -08:00
vboxvideo
vc4 Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
vgem
virtio
vkms
vmwgfx module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
xe drm/xe/dg1: Fix power gate sequence. 2025-01-09 10:38:56 +01:00
xen
xlnx Get rid of 'remove_new' relic from platform driver struct 2024-12-01 15:12:43 -08:00
Kconfig drm: rework FB_CORE dependency 2024-12-17 18:28:43 +01:00
Makefile
drm_atomic.c
drm_atomic_helper.c
drm_atomic_state_helper.c
drm_atomic_uapi.c
drm_auth.c
drm_blend.c
drm_bridge.c
drm_buddy.c
drm_cache.c
drm_client.c
drm_client_event.c
drm_client_modeset.c
drm_client_setup.c
drm_color_mgmt.c
drm_connector.c
drm_crtc.c
drm_crtc_helper.c
drm_crtc_helper_internal.h
drm_crtc_internal.h
drm_damage_helper.c
drm_debugfs.c
drm_debugfs_crc.c
drm_displayid.c
drm_displayid_internal.h
drm_drv.c
drm_dumb_buffers.c
drm_edid.c
drm_edid_load.c
drm_eld.c
drm_encoder.c
drm_encoder_slave.c
drm_exec.c
drm_fb_dma_helper.c
drm_fb_helper.c
drm_fbdev_client.c
drm_fbdev_dma.c
drm_fbdev_shmem.c
drm_fbdev_ttm.c
drm_file.c
drm_flip_work.c
drm_format_helper.c
drm_fourcc.c
drm_framebuffer.c
drm_gem.c
drm_gem_atomic_helper.c
drm_gem_dma_helper.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
drm_gem_framebuffer_helper.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
drm_gem_shmem_helper.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
drm_gem_ttm_helper.c
drm_gem_vram_helper.c
drm_gpuvm.c
drm_internal.h
drm_ioc32.c
drm_ioctl.c
drm_kms_helper_common.c
drm_lease.c
drm_managed.c
drm_mipi_dbi.c
drm_mipi_dsi.c
drm_mm.c
drm_mode_config.c
drm_mode_object.c
drm_modes.c drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() 2024-12-14 00:05:32 +02:00
drm_modeset_helper.c
drm_modeset_lock.c
drm_of.c
drm_panel.c
drm_panel_orientation_quirks.c
drm_panic.c
drm_panic_qr.rs drm/panic: remove spurious empty line to clean warning 2024-12-10 00:32:38 +01:00
drm_pci.c
drm_plane.c
drm_plane_helper.c
drm_prime.c module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
drm_print.c
drm_privacy_screen.c
drm_privacy_screen_x86.c
drm_probe_helper.c
drm_property.c
drm_rect.c
drm_self_refresh_helper.c
drm_simple_kms_helper.c
drm_suballoc.c
drm_syncobj.c
drm_sysfs.c
drm_trace.h
drm_trace_points.c
drm_vblank.c
drm_vblank_work.c
drm_vma_manager.c
drm_writeback.c