On Mon, Jul 19, 2021 at 7:23 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
On Mon, Jul 19, 2021 at 05:57:30PM +0800, Xiaotian Feng wrote:
On Fri, Jul 16, 2021 at 5:13 AM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
From: Thomas Zimmermann tzimmermann@suse.de
commit 0ecb51824e838372e01330752503ddf9c0430ef7 upstream.
Using struct drm_device.pdev is deprecated. Upcast with to_pci_dev() from struct drm_device.dev to get the PCI device structure.
v9: * fix remaining pdev references
Signed-off-by: Thomas Zimmermann tzimmermann@suse.de Reviewed-by: Michael J. Ruhl michael.j.ruhl@intel.com Fixes: ba4e0339a6a3 ("drm/ast: Fixed CVE for DP501") Cc: KuoHsiang Chou kuohsiang_chou@aspeedtech.com Cc: kernel test robot lkp@intel.com Cc: Thomas Zimmermann tzimmermann@suse.de Cc: Dave Airlie airlied@redhat.com Cc: dri-devel@lists.freedesktop.org Link: https://patchwork.freedesktop.org/patch/msgid/20210429105101.25667-2-tzimmer... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
drivers/gpu/drm/ast/ast_main.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/ast/ast_main.c +++ b/drivers/gpu/drm/ast/ast_main.c @@ -411,7 +411,6 @@ struct ast_private *ast_device_create(co return ast; dev = &ast->base;
dev->pdev = pdev; pci_set_drvdata(pdev, dev); ast->regs = pcim_iomap(pdev, 1, 0);@@ -453,8 +452,8 @@ struct ast_private *ast_device_create(co
/* map reserved buffer */ ast->dp501_fw_buf = NULL;
if (dev->vram_mm->vram_size < pci_resource_len(dev->pdev, 0)) {ast->dp501_fw_buf = pci_iomap_range(dev->pdev, 0, dev->vram_mm->vram_size, 0);
if (dev->vram_mm->vram_size < pci_resource_len(pdev, 0)) {ast->dp501_fw_buf = pci_iomap_range(pdev, 0, dev->vram_mm->vram_size, 0); if (!ast->dp501_fw_buf) drm_info(dev, "failed to map reserved buffer!\n"); }Hi Greg,
This backport is incomplete for 5.10 kernel, kernel is panickedon RIP: ast_device_create+0x7d. When I look into the crash code, I found
struct ast_private *ast_device_create(struct drm_driver *drv, struct pci_dev *pdev, unsigned long flags) { ....... dev->pdev = pdev; // This is removed pci_set_drvdata(pdev, dev);
ast->regs = pcim_iomap(pdev, 1, 0); if (!ast->regs) return ERR_PTR(-EIO); /* * If we don't have IO space at all, use MMIO now and * assume the chip has MMIO enabled by default (rev 0x20 * and higher). */ if (!(pci_resource_flags(dev->pdev, 2) & IORESOURCE_IO)) { //dev->pdev is in used here. drm_info(dev, "platform has no IO space, trying MMIO\n"); ast->ioregs = ast->regs + AST_IO_MM_OFFSET; }
That's because commit 46fb883c3d0d8a823ef995ddb1f9b0817dea6882is not backported to 5.10 kernel.
So what should I do here? Backport that commit (was was not called out), or just revert this?
I think we can just simply revert the patch. Because commit 46fb883c removed drm_device.pdev usage, then commit ba4e0339 used drm_device.pdev again. Since commit 46fb883c is not in 5.10.50 kernel, it's not a stable fix.
thanks,
greg k-h