Commit ee155b83 authored by Mads Bligaard Nielsen's avatar Mads Bligaard Nielsen Committed by Zhao Wenhui
Browse files

drm/bridge: adv7511: fix crash on irq during probe 

mainline inclusion
from mainline-v6.9-rc1
commit aeedaee5ef5468caf59e2bb1265c2116e0c9a924
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9HKEE
CVE: CVE-2024-26876

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=aeedaee5ef5468caf59e2bb1265c2116e0c9a924



--------------------------------

Moved IRQ registration down to end of adv7511_probe().

If an IRQ already is pending during adv7511_probe
(before adv7511_cec_init) then cec_received_msg_ts
could crash using uninitialized data:

    Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5
    Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP
    Call trace:
     cec_received_msg_ts+0x48/0x990 [cec]
     adv7511_cec_irq_process+0x1cc/0x308 [adv7511]
     adv7511_irq_process+0xd8/0x120 [adv7511]
     adv7511_irq_handler+0x1c/0x30 [adv7511]
     irq_thread_fn+0x30/0xa0
     irq_thread+0x14c/0x238
     kthread+0x190/0x1a8

Fixes: 3b1b9750 ("drm: adv7511/33: add HDMI CEC support")
Signed-off-by: default avatarMads Bligaard Nielsen <bli@bang-olufsen.dk>
Signed-off-by: default avatarAlvin Šipraga <alsi@bang-olufsen.dk>
Reviewed-by: default avatarRobert Foss <rfoss@kernel.org>
Signed-off-by: default avatarRobert Foss <rfoss@kernel.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20240219-adv7511-cec-irq-crash-fix-v2-1-245e53c4b96f@bang-olufsen.dk



 Conflicts:
	drivers/gpu/drm/bridge/adv7511/adv7511_drv.c

Signed-off-by: default avatarZhao Wenhui <zhaowenhui8@huawei.com>
parent 5d7f26cf
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment