Re: tty-related oops in latest kernel(s)?

[Antonino A. Daplas]

On Wed, 2007-05-30 at 22:04 +0400, Alexey Dobriyan wrote:
> On Wed, May 30, 2007 at 09:09:45AM -0700, Andrew Morton wrote:
> > On Wed, 30 May 2007 19:01:09 +0300 (EEST) Tero Roponen <teanropo@xxxxxx> wrote:
> > 
> > > On Wed, 30 May 2007, Andrew Morton wrote:
> > > 
> > > > On Wed, 30 May 2007 15:02:49 +0300 (EEST) Tero Roponen <teanropo@xxxxxx> wrote:
> > > > 
> > > > > On Wed, 30 May 2007, Pekka Enberg wrote:
> > > > > 
> > > > > > On 5/30/07, Tero Roponen <teanropo@xxxxxx> wrote:
[snip]
> Two suspicious things for me:
> 
> 1)
> 
> --- a/drivers/video/neofb.c
> +++ b/drivers/video/neofb.c
> @@ -1295,7 +1295,7 @@ static int neofb_setcolreg(u_int regno, 
>  		outb(blue >> 10, 0x3c9);
>  		break;
>  	case 16:
> -		((u32 *) fb->pseudo_palette)[regno] =
> +		((u16 *) fb->pseudo_palette)[regno] =

u32 is correct.

>  				((red & 0xf800)) | ((green & 0xfc00) >> 5) |
>  				((blue & 0xf800) >> 11);
>  		break;
> 
> 
> 
> 2) palette in neofb_par is "u32 palette[16];" which is 4x16 = 64 bytes.
>    struct fb_info::pseudo_palette is assigned to it in neo_alloc_fb_info().
>    Yet, we check at the beginning of neofb_setcolreg() for color map
>    length which neofb advertises as 256 which seems too many.
> 

Yes, 256 is too many. the pseudo_palette is used for the 16-color
console only.

I'm impressed that this bug has escaped notice for this long. That bug
is present since the 2.5.x era.

Probably, the best thing to do is hide the pseudo_palette from the
drivers and move it to the console layer where it belongs to spare
future driver writers from palette usage confusion. That will be a
thankless job.

Tony


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/