> -----Original Message----- > From: Tvrtko Ursulin [mailto:tvrtko.ursulin@xxxxxxxxxxxxxxx] > Sent: Tuesday, May 05, 2015 2:53 AM > To: Intel-gfx@xxxxxxxxxxxxxxxxxxxxx > Cc: Ursulin, Tvrtko; Konduru, Chandra; Wood, Thomas > Subject: [PATCH v2 i-g-t 1/4] igt_kms: Avoid NULL ptr deref when commiting > disabled planes > > From: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> > > I think; > > commit a26f9f9ad0e679c7ce413a25d34f6914e1174151 > Author: chandra konduru <chandra.konduru@xxxxxxxxx> > Date: Mon Mar 30 13:52:04 2015 -0700 > > i-g-t: Adding plane scaling test case > > introduced a condition where it attempts to update a disabled plane because of > the newly introduced size_changed flag which is set for disabled frame buffers. > Result is a NULL ptr deref in igt_drm_plane_commit (plane->fb->src_x). > > Start recognising this case as disabled plane and act accordingly. > > v2: Split out igt_plane_set_fb cleanup. (Thomas Wood) > > Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> > Cc: chandra konduru <chandra.konduru@xxxxxxxxx> > Cc: Thomas Wood <thomas.wood@xxxxxxxxx> > --- > There might be a better fix, but this works for me. > --- > lib/igt_kms.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/igt_kms.c b/lib/igt_kms.c index b7d1e90..33d437d 100644 > --- a/lib/igt_kms.c > +++ b/lib/igt_kms.c > @@ -1331,7 +1331,7 @@ static int igt_drm_plane_commit(igt_plane_t *plane, > fb_id = igt_plane_get_fb_id(plane); > crtc_id = output->config.crtc->crtc_id; > > - if (plane->fb_changed && fb_id == 0) { > + if ((plane->fb_changed || plane->size_changed) && fb_id == 0) { Shouldn't this include plane->position_changed too? Like: if ((plane->fb_changed || plane->size_changed || plane->position_changed) && fb_id == 0) { > LOG(display, > "%s: SetPlane pipe %s, plane %d, disabling\n", > igt_output_name(output), > -- > 2.3.5 _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
