[PATCH] drm/fb-helper: Fix height, width, and accel_flags in fb_var

From: Geert Uytterhoeven
Date: Tue Apr 18 2023 - 14:47:26 EST

Next message: Guenter Roeck: "Re: [PATCH 5.10 000/124] 5.10.178-rc1 review"
Previous message: Peter Xu: "Re: [PATCH v2 1/1] mm: do not increment pgfault stats when page fault handler retries"
Next in thread: Daniel Vetter: "Re: [PATCH] drm/fb-helper: Fix height, width, and accel_flags in fb_var"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Fbtest contains some very simple validation of the fbdev userspace API
contract. When used with shmob-drm, it reports the following warnings
and errors:

height changed from 68 to 0
height was rounded down
width changed from 111 to 0
width was rounded down
accel_flags changed from 0 to 1

The first part happens because __fill_var() resets the physical
dimensions of the first connector, as filled in by drm_setup_crtcs_fb().
Fix this by retaining the original values.

The last part happens because __fill_var() forces the FB_ACCELF_TEXT
flag on, while fbtest disables all acceleration on purpose, so it can
draw safely to the frame buffer. Fix this by setting accel_flags to
zero, as DRM does not implement any text console acceleration.
Note that this issue can also be seen in the output of fbset, which
reports "accel true".

Fixes: ee4cce0a8f03a333 ("drm/fb-helper: fix input validation gaps in check_var")
Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
---
drivers/gpu/drm/drm_fb_helper.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
index 64458982be40c468..ed6ad787915f0b8f 100644
--- a/drivers/gpu/drm/drm_fb_helper.c
+++ b/drivers/gpu/drm/drm_fb_helper.c
@@ -1537,17 +1537,19 @@ static void drm_fb_helper_fill_pixel_fmt(struct fb_var_screeninfo *var,
}
}

-static void __fill_var(struct fb_var_screeninfo *var,
+static void __fill_var(struct fb_var_screeninfo *var, struct fb_info *info,
struct drm_framebuffer *fb)
{
int i;

var->xres_virtual = fb->width;
var->yres_virtual = fb->height;
- var->accel_flags = FB_ACCELF_TEXT;
+ var->accel_flags = 0;
var->bits_per_pixel = drm_format_info_bpp(fb->format, 0);

- var->height = var->width = 0;
+ var->height = info->var.height;
+ var->width = info->var.width;
+
var->left_margin = var->right_margin = 0;
var->upper_margin = var->lower_margin = 0;
var->hsync_len = var->vsync_len = 0;
@@ -1610,7 +1612,7 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var,
return -EINVAL;
}

- __fill_var(var, fb);
+ __fill_var(var, info, fb);

/*
* fb_pan_display() validates this, but fb_set_par() doesn't and just
@@ -2066,7 +2068,7 @@ static void drm_fb_helper_fill_var(struct fb_info *info,
info->pseudo_palette = fb_helper->pseudo_palette;
info->var.xoffset = 0;
info->var.yoffset = 0;
- __fill_var(&info->var, fb);
+ __fill_var(&info->var, info, fb);
info->var.activate = FB_ACTIVATE_NOW;

drm_fb_helper_fill_pixel_fmt(&info->var, format);
--
2.34.1

Next message: Guenter Roeck: "Re: [PATCH 5.10 000/124] 5.10.178-rc1 review"
Previous message: Peter Xu: "Re: [PATCH v2 1/1] mm: do not increment pgfault stats when page fault handler retries"
Next in thread: Daniel Vetter: "Re: [PATCH] drm/fb-helper: Fix height, width, and accel_flags in fb_var"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]