[PATCH 0/2] kernel will die on some platform when switch from vga mode to framebuffer mode
in [Kernel]
|
Prev: [PATCH] ASoC: Remove unused header
Next: [PATCH][GIT PULL][v2.6.35] perf/tracing: Fix regression of perf losing kprobe events
From: qiaochong on 10 Jun 2010 20:30 I found this bug on 2.6.27. The bug still exist on kernel above 2.6.27. I test patch "fix vc->vc_origin on take_over_console" on 2.6.27 on loongson development board,which use sis V2 graphic card. all patches can be applied on from 2.6.33 to 2.6.35-rc2. detail description as bellow: https://bugzilla.kernel.org/show_bug.cgi?id=16155 There is a bug on framebufer and vt,kernel will die on some platform when switch from vga mode to framebuffer mode. The reason of this bug is that bind_con_driver reset vc->vc_origin to (unsigned long)vc->vc_screenbuf. 1.The description bellow is my test on mips platform. On this platform vga memory is at 0xb00b8000 (0xb0000000 is pci memory 0)��kernel memory is from 0x80000000~0x8fffffff. on include/asm-mips/vga.h #define VGA_MAP_MEM(x, s) (0xffffffffb0000000L + (unsigned long)(x)) on drivers/video/console/vgacon.c static const char *vgacon_startup(void) { .... vga_vram_base = VGA_MAP_MEM(vga_vram_base, vga_vram_size); vga_vram_end = vga_vram_base + vga_vram_size; .... } Here vga_vram_base will be 0xb00b8000. static int vgacon_set_origin(struct vc_data *c) { if (vga_is_gfx || /* We don't play origin tricks in graphic modes */ (console_blanked && !vga_palette_blanked)) /* Nor we write to blanked screens */ return 0; /*---------here set vc_origin,which is not releated to vc->vc_screenbuf here. ---------*/ c->vc_origin = c->vc_visible_origin = vga_vram_base; vga_set_mem_top(c); vga_rolled_over = 0; return 1; } Here vc_origin will be 0xb00b8000. ../drivers/char/vt.c static void set_origin(struct vc_data *vc) { WARN_CONSOLE_UNLOCKED(); if (!CON_IS_VISIBLE(vc) || !vc->vc_sw->con_set_origin || !vc->vc_sw->con_set_origin(vc)) vc->vc_origin = (unsigned long)vc->vc_screenbuf; vc->vc_visible_origin = vc->vc_origin; /*---------here set vc_src_end ---------*/ vc->vc_scr_end = vc->vc_origin + vc->vc_screenbuf_size; vc->vc_pos = vc->vc_origin + vc->vc_size_row * vc->vc_y + 2 * vc->vc_x; } Here vc.vc_scr_end will be 0xb00b8fa0. So before framebuffer take over console,vc=0x81081340 vc.vc_origin=0xb00b8000,vc.vc_scr_end=0xb00b8fa0. When kernel boot,framebuffer take over vga's console: backtrace like this: [<80430640>] vc_do_resize+0x2d4/0x4e4 [<80430874>] vc_resize+0x24/0x3c [<804413ac>] fbcon_init+0x358/0x4d8 [<80430148>] visual_init+0x198/0x224 bind_con_driver [<80432fa4>] take_over_console+0x508/0x6e8 [<80440400>] fbcon_takeover+0x88/0xf4 [<80446bac>] fbcon_event_notify+0x46c/0x99c [<8025f060>] notifier_call_chain+0x64/0xbc [<8025f3f4>] __blocking_notifier_call_chain+0x5c/0x98 [<8025f444>] blocking_notifier_call_chain+0x14/0x2c [<80439eec>] register_framebuffer+0x1e8/0x218 [<8020ff1c>] sisfb_probe+0x2140/0x224c [<80414a00>] pci_device_probe+0x70/0xb4 [<80483874>] driver_probe_device+0x174/0x2b0 [<80483aa4>] __driver_attach+0x54/0x98 [<804824a8>] bus_for_each_dev+0x60/0xb0 [<80482df4>] bus_add_driver+0xc8/0x280 [<8048409c>] driver_register+0xb4/0x178 [<80414728>] __pci_register_driver+0x58/0xb8 [<8070e460>] sisfb_init+0x89c/0x8e4 [<80219350>] __kprobes_text_end+0x68/0x1c4 [<806f8c0c>] kernel_init+0xa8/0x134 [<8021b9e4>] kernel_thread_helper+0x1c/0x24 static int bind_con_driver(const struct consw *csw, int first, int last, int deflt) { .... /* notice that here change vc_origin to vc_screenbuf,wrong! */ vc->vc_origin = (unsigned long)vc->vc_screenbuf; visual_init(vc, i, 0); .... } for vgacon in my test: vc=0x81081340 origin=0xb00b8000,end=0xb00b8fa0 after here change to vc=0x81081340,origin=0x810814a0,end=0xb00b8fa0 then go to see vc_do_resize,visual_init will call it. static int vc_do_resize(struct tty_struct *tty, struct tty_struct *real_tty, struct vc_data *vc, unsigned int cols, unsigned int lines) { unsigned long old_origin, new_origin, new_scr_end, rlth, rrem, err = 0; unsigned int old_cols, old_rows, old_row_size, old_screen_size; unsigned int new_cols, new_rows, new_row_size, new_screen_size; unsigned int end, user; .... end = (old_rows > new_rows) ? old_origin + (old_row_size * new_rows) : vc->vc_scr_end; .... /* here for vgacon: old_origin=810814a0,end=b00b8fa0,vc->vc_origin=810814a0 the code bellow will copy memory from 0x810814a0 to 0xb00b8fa0, this will cover kernel code,kernel died here. */ while (old_origin < end) { scr_memcpyw((unsigned short *) new_origin, (unsigned short *) old_origin, rlth); if (rrem) scr_memsetw((void *)(new_origin + rlth), vc->vc_video_erase_char, rrem); old_origin += old_row_size; new_origin += new_row_size; } .... } the code bellow will above copy memory from 0x810814a0 to 0xb00b8fa0,this will cover kernel code,kernel died here. The test I have done is on mips 32bit kernel. On 64bit kernel,kernel will run well. When I look close at the code,I found that variable end is defined as integer,but old_origin is unsigned long. On 64bit kernel long is 64bit,int is 32bit,so old_origin is large than end,so kernel jump over the dead code. So I say: 2.The kernel code may be not very clean, In function vc_do_resize,old_origin, new_origin, new_scr_end is unsigned long type,but end is int type. According include/linux/console_struct.h,they all should be unsigned long. struct vc_data { unsigned short vc_num; /* Console number */ unsigned int vc_cols; /* [#] Console size */ unsigned int vc_rows; unsigned int vc_size_row; /* Bytes per row */ unsigned int vc_scan_lines; /* # of scan lines */ unsigned long vc_origin; /* [!] Start of real screen */ unsigned long vc_scr_end; /* [!] End of real screen */ unsigned long vc_visible_origin; /* [!] Top of visible window */ unsigned int vc_top, vc_bottom; /* Scrolling region */ const struct consw *vc_sw; unsigned short *vc_screenbuf; .... } That's all. qiaochong (2): fix vc->vc_origin on take_over_console. Variable end on vc_do_resize should be unsigned long. drivers/char/vt.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |