From: Thierry Reding <treding@xxxxxxxxxx> During console takeover, which happens for all DRM/KMS setups using the fbdev helpers, fbcon_startup() is called before fbcon_init() and as a result con2fb_acquire_newinfo() will not be called (info->fbcon_par was set to non-NULL in fbcon_startup()) to assign ops->info. This causes the cursor_timer_handler() to unreference a NULL pointer. Avoid this by unconditionally assigning ops->info during fbcon_startup() so that it will be available early, but keep the additional assignment in con2fb_acquire_newinfo() to support console remapping at runtime. Cc: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Thierry Reding <treding@xxxxxxxxxx> --- drivers/video/fbdev/core/fbcon.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c index 3b4a96379128..929ca472c524 100644 --- a/drivers/video/fbdev/core/fbcon.c +++ b/drivers/video/fbdev/core/fbcon.c @@ -962,6 +962,7 @@ static const char *fbcon_startup(void) ops->graphics = 1; ops->cur_rotate = -1; ops->cur_blink_jiffies = HZ / 5; + ops->info = info; info->fbcon_par = ops; if (initial_rotation != -1) p->con_rotate = initial_rotation; -- 2.14.1 _______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel
