projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 622e261)
MLK-16597: hdmi: Fix kernel dump issue
authorSandor Yu <Sandor.yu@nxp.com>
Tue, 17 Oct 2017 11:13:23 +0000 (19:13 +0800)
committerLeonard Crestez <leonard.crestez@nxp.com>
Wed, 17 Apr 2019 23:51:34 +0000 (02:51 +0300)
Kernel will dump when CONFIG_CC_STACKPROTECTOR_STRONG is enable.

[    2.675537] CDN_API_HDMITX_Set_Mode_blocking ret = 0
[    2.675550] Kernel panic - not syncing: stack-protector: Kernel stack
is corrupted in: ffff000008ad5a50
[    2.675550]
[    2.675557] CPU: 2 PID: 1553 Comm: kworker/2:2 Not tainted
4.9.56-641868-gead64f8 #12
[    2.675559] Hardware name: Freescale i.MX8MQ EVK (DT)
[    2.675576] Workqueue: events deferred_probe_work_func
[    2.675578] Call trace:
[    2.675587] [<ffff00000808974c>] dump_backtrace+0x0/0x1d0
[    2.675594] [<ffff000008089930>] show_stack+0x14/0x1c
[    2.675602] [<ffff000008401650>] dump_stack+0x8c/0xac
[    2.675609] [<ffff0000081b0b24>] panic+0x13c/0x2a8
[    2.675617] [<ffff0000080c5ec4>] print_tainted+0x0/0xa4
[    2.675624] [<ffff000008ad5a50>] Afe_write+0x0/0x50
[    2.675632] [<ffff00000849aff0>] hdmi_init.constprop.3+0x188/0x1d0
[    2.675638] [<ffff00000849b264>] imx_hdmi_probe+0x22c/0x2ac
[    2.675645] [<ffff0000086d543c>] platform_drv_probe+0x50/0xc8
[    2.675650] [<ffff0000086d3530>] driver_probe_device+0x218/0x2b8
[    2.675655] [<ffff0000086d3710>] __device_attach_driver+0x98/0xe8
[    2.675660] [<ffff0000086d126c>] bus_for_each_drv+0x60/0xb0
[    2.675665] [<ffff0000086d31bc>] __device_attach+0xd4/0x128
[    2.675669] [<ffff0000086d38f8>] device_initial_probe+0x10/0x18
[    2.675674] [<ffff0000086d275c>] bus_probe_device+0x90/0x98
[    2.675679] [<ffff0000086d2bf0>] deferred_probe_work_func+0x7c/0xb0
[    2.675685] [<ffff0000080e1580>] process_one_work+0x144/0x434
[    2.675690] [<ffff0000080e1ec4>] worker_thread+0x200/0x4a4
[    2.675696] [<ffff0000080e81f0>] kthread+0xf0/0x104
[    2.675701] [<ffff000008082e80>] ret_from_fork+0x10/0x50

It is cause by array variable access exceed.
Fixed it with correct array size.

Signed-off-by: Sandor Yu <Sandor.yu@nxp.com>
drivers/mxc/hdp/API_AVI.c patch | blob | history

diff --git a/drivers/mxc/hdp/API_AVI.c b/drivers/mxc/hdp/API_AVI.c
index bc2c208..eceb9e1 100644 (file)
--- a/drivers/mxc/hdp/API_AVI.c
+++ b/drivers/mxc/hdp/API_AVI.c
@@ -69,8 +69,8 @@ CDN_API_STATUS CDN_API_Set_AVI(state_struct *state, VIC_MODES vicMode,
        u32 packet_R = 0;
        u32 packet_VIC = 0;
        u32 packet_PR = 0;
-       u32 packet_buf[18 / sizeof(u32)];
-       u8 *packet = (u8 *) &packet_buf[0];
+       u8 packet[32];
+       u8 len = sizeof(packet)/sizeof(u32);
        u32 packet_HB0 = 0;
        u32 packet_HB1 = 0;
        u32 packet_HB2 = 0;
@@ -181,7 +181,7 @@ CDN_API_STATUS CDN_API_Set_AVI(state_struct *state, VIC_MODES vicMode,
        packet[16] = packet_PB12;
        packet[17] = packet_PB13;
 
-       CDN_API_InfoframeSet(state, 0, packet_len, &packet_buf[0], packet_type);
+       CDN_API_InfoframeSet(state, 0, len, (u32 *)&packet[0], packet_type);
 
        return CDN_OK;
 }