video/logo: prevent use of logos after they have been freed

If the probe of an fb driver has been deferred due to missing dependencies, and the probe is later ran when a module is loaded, the fbdev framework will try to find a logo to use. However, the logos are __initdata, and have already been freed. This causes sometimes page faults, if the logo memory is not mapped, sometimes other random crashes as the logo data is invalid, and sometimes nothing, if the fbdev decides to reject the logo (e.g. the random value depicting the logo's height is too big). This patch adds a late_initcall function to mark the logos as freed. In reality the logos are freed later, and fbdev probe may be ran between this late_initcall and the freeing of the logos. In that case we will miss drawing the logo, even if it would be possible. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Signed-off-by: Jyri Sarha <jsarha@ti.com>

video/logo: prevent use of logos after they have been freed
If the probe of an fb driver has been deferred due to missing dependencies, and the probe is later ran when a module is loaded, the fbdev framework will try to find a logo to use. However, the logos are __initdata, and have already been freed. This causes sometimes page faults, if the logo memory is not mapped, sometimes other random crashes as the logo data is invalid, and sometimes nothing, if the fbdev decides to reject the logo (e.g. the random value depicting the logo's height is too big). This patch adds a late_initcall function to mark the logos as freed. In reality the logos are freed later, and fbdev probe may be ran between this late_initcall and the freeing of the logos. In that case we will miss drawing the logo, even if it would be possible. Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com> Signed-off-by: Jyri Sarha <jsarha@ti.com>
Tomi Valkeinen · Jyri Sarha
1 parent 25832f71d1
Showing 1 changed file with 16 additions and 1 deletions Side-by-side Diff
drivers/video/logo/logo.c
@@ -21,6 +21,21 @@
 module_param(nologo, bool, 0);
 MODULE_PARM_DESC(nologo, "Disables startup logo");
  
+/*
+ * Logos are located in the initdata, and will be freed in kernel_init.
+ * Use late_init to mark the logos as freed to prevent any further use.
+ */
+
+static bool logos_freed;
+
+static int __init fb_logo_late_init(void)
+{
+	logos_freed = true;
+	return 0;
+}
+
+late_initcall(fb_logo_late_init);
+
 /* logo's are marked __initdata. Use __init_refok to tell
  * modpost that it is intended that this function uses data
  * marked __initdata.
@@ -29,7 +44,7 @@
 {
 	const struct linux_logo *logo = NULL;
  
-	if (nologo)
+	if (nologo || logos_freed)
 		return NULL;
  
 	if (depth >= 1) {
...	...	@@ -21,6 +21,21 @@
21	21	module_param(nologo, bool, 0);
22	22	MODULE_PARM_DESC(nologo, "Disables startup logo");
23	23
	24	+/*
	25	+ * Logos are located in the initdata, and will be freed in kernel_init.
	26	+ * Use late_init to mark the logos as freed to prevent any further use.
	27	+ */
	28	+
	29	+static bool logos_freed;
	30	+
	31	+static int __init fb_logo_late_init(void)
	32	+{
	33	+ logos_freed = true;
	34	+ return 0;
	35	+}
	36	+
	37	+late_initcall(fb_logo_late_init);
	38	+
24	39	/* logo's are marked __initdata. Use __init_refok to tell
25	40	* modpost that it is intended that this function uses data
26	41	* marked __initdata.
...	...	@@ -29,7 +44,7 @@
29	44	{
30	45	const struct linux_logo *logo = NULL;
31	46
32		- if (nologo)
	47	+ if (nologo \|\| logos_freed)
33	48	return NULL;
34	49
35	50	if (depth >= 1) {