[RFC] drm/exynos: abort commit when framebuffer is removed from plane
Rahul Sharma
rahul.sharma at samsung.com
Tue Jul 8 03:03:25 PDT 2014
Hi Inki,
What do you think about the following fix? I need your inputs for this.
Regards,
Rahul Sharma
On 19 June 2014 20:43, Rahul Sharma <rahul.sharma at samsung.com> wrote:
> This situation arises when userspace remove the frambuffer object
> and call setmode ioctl.
>
> drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
> and
> drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
> exynos_drm_crtc_plane_commit which is NULL.
>
> This crashes the system.
>
> Signed-off-by: Rahul Sharma <rahul.sharma at samsung.com>
> ---
> This works fine but I am not confident on the correctness of the
> solution.
>
> drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> index 95c9435..da4efe4 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
> @@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc *crtc, int x, int y,
> return -EPERM;
> }
>
> + /* when framebuffer is removed, commit should not proceed. */
> + if(!plane->fb){
> + DRM_ERROR("framebuffer has been removed from plane.\n");
> + return -EFAULT;
> + }
> +
> crtc_w = crtc->primary->fb->width - x;
> crtc_h = crtc->primary->fb->height - y;
>
> --
> 1.7.9.5
>
More information about the dri-devel
mailing list