Hi, On 20/01/14 23:31, Keith Packard wrote: > When FB_EVENT_FB_UNBIND is sent, fbcon has two paths, one path taken > when there is another frame buffer to switch any affected vcs to and > another path when there isn't. > > In the case where there is another frame buffer to use, > fbcon_fb_unbind calls set_con2fb_map to remap all of the affected vcs > to the replacement frame buffer. set_con2fb_map will eventually call > con2fb_release_oldinfo when the last vcs gets unmapped from the old > frame buffer. > > con2fb_release_oldinfo frees the fbcon data that is hooked off of the > fb_info structure, including the cursor timer. > > In the case where there isn't another frame buffer to use, > fbcon_fb_unbind simply calls fbcon_unbind, which doesn't clear the > con2fb_map or free the fbcon data hooked from the fb_info > structure. In particular, it doesn't stop the cursor blink timer. When > the fb_info structure is then freed, we end up with a timer queue > pointing into freed memory and "bad things" start happening. > > This patch first changes con2fb_release_oldinfo so that it can take a > NULL pointer for the new frame buffer, but still does all of the > deallocation and cursor timer cleanup. > > Finally, the patch tries to replicate some of what set_con2fb_map does > by clearing the con2fb_map for the affected vcs and calling the > modified con2fb_release_info function to clean up the fb_info structure. > > Signed-off-by: Keith Packard <keithp@xxxxxxxxxx> > --- > drivers/video/console/fbcon.c | 27 +++++++++++++++++++++++++-- > 1 file changed, 25 insertions(+), 2 deletions(-) Thanks, queued for 3.15. Tomi
Attachment:
signature.asc
Description: OpenPGP digital signature
