Re: [PATCH] drm/fb-helper: Fix height, width, and accel_flags in fb_var
From: Daniel Vetter
Date: Wed Apr 19 2023 - 12:38:07 EST
On Tue, Apr 18, 2023 at 08:42:46PM +0200, Geert Uytterhoeven wrote:
> Fbtest contains some very simple validation of the fbdev userspace API
> contract. When used with shmob-drm, it reports the following warnings
> and errors:
>
> height changed from 68 to 0
> height was rounded down
> width changed from 111 to 0
> width was rounded down
> accel_flags changed from 0 to 1
>
> The first part happens because __fill_var() resets the physical
> dimensions of the first connector, as filled in by drm_setup_crtcs_fb().
> Fix this by retaining the original values.
>
> The last part happens because __fill_var() forces the FB_ACCELF_TEXT
> flag on, while fbtest disables all acceleration on purpose, so it can
> draw safely to the frame buffer. Fix this by setting accel_flags to
> zero, as DRM does not implement any text console acceleration.
> Note that this issue can also be seen in the output of fbset, which
> reports "accel true".
>
> Fixes: ee4cce0a8f03a333 ("drm/fb-helper: fix input validation gaps in check_var")
> Signed-off-by: Geert Uytterhoeven <geert+renesas@xxxxxxxxx>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 64458982be40c468..ed6ad787915f0b8f 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -1537,17 +1537,19 @@ static void drm_fb_helper_fill_pixel_fmt(struct fb_var_screeninfo *var,
> }
> }
>
> -static void __fill_var(struct fb_var_screeninfo *var,
> +static void __fill_var(struct fb_var_screeninfo *var, struct fb_info *info,
> struct drm_framebuffer *fb)
> {
> int i;
>
> var->xres_virtual = fb->width;
> var->yres_virtual = fb->height;
> - var->accel_flags = FB_ACCELF_TEXT;
> + var->accel_flags = 0;
> var->bits_per_pixel = drm_format_info_bpp(fb->format, 0);
>
> - var->height = var->width = 0;
> + var->height = info->var.height;
> + var->width = info->var.width;
> +
> var->left_margin = var->right_margin = 0;
> var->upper_margin = var->lower_margin = 0;
> var->hsync_len = var->vsync_len = 0;
> @@ -1610,7 +1612,7 @@ int drm_fb_helper_check_var(struct fb_var_screeninfo *var,
> return -EINVAL;
> }
>
> - __fill_var(var, fb);
> + __fill_var(var, info, fb);
>
> /*
> * fb_pan_display() validates this, but fb_set_par() doesn't and just
> @@ -2066,7 +2068,7 @@ static void drm_fb_helper_fill_var(struct fb_info *info,
> info->pseudo_palette = fb_helper->pseudo_palette;
> info->var.xoffset = 0;
> info->var.yoffset = 0;
> - __fill_var(&info->var, fb);
> + __fill_var(&info->var, info, fb);
Bit a bikeshed since it zeroed-allocated anyway, but I'd pass NULL here
for info and catch that in __fill_var and then keep the explicit = 0;
Either way Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx>
> info->var.activate = FB_ACTIVATE_NOW;
>
> drm_fb_helper_fill_pixel_fmt(&info->var, format);
> --
> 2.34.1
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch