From 617f591fc44e24413e1f91017d16734999bbbac1 Mon Sep 17 00:00:00 2001 From: Aaron Plattner Date: Thu, 9 Sep 2021 15:29:50 -0700 Subject: [PATCH] modesetting: Only use GAMMA_LUT if its size is 1024 GAMMA_LUT sizes other than 1024 cause a crash during startup if the memcpy() calls in xf86RandR12CrtcSetGamma() read past the end of the legacy X11 / XVidMode gamma ramp. This is a problem on Intel ICL / GEN11 platforms because they report a GAMMA_LUT size of 262145. Since it's not clear that the modesetting driver will generate a proper gamma ramp at that size even if xf86RandR12CrtcSetGamma() is fixed, just disable use of GAMMA_LUT for sizes other than 1024 for now. This will cause the modesetting driver to disable the CTM property and fall back to the legacy gamma LUT. Signed-off-by: Aaron Plattner Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1193 Tested-by: Mark Herbert --- hw/xfree86/drivers/modesetting/drmmode_display.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c index c10504c32..ab352a451 100644 --- a/hw/xfree86/drivers/modesetting/drmmode_display.c +++ b/hw/xfree86/drivers/modesetting/drmmode_display.c @@ -2406,7 +2406,21 @@ drmmode_crtc_init(ScrnInfoPtr pScrn, drmmode_ptr drmmode, drmModeResPtr mode_res drmmode_crtc->use_gamma_lut = drmmode_crtc->props[DRMMODE_CRTC_GAMMA_LUT_SIZE].prop_id && - drmmode_crtc->props[DRMMODE_CRTC_GAMMA_LUT_SIZE].value && + /* Only use GAMMA_LUT if the size is 1024. + * + * Currently, the modesetting driver always passes a sigRGBbits value of + * 10 to xf86HandleColormaps. This causes it to create a RRCrtc gamma + * ramp of 1024 elements. If DRMMODE_CRTC_GAMMA_LUT_SIZE is larger than + * 1024 (for example on Intel GEN11, where it has a value of 262145) + * then xf86RandR12CrtcSetGamma will read past the end of the RRCrtc's + * gamma ramp when trying to copy it into the larger xf86Crtc gamma + * ramp. + * + * Since the larger GEN11 gamma ramp size hasn't been tested, just + * disable it for now. This will cause the modesetting driver to disable + * the CTM property and use the legacy DRM gamma ramp rather than the + * GAMMA_LUT property. */ + drmmode_crtc->props[DRMMODE_CRTC_GAMMA_LUT_SIZE].value == 1024 && xf86ReturnOptValBool(drmmode->Options, OPTION_USE_GAMMA_LUT, TRUE); if (drmmode_crtc->use_gamma_lut &&