Re: tty-related oops in latest kernel(s)?

From: Antonino A. Daplas
Date: Wed May 30 2007 - 18:14:37 EST

Next message: Christoph Lameter: "Re: [PATCH 1/3] hexdump: more output formatting"
Previous message: H. Peter Anvin: "Re: GFP_DMA32 and PAE x86 machines"
In reply to: Tero Roponen: "Re: tty-related oops in latest kernel(s)?"
Next in thread: Antonino A. Daplas: "Re: tty-related oops in latest kernel(s)?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2007-05-30 at 19:01 +0300, Tero Roponen wrote:
> On Wed, 30 May 2007, Andrew Morton wrote:
>
> > On Wed, 30 May 2007 15:02:49 +0300 (EEST) Tero Roponen <teanropo@xxxxxx> wrote:
> >
> > > On Wed, 30 May 2007, Pekka Enberg wrote:
> > >
> > > > On 5/30/07, Tero Roponen <teanropo@xxxxxx> wrote:

> [root@terrop ~]# cat oops.c
> #include <sys/ioctl.h>
> #include <stdio.h>
> #include <linux/fb.h>
> #include <fcntl.h>
>
> int main(void)
> {
> struct fb_var_screeninfo fbinfo;
> int fd = open("/dev/fb0", O_RDWR);
> if (fd < 0)
> return 1;
>
> /* Get screeninfo */
> ioctl(fd, FBIOGET_VSCREENINFO, &fbinfo);
>
> /* Change depth from current 16 to 24. */
> fbinfo.bits_per_pixel = 24;
> ioctl(fd, FBIOPUT_VSCREENINFO, &fbinfo);
>
> return 0;
> }
>
> So this seems to be a framebuffer error.

It's a fb_setcolreg() bug in neofb. Try this patch?

Tony

neofb: Fix pseudo_palette array overrun in neofb_setcolreg

The pseudo_palette has room for 16 entries only, but in truecolor mode, it
attempts to add 256.

Signed-off-by: Antonino Daplas <adaplas@xxxxxxxxx>
---

drivers/video/neofb.c | 30 ++++++++++++++++--------------
1 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/drivers/video/neofb.c b/drivers/video/neofb.c
index bd30aba..731d7a5 100644
--- a/drivers/video/neofb.c
+++ b/drivers/video/neofb.c
@@ -1286,34 +1286,36 @@ static int neofb_setcolreg(u_int regno,
if (regno >= fb->cmap.len || regno > 255)
return -EINVAL;

- switch (fb->var.bits_per_pixel) {
- case 8:
+ if (fb->var.bits_per_pixel <= 8) {
outb(regno, 0x3c8);

outb(red >> 10, 0x3c9);
outb(green >> 10, 0x3c9);
outb(blue >> 10, 0x3c9);
- break;
- case 16:
- ((u32 *) fb->pseudo_palette)[regno] =
+ } else if (regno < 16) {
+ switch (fb->var.bits_per_pixel) {
+ case 16:
+ ((u32 *) fb->pseudo_palette)[regno] =
((red & 0xf800)) | ((green & 0xfc00) >> 5) |
((blue & 0xf800) >> 11);
- break;
- case 24:
- ((u32 *) fb->pseudo_palette)[regno] =
+ break;
+ case 24:
+ ((u32 *) fb->pseudo_palette)[regno] =
((red & 0xff00) << 8) | ((green & 0xff00)) |
((blue & 0xff00) >> 8);
- break;
+ break;
#ifdef NO_32BIT_SUPPORT_YET
- case 32:
- ((u32 *) fb->pseudo_palette)[regno] =
+ case 32:
+ ((u32 *) fb->pseudo_palette)[regno] =
((transp & 0xff00) << 16) | ((red & 0xff00) << 8) |
((green & 0xff00)) | ((blue & 0xff00) >> 8);
- break;
+ break;
#endif
- default:
- return 1;
+ default:
+ return 1;
+ }
}
+
return 0;
}

Next message: Christoph Lameter: "Re: [PATCH 1/3] hexdump: more output formatting"
Previous message: H. Peter Anvin: "Re: GFP_DMA32 and PAE x86 machines"
In reply to: Tero Roponen: "Re: tty-related oops in latest kernel(s)?"
Next in thread: Antonino A. Daplas: "Re: tty-related oops in latest kernel(s)?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]