| Message ID | 20171113094546.16593-1-thierry.reding@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Monday, November 13, 2017 10:45:46 AM Thierry Reding wrote: > From: Thierry Reding <treding@nvidia.com> > > During console takeover, which happens for all DRM/KMS setups using the > fbdev helpers, fbcon_startup() is called before fbcon_init() and as a > result con2fb_acquire_newinfo() will not be called (info->fbcon_par was > set to non-NULL in fbcon_startup()) to assign ops->info. > > This causes the cursor_timer_handler() to unreference a NULL pointer. > > Avoid this by unconditionally assigning ops->info during fbcon_startup() > so that it will be available early, but keep the additional assignment > in con2fb_acquire_newinfo() to support console remapping at runtime. > > Cc: Kees Cook <keescook@chromium.org> > Signed-off-by: Thierry Reding <treding@nvidia.com> Patch queued for 4.15, thanks. Best regards, -- Bartlomiej Zolnierkiewicz Samsung R&D Institute Poland Samsung Electronics -- To unsubscribe from this list: send the line "unsubscribe linux-fbdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index 3b4a96379128..929ca472c524 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -962,6 +962,7 @@ static const char *fbcon_startup(void) ops->graphics = 1; ops->cur_rotate = -1; ops->cur_blink_jiffies = HZ / 5; + ops->info = info; info->fbcon_par = ops; if (initial_rotation != -1) p->con_rotate = initial_rotation;