fbdev/fb_notify: fix blank_mode pointer crash
When fb event is not blank event, use *((int *)event->data) for
blank_mode is very dangerous, see follow code on
drivers/video/fbdev/core/fbmem.c:
struct fb_event event;
event.info = fb_info;
fb_notifier_call_chain(FB_EVENT_FB_REGISTERED, &event);
On FB_EVENT_FB_REGISTERED event, event->data is not initial,
so get value from *(int*)event->data would crash.
crash:
[ 0.909647] Unable to handle kernel paging request at virtual address
12c000000000
[ 0.915506] pgd =
ffffff8009147000
[ 0.915808] [
12c000000000] *pgd=
00000000f6ff9003, *pud=
00000000f6ff9003, *pmd=
0000000000000000
[ 0.916577] Internal error: Oops:
96000004 [#1] PREEMPT SMP
[ 0.917067] Modules linked in:
[ 0.917347] CPU: 4 PID: 51 Comm: kworker/u12:1 Not tainted 4.4.30
[ 0.917919] Hardware name: Rockchip RK3399 Evaluation Board v1 (Android) (DT)
[ 1.098438] [<
ffffff8008729fb0>] rkvr_fb_event_notify+0x38/0x18c
[ 1.098976] [<
ffffff80080b8c7c>] notifier_call_chain+0x48/0x80
[ 1.099499] [<
ffffff80080b8fb8>] __blocking_notifier_call_chain+0x48/0x64
[ 1.100104] [<
ffffff80080b8fe8>] blocking_notifier_call_chain+0x14/0x1c
[ 1.100699] [<
ffffff80083e4abc>] fb_notifier_call_chain+0x44/0x50
[ 1.101242] [<
ffffff80083e6da8>] register_framebuffer+0x1bc/0x288
[ 1.101790] [<
ffffff8008431e00>] drm_fb_helper_initial_config+0x2c0/0x354
[ 1.102395] [<
ffffff80084630e4>] rockchip_drm_fbdev_init+0xc8/0x104
[ 1.102957] [<
ffffff8008459fec>] rockchip_drm_load+0x91c/0x9c4
[ 1.103478] [<
ffffff800843a4c0>] drm_dev_register+0x78/0xc0
[ 1.103978] [<
ffffff8008458c0c>] rockchip_drm_bind+0x64/0x90
[ 1.104488] [<
ffffff800849e93c>] try_to_bring_up_master.part.3+0xb0/0x118
[ 1.105093] [<
ffffff800849eb68>] component_master_add_with_match+0xcc/0x12c
[ 1.105714] [<
ffffff80084591e0>] rockchip_drm_platform_probe+0x198/0x1c8
[ 1.106313] [<
ffffff80084a55b0>] platform_drv_probe+0x58/0xa4
[ 1.106827] [<
ffffff80084a38a0>] driver_probe_device+0x114/0x280
[ 1.107362] [<
ffffff80084a3b5c>] __device_attach_driver+0x88/0x98
[ 1.107905] [<
ffffff80084a1d7c>] bus_for_each_drv+0x7c/0xac
[ 1.108402] [<
ffffff80084a36d8>] __device_attach+0xa8/0x128
[ 1.108900] [<
ffffff80084a3ca0>] device_initial_probe+0x10/0x18
[ 1.109427] [<
ffffff80084a2d1c>] bus_probe_device+0x2c/0x8c
[ 1.109924] [<
ffffff80084a3170>] deferred_probe_work_func+0x74/0xa0
[ 1.110486] [<
ffffff80080b2e34>] process_one_work+0x218/0x3e0
[ 1.111001] [<
ffffff80080b3530>] worker_thread+0x24c/0x374
[ 1.111490] [<
ffffff80080b7dbc>] kthread+0xe8/0xf0
[ 1.111922] [<
ffffff8008082690>] ret_from_fork+0x10/0x40
Change-Id: I11f667830d913430d9e0b4da2b391815d335ecb8
Signed-off-by: Mark Yao <mark.yao@rock-chips.com>
projects / firefly-linux-kernel-4.4.55.git / commit