Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create

From: Borislav Petkov
Date: Thu Aug 17 2023 - 11:18:33 EST

Next message: André Almeida: "Re: [PATCH v4 2/4] drm/amdgpu: Rework coredump to use memory dynamically"
Previous message: David Laight: "RE: [PATCH v3 2/2] iov_iter: Don't deal with iter->copy_mc in memcpy_from_iter_mc()"
In reply to: Karol Herbst: "Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create"
Next in thread: Lyude Paul: "Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 17, 2023 at 12:24:45PM +0200, Karol Herbst wrote:
> simply throw a
>
> printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
>
> inside drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c:104 after that
> mentioned comment.

diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
index 46b057fe1412..661fd0cf3b3b 100644
--- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
+++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/uconn.c
@@ -101,6 +101,7 @@ nvkm_uconn_uevent(struct nvkm_object *object, void *argv, u32 argc, struct nvkm_
if (args->v0.types & NVIF_CONN_EVENT_V0_UNPLUG) bits |= NVKM_GPIO_LO;
if (args->v0.types & NVIF_CONN_EVENT_V0_IRQ) {
/* TODO: support DP IRQ on ANX9805 and remove this hack. */
+ printk(KERN_WARNING "nvkm_uconn_uevent %u\n", outp->info.location);
if (!outp->info.location)
return -EINVAL;
}

result:

[ 10.566759] ACPI: bus type drm_connector registered
[ 10.591171] Console: switching to colour dummy device 80x25
[ 10.598472] nouveau 0000:03:00.0: vgaarb: deactivate vga console
[ 10.607121] nouveau 0000:03:00.0: NVIDIA GT218 (0a8c00b1)
[ 10.728361] nouveau 0000:03:00.0: bios: version 70.18.83.00.08
[ 10.742137] nouveau 0000:03:00.0: fb: 512 MiB DDR3
[ 11.059848] nouveau 0000:03:00.0: DRM: VRAM: 512 MiB
[ 11.064911] nouveau 0000:03:00.0: DRM: GART: 1048576 MiB
[ 11.070302] nouveau 0000:03:00.0: DRM: TMDS table version 2.0
[ 11.076126] nouveau 0000:03:00.0: DRM: DCB version 4.0
[ 11.081335] nouveau 0000:03:00.0: DRM: DCB outp 00: 02000360 00000000
[ 11.087865] nouveau 0000:03:00.0: DRM: DCB outp 01: 02000362 00020010
[ 11.094395] nouveau 0000:03:00.0: DRM: DCB outp 02: 028003a6 0f220010
[ 11.100912] nouveau 0000:03:00.0: DRM: DCB outp 03: 01011380 00000000
[ 11.107422] nouveau 0000:03:00.0: DRM: DCB outp 04: 08011382 00020010
[ 11.113940] nouveau 0000:03:00.0: DRM: DCB outp 05: 088113c6 0f220010
[ 11.120457] nouveau 0000:03:00.0: DRM: DCB conn 00: 00101064
[ 11.126182] nouveau 0000:03:00.0: DRM: DCB conn 01: 00202165
[ 11.138865] nouveau 0000:03:00.0: DRM: MM: using COPY for buffer copies
[ 11.151291] nvkm_uconn_uevent 0
[ 11.154643] nvkm_uconn_uevent 0
[ 11.157975] nvkm_uconn_uevent 0
[ 11.161298] nvkm_uconn_uevent 0
[ 11.164616] nvkm_uconn_uevent 0
[ 11.167943] nvkm_uconn_uevent 0
[ 11.176010] [drm] Initialized nouveau 1.3.1 20120801 for 0000:03:00.0 on minor 0
[ 11.184186] nouveau 0000:03:00.0: [drm] Cannot find any crtc or sizes
[ 11.260527] megasas: 07.725.01.00-rc1
[ 11.264555] st: Version 20160209, fixed bufsize 32768, s/g segs 256

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: André Almeida: "Re: [PATCH v4 2/4] drm/amdgpu: Rework coredump to use memory dynamically"
Previous message: David Laight: "RE: [PATCH v3 2/2] iov_iter: Don't deal with iter->copy_mc in memcpy_from_iter_mc()"
In reply to: Karol Herbst: "Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create"
Next in thread: Lyude Paul: "Re: [PATCH] drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]