On Tue, Jun 8, 2021 at 10:56 AM Mark Rutland mark.rutland@arm.com wrote:
In vc4_atomic_commit_tail() we iterate of the set of old CRTCs, and attempt to wait on any channels which are still in use. When we iterate over the CRTCs, we have:
- `i` - the index of the CRTC
- `channel` - the channel a CRTC is using
When we check the channel state, we consult:
old_hvs_state->fifo_state[channel].in_use
... but when we wait for the channel, we erroneously wait on:
old_hvs_state->fifo_state[i].pending_commit
... rather than:
old_hvs_state->fifo_state[channel].pending_commit
... and this bogus access has been observed to result in boot-time hangs on some arm64 configurations, and can be detected using KASAN. FIx this by using the correct index.
I've tested this on a Raspberry Pi 3 model B v1.2 with KASAN.
...
Link: https://lore.kernel.org/r/4d0c8318-bad8-2be7-e292-fc8f70c198de@samsung.com Link: https://lore.kernel.org/linux-arm-kernel/20210607151740.moncryl5zv3ahq4s@gil... Signed-off-by: Mark Rutland mark.rutland@arm.com Reported-by: Marek Szyprowski m.szyprowski@samsung.com Cc: Arnd Bergmann arnd@arndb.de
Acked-by: Arnd Bergmann arnd@arndb.de