rpms/kernel/F-13 drm-nouveau-acpi-edid-fallback.patch, 1.2, 1.3 drm-nouveau-updates.patch, 1.6, 1.7 kernel.spec, 1.1984, 1.1985
Ben Skeggs
bskeggs at fedoraproject.org
Thu Apr 15 22:53:47 UTC 2010
Author: bskeggs
Update of /cvs/pkgs/rpms/kernel/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv3161
Modified Files:
drm-nouveau-acpi-edid-fallback.patch drm-nouveau-updates.patch
kernel.spec
Log Message:
* Fri Apr 16 2010 Ben Skeggs <bskeggs at redhat.com> 2.6.33.2-49
- nouveau: fix dereference-after-free bug (rh#575224)
- drm-nouveau-acpi-edid-fallback.patch: fix ppc build + potential crasher
drm-nouveau-acpi-edid-fallback.patch:
nouveau_acpi.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++-----
nouveau_connector.c | 5 +++
nouveau_drv.h | 20 +++++++++---
nouveau_state.c | 6 ---
4 files changed, 95 insertions(+), 17 deletions(-)
Index: drm-nouveau-acpi-edid-fallback.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/drm-nouveau-acpi-edid-fallback.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- drm-nouveau-acpi-edid-fallback.patch 13 Apr 2010 03:34:43 -0000 1.2
+++ drm-nouveau-acpi-edid-fallback.patch 15 Apr 2010 22:53:44 -0000 1.3
@@ -1,6 +1,19 @@
-diff -up linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_acpi.c.orig linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_acpi.c
---- linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_acpi.c.orig 2010-02-24 13:52:17.000000000 -0500
-+++ linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_acpi.c 2010-04-12 13:46:28.005967983 -0400
+From 84efb21352ab48f43ec824eb53378356c2ce9c63 Mon Sep 17 00:00:00 2001
+From: Ben Skeggs <bskeggs at redhat.com>
+Date: Fri, 16 Apr 2010 08:12:34 +1000
+Subject: [PATCH 2/2] drm-nouveau-acpi-edid-fallback
+
+---
+ drivers/gpu/drm/nouveau/nouveau_acpi.c | 81 ++++++++++++++++++++++++--
+ drivers/gpu/drm/nouveau/nouveau_connector.c | 5 ++
+ drivers/gpu/drm/nouveau/nouveau_drv.h | 20 +++++--
+ drivers/gpu/drm/nouveau/nouveau_state.c | 5 +-
+ 4 files changed, 95 insertions(+), 16 deletions(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nouveau_acpi.c b/drivers/gpu/drm/nouveau/nouveau_acpi.c
+index 48227e7..ac7fd04 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_acpi.c
++++ b/drivers/gpu/drm/nouveau/nouveau_acpi.c
@@ -2,11 +2,13 @@
#include <linux/acpi.h>
#include <acpi/acpi_drivers.h>
@@ -15,7 +28,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
#include "nouveau_drv.h"
#include "nouveau_drm.h"
#include "nv50_display.h"
-@@ -35,7 +37,7 @@ static int nouveau_dsm(struct drm_device
+@@ -35,7 +37,7 @@ static int nouveau_dsm(struct drm_device *dev, int func, int arg, int *result)
0xB3, 0x4D, 0x7E, 0x5F, 0xEA, 0x12, 0x9F, 0xD4,
};
@@ -24,7 +37,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
struct acpi_handle *handle;
struct acpi_buffer output = { ACPI_ALLOCATE_BUFFER, NULL };
struct acpi_object_list input;
-@@ -43,11 +45,11 @@ static int nouveau_dsm(struct drm_device
+@@ -43,11 +45,11 @@ static int nouveau_dsm(struct drm_device *dev, int func, int arg, int *result)
union acpi_object *obj;
int err;
@@ -39,7 +52,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
input.count = 4;
input.pointer = params;
params[0].type = ACPI_TYPE_BUFFER;
-@@ -62,7 +62,8 @@
+@@ -62,7 +64,8 @@ static int nouveau_dsm(struct drm_device *dev, int func, int arg, int *result)
err = acpi_evaluate_object(handle, "_DSM", &input, &output);
if (err) {
@@ -49,7 +62,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
return err;
}
-@@ -86,7 +89,7 @@ static int nouveau_dsm(struct drm_device
+@@ -86,7 +89,7 @@ static int nouveau_dsm(struct drm_device *dev, int func, int arg, int *result)
return 0;
}
@@ -58,7 +71,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
{
int result;
-@@ -110,7 +113,7 @@ int nouveau_hybrid_setup(struct drm_devi
+@@ -110,7 +113,7 @@ int nouveau_hybrid_setup(struct drm_device *dev)
return 0;
}
@@ -67,16 +80,16 @@ diff -up linux-2.6.33.noarch/drivers/gpu
{
int support = 0;
-@@ -123,3 +126,70 @@ bool nouveau_dsm_probe(struct drm_device
+@@ -123,3 +126,67 @@ bool nouveau_dsm_probe(struct drm_device *dev)
return true;
}
+
+int nouveau_acpi_get_edid(struct drm_device *dev,
-+ struct drm_connector *connector)
++ struct drm_connector *connector,
++ struct edid **pedid)
+{
+ struct drm_nouveau_private *dev_priv = dev->dev_private;
-+ struct nouveau_connector *nv_connector = nouveau_connector(connector);
+ void *edid;
+ int connector_type = 0;
+ int ret;
@@ -108,10 +121,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
+ if (ret < 0)
+ return ret;
+
-+ memcpy(&nv_connector->acpi_edid, edid, ret);
-+
-+ kfree(edid);
-+
++ *pedid = edid;
+ return 0;
+}
+
@@ -121,7 +131,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
+ struct drm_nouveau_private *dev_priv = dev->dev_private;
+ acpi_handle handle;
+ struct acpi_device *acpi_dev;
-+
++
+ handle = DEVICE_ACPI_HANDLE(&pdev->dev);
+
+ if (!handle)
@@ -138,40 +148,26 @@ diff -up linux-2.6.33.noarch/drivers/gpu
+
+ return 0;
+}
-diff -up linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.c.orig linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.c
---- linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.c.orig 2010-04-12 13:46:07.994840490 -0400
-+++ linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.c 2010-04-12 13:46:28.007966209 -0400
-@@ -718,6 +718,14 @@ nouveau_connector_create_lvds(struct drm
+diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
+index 8fc0145..6ddb67c 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
+@@ -716,6 +716,11 @@ nouveau_connector_create_lvds(struct drm_device *dev,
}
}
+ /* Let's try ACPI */
+ if (!nv_connector->edid && !nv_connector->native_mode &&
-+ !dev_priv->vbios.fp_no_ddc &&
-+ !nouveau_acpi_get_edid(dev,connector)) {
-+ nv_connector->edid =
-+ (struct edid *)&nv_connector->acpi_edid;
-+ }
++ !dev_priv->vbios.fp_no_ddc)
++ nouveau_acpi_get_edid(dev, connector, &nv_connector->edid);
+
if (!nv_connector->edid)
goto out;
-diff -up linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.h.orig linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.h
---- linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.h.orig 2010-04-12 13:46:07.995840093 -0400
-+++ linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_connector.h 2010-04-12 13:46:28.008966510 -0400
-@@ -41,6 +41,9 @@ struct nouveau_connector {
- struct nouveau_encoder *detected_encoder;
- struct edid *edid;
- struct drm_display_mode *native_mode;
-+#ifdef CONFIG_ACPI
-+ char acpi_edid[256];
-+#endif
- };
-
- static inline struct nouveau_connector *nouveau_connector(
-diff -up linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_drv.h.orig linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_drv.h
---- linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_drv.h.orig 2010-04-12 13:46:07.998840717 -0400
-+++ linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_drv.h 2010-04-12 13:46:28.010965995 -0400
+diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h
+index 9e12c93..41b9b70 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_drv.h
++++ b/drivers/gpu/drm/nouveau/nouveau_drv.h
@@ -39,6 +39,8 @@
#define NOUVEAU_FAMILY 0x0000FFFF
#define NOUVEAU_FLAGS 0xFFFF0000
@@ -193,7 +189,7 @@ diff -up linux-2.6.33.noarch/drivers/gpu
struct nouveau_channel *evo;
-@@ -846,16 +852,18 @@ extern int nouveau_dma_wait(struct nouv
+@@ -846,16 +852,20 @@ extern int nouveau_dma_wait(struct nouveau_channel *, int slots, int size);
/* nouveau_acpi.c */
#ifdef CONFIG_ACPI
@@ -201,7 +197,8 @@ diff -up linux-2.6.33.noarch/drivers/gpu
-extern bool nouveau_dsm_probe(struct drm_device *dev);
+extern int nouveau_acpi_setup(struct drm_device *dev);
+extern int nouveau_acpi_get_edid(struct drm_device *dev,
-+ struct drm_connector *connector);
++ struct drm_connector *connector,
++ struct edid **edid);
#else
-static inline int nouveau_hybrid_setup(struct drm_device *dev)
+static inline int nouveau_acpi_setup(struct drm_device *dev)
@@ -210,17 +207,19 @@ diff -up linux-2.6.33.noarch/drivers/gpu
}
-static inline bool nouveau_dsm_probe(struct drm_device *dev)
+static inline int nouveau_acpi_get_edid(struct drm_device *dev,
-+ struct drm_connector *connector)
++ struct drm_connector *connector,
++ struct edid **edid)
{
- return false;
+ return -ENODEV;
}
#endif
-diff -up linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_state.c.orig linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_state.c
---- linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_state.c.orig 2010-04-12 13:46:08.009840047 -0400
-+++ linux-2.6.33.noarch/drivers/gpu/drm/nouveau/nouveau_state.c 2010-04-12 13:46:28.011966227 -0400
-@@ -627,10 +627,7 @@ int nouveau_load(struct drm_device *dev,
+diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c
+index a11cd7f..9f52b05 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_state.c
++++ b/drivers/gpu/drm/nouveau/nouveau_state.c
+@@ -627,10 +627,7 @@ int nouveau_load(struct drm_device *dev, unsigned long flags)
NV_DEBUG(dev, "vendor: 0x%X device: 0x%X class: 0x%X\n",
dev->pci_vendor, dev->pci_device, dev->pdev->class);
@@ -232,3 +231,6 @@ diff -up linux-2.6.33.noarch/drivers/gpu
dev_priv->wq = create_workqueue("nouveau");
if (!dev_priv->wq)
+--
+1.7.0.1
+
drm-nouveau-updates.patch:
Makefile | 6
nouveau_bios.c | 486 ++++++----
nouveau_bios.h | 131 +-
nouveau_bo.c | 68 -
nouveau_calc.c | 4
nouveau_channel.c | 15
nouveau_connector.c | 163 ++-
nouveau_connector.h | 3
nouveau_debugfs.c | 18
nouveau_dma.c | 5
nouveau_dp.c | 8
nouveau_drv.c | 14
nouveau_drv.h | 53 -
nouveau_encoder.h | 1
nouveau_gem.c | 55 -
nouveau_hw.c | 6
nouveau_i2c.c | 10
nouveau_irq.c | 615 ++++++++++++-
nouveau_mem.c | 124 +-
nouveau_sgdma.c | 18
nouveau_state.c | 20
nv04_crtc.c | 6
nv04_dac.c | 8
nv04_dfp.c | 4
nv04_display.c | 49 -
nv04_fbcon.c | 6
nv04_fifo.c | 5
nv04_tv.c | 2
nv17_tv.c | 6
nv40_fifo.c | 7
nv40_graph.c | 21
nv50_dac.c | 4
nv50_display.c | 76 -
nv50_display.h | 1
nv50_fb.c | 32
nv50_fbcon.c | 17
nv50_fifo.c | 5
nv50_gpio.c | 76 +
nv50_graph.c | 103 +-
nv50_grctx.c | 2383 ++++++++++++++++++++++++++++++++++++++++++++++++++++
nv50_instmem.c | 18
nv50_sor.c | 26
42 files changed, 3961 insertions(+), 717 deletions(-)
Index: drm-nouveau-updates.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/drm-nouveau-updates.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- drm-nouveau-updates.patch 9 Apr 2010 01:17:12 -0000 1.6
+++ drm-nouveau-updates.patch 15 Apr 2010 22:53:44 -0000 1.7
@@ -1,7 +1,7 @@
-From afab25e39501bff709a665a0b0792914ef320f59 Mon Sep 17 00:00:00 2001
+From 34fdacaf7508f5fd7219b415b533bbb4c52dd300 Mon Sep 17 00:00:00 2001
From: Marcin Slusarz <marcin.slusarz at gmail.com>
Date: Wed, 17 Feb 2010 19:04:00 +0100
-Subject: [PATCH] drm-nouveau-updates
+Subject: [PATCH 1/2] drm-nouveau-updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
@@ -389,11 +389,15 @@ Revert "drm/nouveau: report unknown conn
Included in upstream stable point-release.
This reverts commit b30083bdb990bcc2829fce83d871a86059ff4fc1.
+
+drm/nouveau: fix a nouveau_bo dereference after it's been destroyed
+
+Signed-off-by: Ben Skeggs <bskeggs at redhat.com>
---
drivers/gpu/drm/nouveau/Makefile | 6 +-
drivers/gpu/drm/nouveau/nouveau_bios.c | 486 ++++---
drivers/gpu/drm/nouveau/nouveau_bios.h | 131 +-
- drivers/gpu/drm/nouveau/nouveau_bo.c | 66 +-
+ drivers/gpu/drm/nouveau/nouveau_bo.c | 68 +-
drivers/gpu/drm/nouveau/nouveau_calc.c | 4 +-
drivers/gpu/drm/nouveau/nouveau_channel.c | 15 +-
drivers/gpu/drm/nouveau/nouveau_connector.c | 163 ++-
@@ -432,7 +436,7 @@ This reverts commit b30083bdb990bcc2829f
drivers/gpu/drm/nouveau/nv50_grctx.c | 2383 +++++++++++++++++++++++++++
drivers/gpu/drm/nouveau/nv50_instmem.c | 18 +-
drivers/gpu/drm/nouveau/nv50_sor.c | 25 +-
- 42 files changed, 3960 insertions(+), 715 deletions(-)
+ 42 files changed, 3961 insertions(+), 716 deletions(-)
create mode 100644 drivers/gpu/drm/nouveau/nv50_fb.c
create mode 100644 drivers/gpu/drm/nouveau/nv50_gpio.c
create mode 100644 drivers/gpu/drm/nouveau/nv50_grctx.c
@@ -1816,7 +1820,7 @@ index fd94bd6..c0d7b0a 100644
int duallink_transition_clk;
uint8_t strapless_is_24bit;
diff --git a/drivers/gpu/drm/nouveau/nouveau_bo.c b/drivers/gpu/drm/nouveau/nouveau_bo.c
-index 028719f..eeab3fb 100644
+index 028719f..8fac10d 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bo.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bo.c
@@ -71,7 +71,7 @@ nouveau_bo_fixup_align(struct drm_device *dev,
@@ -1828,7 +1832,7 @@ index 028719f..eeab3fb 100644
int i;
switch (tile_flags) {
-@@ -153,7 +153,7 @@ nouveau_bo_new(struct drm_device *dev, struct nouveau_channel *chan,
+@@ -153,17 +153,17 @@ nouveau_bo_new(struct drm_device *dev, struct nouveau_channel *chan,
nvbo->placement.fpfn = 0;
nvbo->placement.lpfn = mappable ? dev_priv->fb_mappable_pages : 0;
@@ -1837,6 +1841,17 @@ index 028719f..eeab3fb 100644
nvbo->channel = chan;
ret = ttm_bo_init(&dev_priv->ttm.bdev, &nvbo->bo, size,
+ ttm_bo_type_device, &nvbo->placement, align, 0,
+ false, NULL, size, nouveau_bo_del_ttm);
+- nvbo->channel = NULL;
+ if (ret) {
+ /* ttm will call nouveau_bo_del_ttm if it fails.. */
+ return ret;
+ }
++ nvbo->channel = NULL;
+
+ spin_lock(&dev_priv->ttm.bo_list_lock);
+ list_add_tail(&nvbo->head, &dev_priv->ttm.bo_list);
@@ -172,26 +172,33 @@ nouveau_bo_new(struct drm_device *dev, struct nouveau_channel *chan,
return 0;
}
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-13/kernel.spec,v
retrieving revision 1.1984
retrieving revision 1.1985
diff -u -p -r1.1984 -r1.1985
--- kernel.spec 15 Apr 2010 20:23:22 -0000 1.1984
+++ kernel.spec 15 Apr 2010 22:53:45 -0000 1.1985
@@ -2081,6 +2081,10 @@ fi
# and build.
%changelog
+* Fri Apr 16 2010 Ben Skeggs <bskeggs at redhat.com> 2.6.33.2-49
+- nouveau: fix dereference-after-free bug (rh#575224)
+- drm-nouveau-acpi-edid-fallback.patch: fix ppc build + potential crasher
+
* Thu Apr 15 2010 Eric Paris <eparis at redhat.com>
- enable CONFIG_INTEL_TXT on x86_64
More information about the scm-commits
mailing list