This situation arises when userspace remove the frambuffer object
and call setmode ioctl.
drm_mode_rmfb --> drm_plane_force_disable --> plane->crtc = NULL;
and
drm_mode_setcrtc --> exynos_plane_commit --> passes plane->crtc to
exynos_drm_crtc_plane_commit which is NULL.
This crashes the system.
Signed-off-by: Rahul Sharma <rahul.sharma at samsung.com>
---
This works fine but I am not confident on the correctness of the
solution.
drivers/gpu/drm/exynos/exynos_drm_crtc.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
index 95c9435..da4efe4 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c
@@ -165,6 +165,12 @@ static int exynos_drm_crtc_mode_set_commit(struct drm_crtc
*crtc, int x, int y,
return -EPERM;
}
+ /* when framebuffer is removed, commit should not proceed. */
+ if(!plane->fb){
+ DRM_ERROR("framebuffer has been removed from plane.\n");
+ return -EFAULT;
+ }
+
crtc_w = crtc->primary->fb->width - x;
crtc_h = crtc->primary->fb->height - y;
--
1.7.9.5
