From mboxrd@z Thu Jan  1 00:00:00 1970
From: yezengruan <yezengruan@huawei.com>
Subject: [BUG REPORT] Panic with sys_imageblit on arm64
Date: Tue, 27 Nov 2018 07:14:33 +0000
Message-ID: <EA71F1939A4E2F4996635D61949EB5BB01BAF8B4@DGGEMI530-MBX.china.huawei.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1858970923=="
Return-path: <dri-devel-bounces@lists.freedesktop.org>
Received: from huawei.com (szxga01-in.huawei.com [45.249.212.187])
 by gabe.freedesktop.org (Postfix) with ESMTPS id A382289D40
 for <dri-devel@lists.freedesktop.org>; Tue, 27 Nov 2018 07:30:16 +0000 (UTC)
Content-Language: zh-CN
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/dri-devel>,
 <mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Errors-To: dri-devel-bounces@lists.freedesktop.org
Sender: "dri-devel" <dri-devel-bounces@lists.freedesktop.org>
To: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>, "dri-devel@lists.freedesktop.org" <dri-devel@lists.freedesktop.org>, "linux-fbdev@vger.kernel.org" <linux-fbdev@vger.kernel.org>, "b.zolnierkie@samsung.com" <b.zolnierkie@samsung.com>, "hdegoede@redhat.com" <hdegoede@redhat.com>, "daniel.vetter@ffwll.ch" <daniel.vetter@ffwll.ch>, "gustavo@padovan.org" <gustavo@padovan.org>, "maarten.lankhorst@linux.intel.com" <maarten.lankhorst@linux.intel.com>, "sean@poorly.run" <sean@poorly.run>, "airlied@linux.ie" <airlied@linux.ie>, "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>, "nicolas.pitre@linaro.org" <nicolas.pitre@linaro.org>, "kilobyte@angband.pl" <kilobyte@angband.pl>
Cc: "Wanghaibin (D)" <wanghaibin.wang@huawei.com>
List-Id: dri-devel@lists.freedesktop.org

--===============1858970923==
Content-Language: zh-CN
Content-Type: multipart/alternative;
	boundary="_000_EA71F1939A4E2F4996635D61949EB5BB01BAF8B4DGGEMI530MBXchi_"

--_000_EA71F1939A4E2F4996635D61949EB5BB01BAF8B4DGGEMI530MBXchi_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi all,

When I run linux-4.19.2 on arm64, I got panic in sys_imageblit. My test ste=
ps are as fllows:
1) Remote login using BMC;
2) Enter a bunch of 'Enter' keys;
3) Execute the 'top' command and continuously press shift + page up several=
 times.

This gives the following panic on the serial console:

[47229.923256] Unable to handle kernel paging request at virtual address ff=
ff00002f0bc010
[47229.923258] Mem abort info:
[47229.923259]   ESR =3D 0x96000047
[47229.923261]   Exception class =3D DABT (current EL), IL =3D 32 bits
[47229.923262]   SET =3D 0, FnV =3D 0
[47229.923263]   EA =3D 0, S1PTW =3D 0
[47229.923263] Data abort info:
[47229.923265]   ISV =3D 0, ISS =3D 0x00000047
[47229.923265]   CM =3D 0, WnR =3D 1
[47229.923269] swapper pgtable: 4k pages, 48-bit VAs, pgdp =3D 00000000ea9a=
862f
[47229.923270] [ffff00002f0bc010] pgd=3D000000dffbffe803, pud=3D000000dffbf=
fd803, pmd=3D000000bf758ee003, pte=3D0000000000000000
[47229.923279] Internal error: Oops: 96000047 [#1] SMP
[47229.923285] CPU: 45 PID: 16061 Comm: top Kdump: loaded Tainted: G       =
    OE     4.19.2-1.1.23.aarch64 #1
[47229.923286] Hardware name: Huawei Taishan 2280 /BC11SPCD, BIOS 1.46 03/2=
9/2018
[47229.923288] pstate: 80000005 (Nzcv daif -PAN -UAO)
[47229.923295] pc : sys_imageblit+0x414/0x1000 [sysimgblt]
[47229.923317] lr : drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper]
[47229.923318] sp : ffff00002f6d3820
[47229.923319] x29: ffff00002f6d3820 x28: 00000000000000ff
[47229.923322] x27: 0000000000000010 x26: 0000000000000001
[47229.923325] x25: 0000000000000118 x24: 0000000000000008
[47229.923327] x23: ffff805f771db800 x22: 0000000000000000
[47229.923330] x21: ffff00002f6d3958 x20: ffff00002f0bc010
[47229.923332] x19: 0000000000000000 x18: 0000000000000000
[47229.923335] x17: 0000000000000000 x16: 0000000000000000
[47229.923337] x15: 0000000000000000 x14: 2020202020202020
[47229.923339] x13: 2020202064686374 x12: ffff805f77927360
[47229.923342] x11: ffff000000f54078 x10: 0000000000000023
[47229.923344] x9 : 000000000000000f x8 : 0000000000000003
[47229.923346] x7 : 000000000000008c x6 : 0000000000000002
[47229.923349] x5 : 0000000000000000 x4 : 00000000ad55ad55
[47229.923352] x3 : ffff805f77927360 x2 : 0000000000000000
[47229.923354] x1 : 0000000000000006 x0 : 0000000000000000
[47229.923357] Process top (pid: 16061, stack limit =3D 0x00000000d490d156)
[47229.923359] Call trace:
[47229.923363]  sys_imageblit+0x414/0x1000 [sysimgblt]
[47229.923373]  drm_fb_helper_sys_imageblit+0x28/0x50 [drm_kms_helper]
[47229.923387]  bit_putcs+0x29c/0x4a0
[47229.923391]  fbcon_putcs+0x110/0x148
[47229.923397]  do_update_region+0x138/0x1d8
[47229.923399]  do_con_trol+0xb44/0x13e0
[47229.923400]  do_con_write.part.29+0x1d0/0x8f0
[47229.923402]  con_write+0x70/0x78
[47229.923405]  n_tty_write+0x1a8/0x428
[47229.923407]  tty_write+0x1bc/0x2f0
[47229.923412]  __vfs_write+0x60/0x1a8
[47229.923414]  vfs_write+0xb0/0x1a8
[47229.923416]  ksys_write+0x6c/0xd8
[47229.923418]  __arm64_sys_write+0x28/0x38
[47229.923424]  el0_svc_common+0xb8/0x118
[47229.923426]  el0_svc_handler+0x38/0x88
[47229.923429]  el0_svc+0x8/0xc
[47229.923431] Code: 0a080000 b8605960 0a000080 4a050000 (b8227a80)
[47229.923436] [kbox] die event detected

I followed the same test steps and found the same problem in the linux-4.20=
.0-rc3.
In the test I found that if the variable bitstart in function sys_imageblit=
 is greater than variable p->screen_size - 1, the kernel will panic.
The following patch seems to work fine in my test:

diff --git a/drivers/video/fbdev/core/sysimgblt.c b/drivers/video/fbdev/cor=
e/sysimgblt.c
index a4d05b1..b316404 100644
--- a/drivers/video/fbdev/core/sysimgblt.c
+++ b/drivers/video/fbdev/core/sysimgblt.c
@@ -254,6 +254,9 @@ void sys_imageblit(struct fb_info *p, const struct fb_i=
mage *image)
        bitstart /=3D 8;
        bitstart &=3D ~(bpl - 1);
+ if (p->screen_size - 1 < bitstart)
+         return;
+
        dst1 =3D (void __force *)p->screen_base + bitstart;
        if (p->fbops->fb_sync)

So please CC me directly on any reply.

Many thanks,

Zengruan.


--_000_EA71F1939A4E2F4996635D61949EB5BB01BAF8B4DGGEMI530MBXchi_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:SimSun;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:"Arial Unicode MS";
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:SimSun;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:"Microsoft YaHei";
	panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
	{font-family:"Microsoft YaHei";
	panose-1:2 11 5 3 2 2 4 2 2 4;}
@font-face
	{font-family:"\@Arial Unicode MS";
	panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
	{font-family:Consolas;
	panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	margin-bottom:.0001pt;
	text-align:justify;
	text-justify:inter-ideograph;
	font-size:10.5pt;
	font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Arial Unicode MS",sans-serif;
	color:#1F4E79;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-family:"Calibri",sans-serif;}
/* Page Definitions */
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"ZH-CN" link=3D"#0563C1" vlink=3D"#954F72" style=3D"text-justi=
fy-trim:punctuation">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">Hi all,<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">When I run li=
nux-4.19.2 on arm64, I got panic in sys_imageblit. My test steps are as fll=
ows:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">1) Remote log=
in using BMC;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">2) Enter a bu=
nch of 'Enter' keys;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">3) Execute th=
e 'top' command and continuously press shift &#43; page up several times.<o=
:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">This gives th=
e following panic on the serial console:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923256] Unable to handle kernel pagin=
g request at virtual address ffff00002f0bc010<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923258] Mem abort info:<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923259]&nbsp;&nbsp; ESR =3D 0x9600004=
7<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923261]&nbsp;&nbsp; Exception class =
=3D DABT (current EL), IL =3D 32 bits<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923262]&nbsp;&nbsp; SET =3D 0, FnV =
=3D 0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923263]&nbsp;&nbsp; EA =3D 0, S1PTW =
=3D 0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923263] Data abort info:<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923265]&nbsp;&nbsp; ISV =3D 0, ISS =
=3D 0x00000047<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923265]&nbsp;&nbsp; CM =3D 0, WnR =3D=
 1<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923269] swapper pgtable: 4k pages, 48=
-bit VAs, pgdp =3D 00000000ea9a862f<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923270] [ffff00002f0bc010] pgd=3D0000=
00dffbffe803, pud=3D000000dffbffd803, pmd=3D000000bf758ee003, pte=3D0000000=
000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923279] Internal error: Oops: 9600004=
7 [#1] SMP<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923285] CPU: 45 PID: 16061 Comm: top =
Kdump: loaded Tainted: G&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; OE&nbsp;&nbsp;&nbsp;&nbsp; 4.19.2-1.1.23.aarch64 #1<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923286] Hardware name: Huawei Taishan=
 2280 /BC11SPCD, BIOS 1.46 03/29/2018<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923288] pstate: 80000005 (Nzcv daif -=
PAN -UAO)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923295] pc : sys_imageblit&#43;0x414/=
0x1000 [sysimgblt]<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923317] lr : drm_fb_helper_sys_imageb=
lit&#43;0x28/0x50 [drm_kms_helper]<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923318] sp : ffff00002f6d3820<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923319] x29: ffff00002f6d3820 x28: 00=
000000000000ff<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923322] x27: 0000000000000010 x26: 00=
00000000000001<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923325] x25: 0000000000000118 x24: 00=
00000000000008<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923327] x23: ffff805f771db800 x22: 00=
00000000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923330] x21: ffff00002f6d3958 x20: ff=
ff00002f0bc010<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923332] x19: 0000000000000000 x18: 00=
00000000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923335] x17: 0000000000000000 x16: 00=
00000000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923337] x15: 0000000000000000 x14: 20=
20202020202020<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923339] x13: 2020202064686374 x12: ff=
ff805f77927360<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923342] x11: ffff000000f54078 x10: 00=
00000000000023<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923344] x9 : 000000000000000f x8 : 00=
00000000000003<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923346] x7 : 000000000000008c x6 : 00=
00000000000002<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923349] x5 : 0000000000000000 x4 : 00=
000000ad55ad55<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923352] x3 : ffff805f77927360 x2 : 00=
00000000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923354] x1 : 0000000000000006 x0 : 00=
00000000000000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923357] Process top (pid: 16061, stac=
k limit =3D 0x00000000d490d156)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923359] Call trace:<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923363]&nbsp; sys_imageblit&#43;0x414=
/0x1000 [sysimgblt]<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923373]&nbsp; drm_fb_helper_sys_image=
blit&#43;0x28/0x50 [drm_kms_helper]<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923387]&nbsp; bit_putcs&#43;0x29c/0x4=
a0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923391]&nbsp; fbcon_putcs&#43;0x110/0=
x148<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923397]&nbsp; do_update_region&#43;0x=
138/0x1d8<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923399]&nbsp; do_con_trol&#43;0xb44/0=
x13e0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923400]&nbsp; do_con_write.part.29&#4=
3;0x1d0/0x8f0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923402]&nbsp; con_write&#43;0x70/0x78=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923405]&nbsp; n_tty_write&#43;0x1a8/0=
x428<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923407]&nbsp; tty_write&#43;0x1bc/0x2=
f0<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923412]&nbsp; __vfs_write&#43;0x60/0x=
1a8<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923414]&nbsp; vfs_write&#43;0xb0/0x1a=
8<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923416]&nbsp; ksys_write&#43;0x6c/0xd=
8<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923418]&nbsp; __arm64_sys_write&#43;0=
x28/0x38<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923424]&nbsp; el0_svc_common&#43;0xb8=
/0x118<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923426]&nbsp; el0_svc_handler&#43;0x3=
8/0x88<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923429]&nbsp; el0_svc&#43;0x8/0xc<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923431] Code: 0a080000 b8605960 0a000=
080 4a050000 (b8227a80)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">[47229.923436] [kbox] die event detected<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">I followed th=
e same test steps and found the same problem in the linux-4.20.0-rc3.<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">In the test I=
 found that if the variable bitstart in function sys_imageblit is greater t=
han variable p-&gt;screen_size - 1, the kernel will
 panic.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">The following=
 patch seems to work fine in my test:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">diff --git a/drivers/video/fbdev/core/sysimg=
blt.c b/drivers/video/fbdev/core/sysimgblt.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">index a4d05b1..b316404 100644<o:p></o:p></sp=
an></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">--- a/drivers/video/fbdev/core/sysimgblt.c<o=
:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&#43;&#43;&#43; b/drivers/video/fbdev/core/s=
ysimgblt.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">@@ -254,6 &#43;254,9 @@ void sys_imageblit(s=
truct fb_info *p, const struct fb_image *image)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;bitstart /=3D 8;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; b=
itstart &amp;=3D ~(bpl - 1);<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&#43; if (p-&gt;screen_size - 1 &lt; bitstar=
t)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&#43;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp; return;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&#43;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; d=
st1 =3D (void __force *)p-&gt;screen_base &#43; bitstart;<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:Consolas;color:#1F4E79">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;if (p-&gt;fbops-&gt;fb_sync)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">So please CC =
me directly on any reply.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">Many thanks,<=
o:p></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79"><o:p>&nbsp;</=
o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US" style=3D"font-size:12.0pt;font-=
family:&quot;Arial Unicode MS&quot;,sans-serif;color:#1F4E79">Zengruan.<o:p=
></o:p></span></p>
<p class=3D"MsoNormal"><span lang=3D"EN-US"><o:p>&nbsp;</o:p></span></p>
</div>
</body>
</html>

--_000_EA71F1939A4E2F4996635D61949EB5BB01BAF8B4DGGEMI530MBXchi_--

--===============1858970923==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZHJpLWRldmVs
IG1haWxpbmcgbGlzdApkcmktZGV2ZWxAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlz
dHMuZnJlZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vZHJpLWRldmVsCg==

--===============1858970923==--