MLK-12080 fbcon: System hang when calling fb_new_modelist()

System will hang when calling fb_new_modelist() function from hdmi driver.

Hang logs:
Unable to handle kernel NULL pointer dereference at virtual address 000000e0
pgd = 80004000
[000000e0] *pgd=00000000
Internal error: Oops: 17 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 90 Comm: kworker/0:3 Not tainted 4.1.8-01364-gd02137c #6
CPU: 0 PID: 90 Comm: kworker/0:3 Not tainted 4.1.8-01364-gd02137c #6
00000e0
mmended
se run fsck.
42.254
irq=-1)
omuxc
 (307Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)  l
Workqueue: events hotplug_worker
task: a8381c80 ti: a8512000 task.ti: a8512000
PC is at fbcon_new_modelist+0xcc/0xe8
LR is at fbcon_new_modelist+0xcc/0xe8
pc : [<802e23f4>]    lr : [<802e23f4>]    psr: 600b0013
sp : a8513c60  ip : a829122c  fp : 80ac6e6c
pc : [<802e23f4>]    lr : [<802e23f4>]    psr: 600b0013
sp : a8513c60  ip : a829122c  fp : 80ac6e6c
.254
irq=-1)
omuxc
 (307r10: 00000000  r9 : 80ade1f8  r8 : a8291000
r7 : 80b80b75  r6 : 80b85080  r5 : 80b80c2c  r4 : 00000002
r7 : 80b80b75  r6 : 80b85080  r5 : 80b80c2c  r4 : 00000002
: a8513c60  ip : a829122c  fp : 80ac6e6c
.254

.......

irq=-1)
omuxc
 (3073f00: 00000000 80046328 a8512000 ab707380 ab707394 ab707380 a8497198 ab707394
3f20: a8512000 00000008 80b2b2b9 a8497180 ab707380 80046640 80ac6100 ab7074e4
3f40: a8497180 00000000 a84bef00 a8497180 800465f4 00000000 00000000 00000000
3f60: 00000000 8004b588 6d6ddb89 00000000 75cfbfda a8497180 00000000 00000000
3f80: a8513f80 a8513f80 00000000 00000000 a8513f90 a8513f90 a8513fac a84bef00
3fa0: 8004b4ac 00000000 00000000 8000f528 00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
29122c  fp : 80ac6e6c
.254
irq=-1)
omuxc
 (3073fe0: 00000000 00000000 00000000 00000000 00000013 00000000 68f31fff f537ef6b
[<802e23f4>] (fbcon_new_modelist) from [<802e6034>] (fbcon_event_notify+0x16c/0x958)
[<802e6034>] (fbcon_event_notify) from [<8004bff0>] (notifier_call_chain+0x44/0x84)
[<8004bff0>] (notifier_call_chain) from [<8004c34c>] (__blocking_notifier_call_chain+0x48/0x60)
[<8004c34c>] (__blocking_notifier_call_chain) from [<8004c37c>] (blocking_notifier_call_chain+0x18/0x20)
[<8004c37c>] (blocking_notifier_call_chain) from [<802ec1c4>] (fb_new_modelist+0xe4/0xf8)
[<802ec1c4>] (fb_new_modelist) from [<802f7f08>] (hotplug_worker+0x1cc/0x2f4)
[<802f7f08>] (hotplug_worker) from [<80046328>] (process_one_work+0x118/0x3e4)
[<80046328>] (process_one_work) from [<80046640>] (worker_thread+0x4c/0x4f4)
[<80046640>] (worker_thread) from [<8004b588>] (kthread+0xdc/0xf4)
[<8004b588>] (kthread) from [<8000f528>] (ret_from_fork+0x14/0x2c)
Code: eb003570 e1a01000 e28d0008 eb0034f7 (e1da2eb0)

The root cuase is fbcon driver access null pointer vc in the function of
fbcon_new_modelist().
Add null pointer check vc to fix the issue.

Signed-off-by: Sandor Yu <R01008@freescale.com>
(cherry picked from commit 3bea30ff471c8fc1e546be26a8625e6aa425d5aa)
(cherry picked from commit ddfd6b989071e38955855351556f518b1600944d)
(cherry picked from commit 608a206caffa8abbd6bd099b9bd592cc227116c1)

diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c
index 4db10d7..478b577 100644 (file)
--- a/drivers/video/console/fbcon.c
+++ b/drivers/video/console/fbcon.c
@@ -3215,6 +3215,8 @@ static void fbcon_new_modelist(struct fb_info *info)
                if (!fb_display[i].mode)
                        continue;
                vc = vc_cons[i].d;
+               if (!vc)
+                       continue;
                display_to_var(&var, &fb_display[i]);
                mode = fb_find_nearest_mode(fb_display[i].mode,
                                            &info->modelist);