amlogic: drm/meson: Fix plane state out-of-bounds access
For drm_plane_funcs callbacks, it was fixed to use meson specific
functions except reset callback. Not like other meson specific
callbacks, reset callback allocates drm_plane_state, so accessing
meson_plane_state from drm_plane state in other callbacks causes
out-of-bounds access. Fix plane state out-of-bounds access by using
meson specific reset callback using meson_plane_state based on
drm_atomic_helper_plane_reset().
This removes below kasan warning:
BUG: KASAN: slab-out-of-bounds in kmemdup+0x4c/0xb0
Read of size 128 at addr
ffffffc005a710c0 by task enlightenment/4376
...
[<
ffffff90093959ec>] kmemdup+0x4c/0xb0
[<
ffffff900a7714e8>] meson_plane_duplicate_state+0x40/0x90
[<
ffffff9009d406d4>] drm_atomic_get_plane_state+0xc4/0x230
[<
ffffff9009cf6284>] __drm_atomic_helper_set_config+0xdc/0x788
[<
ffffff9009cf6a0c>] drm_atomic_helper_set_config+0xdc/0x178
[<
ffffff900a775df8>] meson_crtc_set_mode+0x40/0x68
[<
ffffff9009d22d54>] drm_mode_set_config_internal+0xf4/0x348
[<
ffffff9009d249ec>] drm_mode_setcrtc+0x1d4/0x910
...
Allocated by task 1:
...
kmem_cache_alloc_trace+0x20c/0x6c8
drm_atomic_helper_plane_reset+0x6c/0xc8
drm_mode_config_reset+0x7c/0x310
am_meson_drm_bind+0x1fc/0x2f8
try_to_bring_up_master.part.1+0x70/0x128
component_master_add_with_match+0x1b8/0x230
am_meson_drv_probe+0x3c8/0x410
...
Change-Id: Ie7bfd41d797a0782cffa45801629981c25b01561
Fixes commit
1f1efcfdd85d ("drm: add multi-layer support [1/1]")
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
projects / platform / kernel / linux-amlogic.git / commit