drm/atomic: Don't overrun the connector array when hotplugging
Yet another fallout from not considering DP MST hotplug. With the previous patches we have stable indices, but it might still happen that a connector gets added between when we allocate the array and when we actually add a connector. Especially when we back off due to ww mutex contention or similar issues. So store the sizes of the arrays in struct drm_atomic_state and double check them. We don't really care about races except that we want to use a consistent value, so ACCESS_ONCE is all we need. And if we indeed notice that we'd overrun the array then just give up and restart the entire ioctl. Signed-off-by: Daniel Vetter <daniel.vetter@intel.com> Reviewed-by: Rob Clark <robdclark@gmail.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
Daniel Vetter
committed by
Dave Airlie
Dave Airlie
parent
6f75cea66c
commit
f52b69f1ec
@@ -56,6 +56,8 @@ drm_atomic_state_alloc(struct drm_device *dev)
|
||||
if (!state)
|
||||
return NULL;
|
||||
|
||||
state->num_connector = ACCESS_ONCE(dev->mode_config.num_connector);
|
||||
|
||||
state->crtcs = kcalloc(dev->mode_config.num_crtc,
|
||||
sizeof(*state->crtcs), GFP_KERNEL);
|
||||
if (!state->crtcs)
|
||||
@@ -72,12 +74,12 @@ drm_atomic_state_alloc(struct drm_device *dev)
|
||||
sizeof(*state->plane_states), GFP_KERNEL);
|
||||
if (!state->plane_states)
|
||||
goto fail;
|
||||
state->connectors = kcalloc(dev->mode_config.num_connector,
|
||||
state->connectors = kcalloc(state->num_connector,
|
||||
sizeof(*state->connectors),
|
||||
GFP_KERNEL);
|
||||
if (!state->connectors)
|
||||
goto fail;
|
||||
state->connector_states = kcalloc(dev->mode_config.num_connector,
|
||||
state->connector_states = kcalloc(state->num_connector,
|
||||
sizeof(*state->connector_states),
|
||||
GFP_KERNEL);
|
||||
if (!state->connector_states)
|
||||
@@ -117,7 +119,7 @@ void drm_atomic_state_clear(struct drm_atomic_state *state)
|
||||
|
||||
DRM_DEBUG_KMS("Clearing atomic state %p\n", state);
|
||||
|
||||
for (i = 0; i < config->num_connector; i++) {
|
||||
for (i = 0; i < state->num_connector; i++) {
|
||||
struct drm_connector *connector = state->connectors[i];
|
||||
|
||||
if (!connector)
|
||||
@@ -304,6 +306,21 @@ drm_atomic_get_connector_state(struct drm_atomic_state *state,
|
||||
|
||||
index = drm_connector_index(connector);
|
||||
|
||||
/*
|
||||
* Construction of atomic state updates can race with a connector
|
||||
* hot-add which might overflow. In this case flip the table and just
|
||||
* restart the entire ioctl - no one is fast enough to livelock a cpu
|
||||
* with physical hotplug events anyway.
|
||||
*
|
||||
* Note that we only grab the indexes once we have the right lock to
|
||||
* prevent hotplug/unplugging of connectors. So removal is no problem,
|
||||
* at most the array is a bit too large.
|
||||
*/
|
||||
if (index >= state->num_connector) {
|
||||
DRM_DEBUG_KMS("Hot-added connector would overflow state array, restarting\n");
|
||||
return -EAGAIN;
|
||||
}
|
||||
|
||||
if (state->connector_states[index])
|
||||
return state->connector_states[index];
|
||||
|
||||
@@ -499,10 +516,9 @@ int
|
||||
drm_atomic_connectors_for_crtc(struct drm_atomic_state *state,
|
||||
struct drm_crtc *crtc)
|
||||
{
|
||||
int nconnectors = state->dev->mode_config.num_connector;
|
||||
int i, num_connected_connectors = 0;
|
||||
|
||||
for (i = 0; i < nconnectors; i++) {
|
||||
for (i = 0; i < state->num_connector; i++) {
|
||||
struct drm_connector_state *conn_state;
|
||||
|
||||
conn_state = state->connector_states[i];
|
||||
|
||||
Reference in New Issue
Block a user