diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch | 97 | ||||
-rw-r--r-- | PKGBUILD | 8 |
3 files changed, 10 insertions, 111 deletions
@@ -1,5 +1,5 @@ pkgbase = linux-ck - pkgver = 5.7.12 + pkgver = 5.7.13 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -8,8 +8,8 @@ pkgbase = linux-ck makedepends = kmod makedepends = libelf options = !strip - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.12.tar.xz - source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.12.tar.sign + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.13.tar.xz + source = https://www.kernel.org/pub/linux/kernel/v5.x/linux-5.7.13.tar.sign source = config source = enable_additional_cpu_optimizations-20200615.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/20200615.tar.gz source = http://ck.kolivas.org/patches/5.0/5.7/5.7-ck1/patch-5.7-ck1.xz @@ -19,10 +19,9 @@ pkgbase = linux-ck source = 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch source = 0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch source = 0003-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch - source = 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886 validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E - sha256sums = 7a54cf89d7198d99004495c0e3a25d3af05c5d5b70cccf92237f603d7fa15e08 + sha256sums = 720cca6928590d6c0757426cf05f0b95cfcbdfede970399ff2d0873d8bc49262 sha256sums = SKIP sha256sums = 6313ccad7f8e4d8ce09dd5bdb51b8dfa124d0034d7097ba47008380a14a84f09 sha256sums = 278fe9ffb29d92cc5220e7beac34a8e3a2006e714d16a21a0427069f9634af90 @@ -33,7 +32,6 @@ pkgbase = linux-ck sha256sums = 06a9861b434f81c0d0f54c6c122df56cf0a730d0eafad888db8804152a7b9ea3 sha256sums = db7f7a86bba9a4959f3e4ab7d1beb51e09099ef8beb638dd4250aa375532b2c2 sha256sums = df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c - sha256sums = e9b37c73e0d81b70bc92dec7703549ab5e54f6c1d2b076e2f851e27f0b38e123 pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler @@ -42,11 +40,11 @@ pkgname = linux-ck depends = initramfs optdepends = crda: to set the correct wireless channels of your country optdepends = linux-firmware: firmware images needed for some devices - provides = linux-ck=5.7.12 + provides = linux-ck=5.7.13 pkgname = linux-ck-headers pkgdesc = Headers and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=5.7.12 - provides = linux-headers=5.7.12 + provides = linux-ck-headers=5.7.13 + provides = linux-headers=5.7.13 diff --git a/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch b/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch deleted file mode 100644 index 76ab95070e32..000000000000 --- a/0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 6ab7cba72fbdc4eb3c3547eb278924e06dd68fe4 Mon Sep 17 00:00:00 2001 -From: Mazin Rezk <mnrzk@protonmail.com> -Date: Mon, 27 Jul 2020 05:40:46 +0000 -Subject: [PATCH 4/5] drm/amd/display: Clear dm_state for fast updates - -This patch fixes a race condition that causes a use-after-free during -amdgpu_dm_atomic_commit_tail. This can occur when 2 non-blocking commits -are requested and the second one finishes before the first. Essentially, -this bug occurs when the following sequence of events happens: - -1. Non-blocking commit #1 is requested w/ a new dm_state #1 and is -deferred to the workqueue. - -2. Non-blocking commit #2 is requested w/ a new dm_state #2 and is -deferred to the workqueue. - -3. Commit #2 starts before commit #1, dm_state #1 is used in the -commit_tail and commit #2 completes, freeing dm_state #1. - -4. Commit #1 starts after commit #2 completes, uses the freed dm_state -1 and dereferences a freelist pointer while setting the context. - -Since this bug has only been spotted with fast commits, this patch fixes -the bug by clearing the dm_state instead of using the old dc_state for -fast updates. In addition, since dm_state is only used for its dc_state -and amdgpu_dm_atomic_commit_tail will retain the dc_state if none is found, -removing the dm_state should not have any consequences in fast updates. - -This use-after-free bug has existed for a while now, but only caused a -noticeable issue starting from 5.7-rc1 due to 3202fa62f ("slub: relocate -freelist pointer to middle of object") moving the freelist pointer from -dm_state->base (which was unused) to dm_state->context (which is -dereferenced). - -Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207383 -Fixes: bd200d190f45 ("drm/amd/display: Don't replace the dc_state for fast updates") -Reported-by: Duncan <1i5t5.duncan@cox.net> -Signed-off-by: Mazin Rezk <mnrzk@protonmail.com> ---- - .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 ++++++++++++++----- - 1 file changed, 27 insertions(+), 9 deletions(-) - -diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -index 837a286469ec..d50751ae73f1 100644 ---- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c -@@ -8489,20 +8489,38 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev, - * the same resource. If we have a new DC context as part of - * the DM atomic state from validation we need to free it and - * retain the existing one instead. -+ * -+ * Furthermore, since the DM atomic state only contains the DC -+ * context and can safely be annulled, we can free the state -+ * and clear the associated private object now to free -+ * some memory and avoid a possible use-after-free later. - */ -- struct dm_atomic_state *new_dm_state, *old_dm_state; - -- new_dm_state = dm_atomic_get_new_state(state); -- old_dm_state = dm_atomic_get_old_state(state); -+ for (i = 0; i < state->num_private_objs; i++) { -+ struct drm_private_obj *obj = state->private_objs[i].ptr; - -- if (new_dm_state && old_dm_state) { -- if (new_dm_state->context) -- dc_release_state(new_dm_state->context); -+ if (obj->funcs == adev->dm.atomic_obj.funcs) { -+ int j = state->num_private_objs-1; - -- new_dm_state->context = old_dm_state->context; -+ dm_atomic_destroy_state(obj, -+ state->private_objs[i].state); -+ -+ /* If i is not at the end of the array then the -+ * last element needs to be moved to where i was -+ * before the array can safely be truncated. -+ */ -+ if (i != j) -+ state->private_objs[i] = -+ state->private_objs[j]; - -- if (old_dm_state->context) -- dc_retain_state(old_dm_state->context); -+ state->private_objs[j].ptr = NULL; -+ state->private_objs[j].state = NULL; -+ state->private_objs[j].old_state = NULL; -+ state->private_objs[j].new_state = NULL; -+ -+ state->num_private_objs = j; -+ break; -+ } - } - } - --- -2.27.0 - @@ -64,7 +64,7 @@ _localmodcfg= ### IMPORTANT: Do no edit below this line unless you know what you're doing pkgbase=linux-ck -pkgver=5.7.12 +pkgver=5.7.13 pkgrel=1 _ckpatchversion=1 arch=(x86_64) @@ -87,13 +87,12 @@ source=( 0001-ZEN-Add-sysctl-and-CONFIG-to-disallow-unprivileged-C.patch 0002-PCI-EDR-Log-only-ACPI_NOTIFY_DISCONNECT_RECOVER-even.patch 0003-virt-vbox-Add-support-for-the-new-VBG_IOCTL_ACQUIRE_.patch - 0004-drm-amd-display-Clear-dm_state-for-fast-updates.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman ) -sha256sums=('7a54cf89d7198d99004495c0e3a25d3af05c5d5b70cccf92237f603d7fa15e08' +sha256sums=('720cca6928590d6c0757426cf05f0b95cfcbdfede970399ff2d0873d8bc49262' 'SKIP' '6313ccad7f8e4d8ce09dd5bdb51b8dfa124d0034d7097ba47008380a14a84f09' '278fe9ffb29d92cc5220e7beac34a8e3a2006e714d16a21a0427069f9634af90' @@ -103,8 +102,7 @@ sha256sums=('7a54cf89d7198d99004495c0e3a25d3af05c5d5b70cccf92237f603d7fa15e08' '8cb21e0b3411327b627a9dd15b8eb773295a0d2782b1a41b2a8839d1b2f5778c' '06a9861b434f81c0d0f54c6c122df56cf0a730d0eafad888db8804152a7b9ea3' 'db7f7a86bba9a4959f3e4ab7d1beb51e09099ef8beb638dd4250aa375532b2c2' - 'df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c' - 'e9b37c73e0d81b70bc92dec7703549ab5e54f6c1d2b076e2f851e27f0b38e123') + 'df205ac596ad9af28061a7dac833d52b5873882d129079ed57736dd77bbb5f8c') export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_USER=$pkgbase |