Re: [PATCH] video: fbdev: sm712fb: Fix crash in smtcfb_write()

From: Helge Deller <deller@gmx.de>
Date: 2022-03-03 10:18:17
Also in: dri-devel, lkml

On 3/3/22 02:34, Zheyu Ma wrote:

Hi,

On Thu, Mar 3, 2022 at 12:49 AM Helge Deller [off-list ref] wrote:

quoted

On 3/2/22 15:33, Zheyu Ma wrote:

quoted

When the sm712fb driver writes three bytes to the framebuffer, the
driver will crash:

    BUG: unable to handle page fault for address: ffffc90001ffffff
    RIP: 0010:smtcfb_write+0x454/0x5b0
    Call Trace:
     vfs_write+0x291/0xd60
     ? do_sys_openat2+0x27d/0x350
     ? __fget_light+0x54/0x340
     ksys_write+0xce/0x190
     do_syscall_64+0x43/0x90
     entry_SYSCALL_64_after_hwframe+0x44/0xae

Fix it by removing the open-coded endianness fixup-code.

Signed-off-by: Zheyu Ma <redacted>

Thanks... it's already in the fbdev git tree and queued up for v5.18...
https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?h=for-next&id=bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8

This patch fixes the crash in smtcfb_read(), but there is a similar
bug in smtcfb_write(), and I mocked up your patch a wrote a new patch
for it.
So we should fix two bugs with two patches.

Right, I missed the read() code.

I applied your patch now to the fbdev for-next git tree.

Thanks!
Helge

Regards,
Zheyu Ma

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help