drm/i915: Fix crash when failing to parse MIPI VBT
authorRafael Barbalho <rafael.barbalho@intel.com>
Thu, 24 Jul 2014 14:16:12 +0000 (15:16 +0100)
committerDaniel Vetter <daniel.vetter@ffwll.ch>
Fri, 8 Aug 2014 14:22:18 +0000 (16:22 +0200)
This particular nasty presented itself while trying to register the
intelfb device (intel_fbdev.c). During the process of registering the device
the driver will disable the crtc via i9xx_crtc_disable. These will
also disable the panel using the generic mipi panel functions in
dsi_mod_vbt_generic.c. The stale MIPI generic data sequence pointers would
cause a crash within those functions. However, all of this is happening
while console_lock is held from do_register_framebuffer inside fbcon.c. Which
means that you got kernel log and just the device appearing to reboot/hang for
no apparent reason.

The fault started from the FB_EVENT_FB_REGISTERED event using the
fb_notifier_call_chain call in fbcon.c.

This regression has been introduced in

commit d3b542fcfc72d7724585e3fd2c5e75351bc3df47
Author: Shobhit Kumar <shobhit.kumar@intel.com>
Date:   Mon Apr 14 11:00:34 2014 +0530

    drm/i915: Add parsing support for new MIPI blocks in VBT

Cc: Shobhit Kumar <shobhit.kumar@intel.com>
Signed-off-by: Rafael Barbalho <rafael.barbalho@intel.com>
Reviewed-by: Shobhit Kumar <shobhit.kumar@intel.com>
[danvet: Add regression citation.]
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
drivers/gpu/drm/i915/intel_bios.c

index 608ed302f24df7da14a4b1a962bd63007b884adc..a66955037e4e2f30bb9662fed0be12a02d5deaf2 100644 (file)
@@ -878,7 +878,7 @@ err:
 
        /* error during parsing so set all pointers to null
         * because of partial parsing */
-       memset(dev_priv->vbt.dsi.sequence, 0, MIPI_SEQ_MAX);
+       memset(dev_priv->vbt.dsi.sequence, 0, sizeof(dev_priv->vbt.dsi.sequence));
 }
 
 static void parse_ddi_port(struct drm_i915_private *dev_priv, enum port port,