On 05/06/2015 09:47 PM, Konduru, Chandra wrote:
-----Original Message----- From: Tvrtko Ursulin [mailto:tvrtko.ursulin@xxxxxxxxxxxxxxx] Sent: Tuesday, May 05, 2015 2:53 AM To: Intel-gfx@xxxxxxxxxxxxxxxxxxxxx Cc: Ursulin, Tvrtko; Konduru, Chandra; Wood, Thomas Subject: [PATCH v2 i-g-t 1/4] igt_kms: Avoid NULL ptr deref when commiting disabled planes From: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> I think; commit a26f9f9ad0e679c7ce413a25d34f6914e1174151 Author: chandra konduru <chandra.konduru@xxxxxxxxx> Date: Mon Mar 30 13:52:04 2015 -0700 i-g-t: Adding plane scaling test case introduced a condition where it attempts to update a disabled plane because of the newly introduced size_changed flag which is set for disabled frame buffers. Result is a NULL ptr deref in igt_drm_plane_commit (plane->fb->src_x). Start recognising this case as disabled plane and act accordingly. v2: Split out igt_plane_set_fb cleanup. (Thomas Wood) Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@xxxxxxxxx> Cc: chandra konduru <chandra.konduru@xxxxxxxxx> Cc: Thomas Wood <thomas.wood@xxxxxxxxx> --- There might be a better fix, but this works for me. --- lib/igt_kms.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/igt_kms.c b/lib/igt_kms.c index b7d1e90..33d437d 100644 --- a/lib/igt_kms.c +++ b/lib/igt_kms.c @@ -1331,7 +1331,7 @@ static int igt_drm_plane_commit(igt_plane_t *plane, fb_id = igt_plane_get_fb_id(plane); crtc_id = output->config.crtc->crtc_id; - if (plane->fb_changed && fb_id == 0) { + if ((plane->fb_changed || plane->size_changed) && fb_id == 0) {Shouldn't this include plane->position_changed too? Like: if ((plane->fb_changed || plane->size_changed || plane->position_changed) && fb_id == 0) {
When you added size_changed, state for position_changed and fb == NULL remained the same, while size_changed added new state for size_changed == true and fb == NULL. So I added handling for that and did not think much beyond it. It fixes a segfault so I moved on. Or in other words, I don't see how it would harm to merge this, it doesn't make anything worse.
Regards, Tvrtko _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
