diff options
author | graysky | 2020-08-04 12:05:12 -0400 |
---|---|---|
committer | graysky | 2020-08-04 12:05:12 -0400 |
commit | dd3e03e134751ab03bd63db12d3335be7396b906 (patch) | |
tree | ce359d4a4f9968bf9d6c0de3bd86a517ba5a8a61 | |
parent | dcf96168c61970f9ecb7dc8733fbd1e56e577116 (diff) | |
download | aur-dd3e03e134751ab03bd63db12d3335be7396b906.tar.gz |
Update to 5.7.13rc3-1
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch | 97 | ||||
-rw-r--r-- | PKGBUILD | 12 |
3 files changed, 12 insertions, 113 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-rc - pkgver = 5.7.12rc1 + pkgver = 5.7.13rc3 pkgrel = 1 url = https://www.kernel.org/ arch = x86_64 @@ -8,28 +8,26 @@ pkgbase = linux-rc makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.12-rc1.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.12-rc1.sign - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.11.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.11.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.13-rc3.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.7.13-rc3.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.12.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.12.tar.sign source = config source = 0000-sphinx-workaround.patch source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch source = 0003-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch - source = 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 59528e86b83aea7b13ade044cfa6ec934733c7363ee1d2c6d9c0c283a300d0a5 + sha256sums = 81f8c5a1c43a85c8d6874980d10fdf137964779bbc9f7f569016604d85b8c77d sha256sums = SKIP - sha256sums = 93293032aa13c3998eeb2afd910f11c0f2e8a76ffec46f74ce3fcfac53ed60f1 + sha256sums = 7a54cf89d7198d99004495c0e3a25d3af05c5d5b70cccf92237f603d7fa15e08 sha256sums = SKIP sha256sums = 6313ccad7f8e4d8ce09dd5bdb51b8dfa124d0034d7097ba47008380a14a84f09 sha256sums = 8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c sha256sums = 06a9861b434f81c0d0f54c6c122df56cf0a730d0eafad888db8804152a7b9ea3 sha256sums = db7f7a86bba9a4959f3e4ab7d1beb51e09099ef8beb638dd4250aa375532b2c2 sha256sums = df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c - sha256sums = e9b37c73e0d81b70bc92dec7703549ab5e54f6c1d2b076e2f851e27f0b38e123 pkgname = linux-rc pkgdesc = The release candidate kernel and modules diff --git a/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch b/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch deleted file mode 100644 index 76ab95070e32..000000000000 --- a/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 6ab7cba72fbdc4eb3c3547eb278924e06dd68fe4 Mon Sep 17 00:00:00 2001 -From: Mazin Rezk <mnrzk@protonmail.com> -Date: Mon, 27 Jul 2020 05:40:46 +0000 -Subject: [PATCH 4/5] drm/amd/display: Clear dm_state for fast updates - -This patch fixes a race condition that causes a use-after-free during -amdgpu_dm_atomic_commit_tail. This can occur when 2 non-blocking commits -are requested and the second one finishes before the first. Essentially, -this bug occurs when the following sequence of events happens: - -1. Non-blocking commit #1 is requested w/ a new dm_state #1 and is -deferred to the workqueue. - -2. Non-blocking commit #2 is requested w/ a new dm_state #2 and is -deferred to the workqueue. - -3. Commit #2 starts before commit #1, dm_state #1 is used in the -commit_tail and commit #2 completes, freeing dm_state #1. - -4. Commit #1 starts after commit #2 completes, uses the freed dm_state -1 and dereferences a freelist pointer while setting the context. - -Since this bug has only been spotted with fast commits, this patch fixes -the bug by clearing the dm_state instead of using the old dc_state for -fast updates. In addition, since dm_state is only used for its dc_state -and amdgpu_dm_atomic_commit_tail will retain the dc_state if none is found, -removing the dm_state should not have any consequences in fast updates. - -This use-after-free bug has existed for a while now, but only caused a -noticeable issue starting from 5.7-rc1 due to 3202fa62f ("slub: relocate -freelist pointer to middle of object") moving the freelist pointer from -dm_state->base (which was unused) to dm_state->context (which is -dereferenced). - -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207383 -Fixes: bd200d190f45 ("drm/amd/display: Don't replace the dc_state for fast updates") -Reported-by: Duncan <1i5t5.duncan@cox.net> -Signed-off-by: Mazin Rezk <mnrzk@protonmail.com> ---- - .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 ++++++++++++++----- - 1 file changed, 27 insertions(+), 9 deletions(-) - -diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -index 837a286469ec..d50751ae73f1 100644 ---- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -@@ -8489,20 +8489,38 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev, - * the same resource. If we have a new DC context as part of - * the DM atomic state from validation we need to free it and - * retain the existing one instead. -+ * -+ * Furthermore, since the DM atomic state only contains the DC -+ * context and can safely be annulled, we can free the state -+ * and clear the associated private object now to free -+ * some memory and avoid a possible use-after-free later. - */ -- struct dm_atomic_state *new_dm_state, *old_dm_state; - -- new_dm_state = dm_atomic_get_new_state(state); -- old_dm_state = dm_atomic_get_old_state(state); -+ for (i = 0; i < state->num_private_objs; i++) { -+ struct drm_private_obj *obj = state->private_objs[i].ptr; - -- if (new_dm_state && old_dm_state) { -- if (new_dm_state->context) -- dc_release_state(new_dm_state->context); -+ if (obj->funcs == adev->dm.atomic_obj.funcs) { -+ int j = state->num_private_objs-1; - -- new_dm_state->context = old_dm_state->context; -+ dm_atomic_destroy_state(obj, -+ state->private_objs[i].state); -+ -+ /* If i is not at the end of the array then the -+ * last element needs to be moved to where i was -+ * before the array can safely be truncated. -+ */ -+ if (i != j) -+ state->private_objs[i] = -+ state->private_objs[j]; - -- if (old_dm_state->context) -- dc_retain_state(old_dm_state->context); -+ state->private_objs[j].ptr = NULL; -+ state->private_objs[j].state = NULL; -+ state->private_objs[j].old_state = NULL; -+ state->private_objs[j].new_state = NULL; -+ -+ state->num_private_objs = j; -+ break; -+ } - } - } - --- -2.27.0 - @@ -7,12 +7,12 @@ _srcname=linux-5.7 _major=5.7 ### on initial release this is null otherwise it is the current stable subversion ### ie 1,2,3 corresponding $_major.1, $_major.3 etc. -_minor=11 +_minor=12 _minorc=$((_minor+1)) ### on initial release this is just $_major _fullver=$_major.$_minor #_fullver=$_major -_rcver=1 +_rcver=3 _rcpatch=patch-${_major}.${_minorc}-rc${_rcver} pkgver=${_major}.${_minorc}rc${_rcver} arch=(x86_64) @@ -32,22 +32,20 @@ source=( 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch 0003-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch - 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('59528e86b83aea7b13ade044cfa6ec934733c7363ee1d2c6d9c0c283a300d0a5' +sha256sums=('81f8c5a1c43a85c8d6874980d10fdf137964779bbc9f7f569016604d85b8c77d' 'SKIP' - '93293032aa13c3998eeb2afd910f11c0f2e8a76ffec46f74ce3fcfac53ed60f1' + '7a54cf89d7198d99004495c0e3a25d3af05c5d5b70cccf92237f603d7fa15e08' 'SKIP' '6313ccad7f8e4d8ce09dd5bdb51b8dfa124d0034d7097ba47008380a14a84f09' '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c' '06a9861b434f81c0d0f54c6c122df56cf0a730d0eafad888db8804152a7b9ea3' 'db7f7a86bba9a4959f3e4ab7d1beb51e09099ef8beb638dd4250aa375532b2c2' - 'df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c' - 'e9b37c73e0d81b70bc92dec7703549ab5e54f6c1d2b076e2f851e27f0b38e123') + 'df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c') export KBUILD_BUILD_HOST=archlinux |