linux57/58-tkg: Import an potential fix for some amdgpu crashes introduced with 5.7.0

https://lkml.org/lkml/2020/7/27/64

linux57-tkg/PKGBUILD

@@ -89,7 +89,7 @@ pkgname=("${pkgbase}" "${pkgbase}-headers")
 _basekernel=5.7
 _sub=11
 pkgver="${_basekernel}"."${_sub}"
-pkgrel=22
+pkgrel=23
 pkgdesc='Linux-tkg'
 arch=('x86_64') # no i686 in here
 url="http://www.kernel.org/"
@@ -151,7 +151,7 @@ sha256sums=('de8163bb62f822d84f7a3983574ec460060bf013a78ff79cd7c979ff1ec1d7e0'
             'b2a2ae866fc3f1093f67e69ba59738827e336b8f800fb0487599127f7f3ef881'
             '49262ce4a8089fa70275aad742fc914baa28d9c384f710c9a62f64796d13e104'
             '6821f92bd2bde3a3938d17b070d70f18a2f33cae81647567b5a4d94c9cd75f3d'
-            'bdc60c83cd5fbf9912f9201d6e4fe3c84fe5f634e6823bd8e78264ad606b3a9e')
+            '78b6d2c1ca0e2bb16619194bc8909903199c259739ecfcfdf5d0965baa8d54a6')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

linux57-tkg/linux57-tkg-patches/0012-misc-additions.patch

@@ -53,3 +53,54 @@ index e9d39c48520a..3bceead8da40 100644
  		/* Note: the ioctl VT_GETSTATE does not work for
  		   consoles 16 and higher (since it returns a short) */
   
+diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+index 86ffa0c2880f..710edc70e37e 100644
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -8717,20 +8717,38 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev,
+ 		 * the same resource. If we have a new DC context as part of
+ 		 * the DM atomic state from validation we need to free it and
+ 		 * retain the existing one instead.
++		 *
++		 * Furthermore, since the DM atomic state only contains the DC
++		 * context and can safely be annulled, we can free the state
++		 * and clear the associated private object now to free
++		 * some memory and avoid a possible use-after-free later.
+ 		 */
+-		struct dm_atomic_state *new_dm_state, *old_dm_state;
+
+-		new_dm_state = dm_atomic_get_new_state(state);
+-		old_dm_state = dm_atomic_get_old_state(state);
++		for (i = 0; i < state->num_private_objs; i++) {
++			struct drm_private_obj *obj = state->private_objs[i].ptr;
+
+-		if (new_dm_state && old_dm_state) {
+-			if (new_dm_state->context)
+-				dc_release_state(new_dm_state->context);
++			if (obj->funcs == adev->dm.atomic_obj.funcs) {
++				int j = state->num_private_objs-1;
+
+-			new_dm_state->context = old_dm_state->context;
++				dm_atomic_destroy_state(obj,
++						state->private_objs[i].state);
++
++				/* If i is not at the end of the array then the
++				 * last element needs to be moved to where i was
++				 * before the array can safely be truncated.
++				 */
++				if (i != j)
++					state->private_objs[i] =
++						state->private_objs[j];
+
+-			if (old_dm_state->context)
+-				dc_retain_state(old_dm_state->context);
++				state->private_objs[j].ptr = NULL;
++				state->private_objs[j].state = NULL;
++				state->private_objs[j].old_state = NULL;
++				state->private_objs[j].new_state = NULL;
++
++				state->num_private_objs = j;
++				break;
++			}
+ 		}
+ 	}

linux58-rc-tkg/PKGBUILD

@@ -135,7 +135,7 @@ sha256sums=('ace7c02ad8577c8fc19b2e6b5d0aeeee06721511527bc38dd975b2c56982ccec'
             '19661ec0d39f9663452b34433214c755179894528bf73a42f6ba52ccf572832a'
             'cd225e86d72eaf6c31ef3d7b20df397f4cc44ddd04389850691292cdf292b204'
             '49262ce4a8089fa70275aad742fc914baa28d9c384f710c9a62f64796d13e104'
-            'bdc60c83cd5fbf9912f9201d6e4fe3c84fe5f634e6823bd8e78264ad606b3a9e')
+            '78b6d2c1ca0e2bb16619194bc8909903199c259739ecfcfdf5d0965baa8d54a6')
 
 export KBUILD_BUILD_HOST=archlinux
 export KBUILD_BUILD_USER=$pkgbase

linux58-rc-tkg/linux58-tkg-patches/0012-misc-additions.patch

@@ -53,3 +53,54 @@ index e9d39c48520a..3bceead8da40 100644
  		/* Note: the ioctl VT_GETSTATE does not work for
  		   consoles 16 and higher (since it returns a short) */
   
+diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+index 86ffa0c2880f..710edc70e37e 100644
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -8717,20 +8717,38 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev,
+ 		 * the same resource. If we have a new DC context as part of
+ 		 * the DM atomic state from validation we need to free it and
+ 		 * retain the existing one instead.
++		 *
++		 * Furthermore, since the DM atomic state only contains the DC
++		 * context and can safely be annulled, we can free the state
++		 * and clear the associated private object now to free
++		 * some memory and avoid a possible use-after-free later.
+ 		 */
+-		struct dm_atomic_state *new_dm_state, *old_dm_state;
+
+-		new_dm_state = dm_atomic_get_new_state(state);
+-		old_dm_state = dm_atomic_get_old_state(state);
++		for (i = 0; i < state->num_private_objs; i++) {
++			struct drm_private_obj *obj = state->private_objs[i].ptr;
+
+-		if (new_dm_state && old_dm_state) {
+-			if (new_dm_state->context)
+-				dc_release_state(new_dm_state->context);
++			if (obj->funcs == adev->dm.atomic_obj.funcs) {
++				int j = state->num_private_objs-1;
+
+-			new_dm_state->context = old_dm_state->context;
++				dm_atomic_destroy_state(obj,
++						state->private_objs[i].state);
++
++				/* If i is not at the end of the array then the
++				 * last element needs to be moved to where i was
++				 * before the array can safely be truncated.
++				 */
++				if (i != j)
++					state->private_objs[i] =
++						state->private_objs[j];
+
+-			if (old_dm_state->context)
+-				dc_retain_state(old_dm_state->context);
++				state->private_objs[j].ptr = NULL;
++				state->private_objs[j].state = NULL;
++				state->private_objs[j].old_state = NULL;
++				state->private_objs[j].new_state = NULL;
++
++				state->num_private_objs = j;
++				break;
++			}
+ 		}
+ 	}