After 02f0777a0d6560eb995aade34a1b82f95c0452da "vc_origin" is no
longer reset to the screen buffer before calling the con_init() hook
of the new console driver.
If the old driver wasn't using a fixed scanout buffer (e.g. the case
of vgacon) "vc_origin" may be a pointer to a VRAM location, and its
contents aren't guaranteed to be preserved after calling con_deinit()
on the old driver and con_init() on the new driver, i.e. the
subsequent console resize may fill the framebuffer with garbage.
It can be reproduced in the transition from vgacon to the nouveau
framebuffer driver: in that case the legacy VGA aperture "vc_origin"
points to becomes unreadable after fbcon_init().
This patch reverts the mentioned commit. To avoid the problem it
intended to fix, stop using "vc_scr_end" in vc_do_resize() to
calculate how many rows we have to copy (actually the code looks
simpler this way without the help of "vc_scr_end").
Signed-off-by: Francisco Jerez <[email protected]>
Cc: qiaochong <[email protected]>
Cc: Greg Kroah-Hartman <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Alan Cox <[email protected]>
---
drivers/char/vt.c | 15 ++++-----------
1 files changed, 4 insertions(+), 11 deletions(-)
diff --git a/drivers/char/vt.c b/drivers/char/vt.c
index c734f9b..62bd073 100644
--- a/drivers/char/vt.c
+++ b/drivers/char/vt.c
@@ -905,22 +905,16 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
* bottom of buffer
*/
old_origin += (old_rows - new_rows) * old_row_size;
- end = vc->vc_scr_end;
} else {
/*
* Cursor is in no man's land, copy 1/2 screenful
* from the top and bottom of cursor position
*/
old_origin += (vc->vc_y - new_rows/2) * old_row_size;
- end = old_origin + (old_row_size * new_rows);
}
- } else
- /*
- * Cursor near the top, copy contents from the top of buffer
- */
- end = (old_rows > new_rows) ? old_origin +
- (old_row_size * new_rows) :
- vc->vc_scr_end;
+ }
+
+ end = old_origin + old_row_size * min(old_rows, new_rows);
update_attr(vc);
@@ -3074,8 +3068,7 @@ static int bind_con_driver(const struct consw *csw, int first, int last,
old_was_color = vc->vc_can_do_color;
vc->vc_sw->con_deinit(vc);
- if (!vc->vc_origin)
- vc->vc_origin = (unsigned long)vc->vc_screenbuf;
+ vc->vc_origin = (unsigned long)vc->vc_screenbuf;
visual_init(vc, i, 0);
set_origin(vc);
update_attr(vc);
--
1.6.4.4
Yes,I have tested this patch,it can work and also fix the bug
02f0777a0d6560eb995aade34a1b82f95c0452da mentioned.
Francisco Jerez д??:
> After 02f0777a0d6560eb995aade34a1b82f95c0452da "vc_origin" is no
> longer reset to the screen buffer before calling the con_init() hook
> of the new console driver.
>
> If the old driver wasn't using a fixed scanout buffer (e.g. the case
> of vgacon) "vc_origin" may be a pointer to a VRAM location, and its
> contents aren't guaranteed to be preserved after calling con_deinit()
> on the old driver and con_init() on the new driver, i.e. the
> subsequent console resize may fill the framebuffer with garbage.
>
> It can be reproduced in the transition from vgacon to the nouveau
> framebuffer driver: in that case the legacy VGA aperture "vc_origin"
> points to becomes unreadable after fbcon_init().
>
> This patch reverts the mentioned commit. To avoid the problem it
> intended to fix, stop using "vc_scr_end" in vc_do_resize() to
> calculate how many rows we have to copy (actually the code looks
> simpler this way without the help of "vc_scr_end").
>
> Signed-off-by: Francisco Jerez <[email protected]>
> Cc: qiaochong <[email protected]>
> Cc: Greg Kroah-Hartman <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: Alan Cox <[email protected]>
> ---
> drivers/char/vt.c | 15 ++++-----------
> 1 files changed, 4 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/char/vt.c b/drivers/char/vt.c
> index c734f9b..62bd073 100644
> --- a/drivers/char/vt.c
> +++ b/drivers/char/vt.c
> @@ -905,22 +905,16 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
> * bottom of buffer
> */
> old_origin += (old_rows - new_rows) * old_row_size;
> - end = vc->vc_scr_end;
> } else {
> /*
> * Cursor is in no man's land, copy 1/2 screenful
> * from the top and bottom of cursor position
> */
> old_origin += (vc->vc_y - new_rows/2) * old_row_size;
> - end = old_origin + (old_row_size * new_rows);
> }
> - } else
> - /*
> - * Cursor near the top, copy contents from the top of buffer
> - */
> - end = (old_rows > new_rows) ? old_origin +
> - (old_row_size * new_rows) :
> - vc->vc_scr_end;
> + }
> +
> + end = old_origin + old_row_size * min(old_rows, new_rows);
>
> update_attr(vc);
>
> @@ -3074,8 +3068,7 @@ static int bind_con_driver(const struct consw *csw, int first, int last,
>
> old_was_color = vc->vc_can_do_color;
> vc->vc_sw->con_deinit(vc);
> - if (!vc->vc_origin)
> - vc->vc_origin = (unsigned long)vc->vc_screenbuf;
> + vc->vc_origin = (unsigned long)vc->vc_screenbuf;
> visual_init(vc, i, 0);
> set_origin(vc);
> update_attr(vc);
>