Commit 615cc422 authored Jun 17, 2025 by Thomas Zimmermann

drm/vesadrm: Avoid NULL-ptr deref in vesadrm_pmi_cmap_write()



Only set PMI fields if the screen_info's Vesa PM segment has been
set. Vesa PMI is the power-management interface. It also provides
means to set the color palette. The interface is optional, so not
all VESA graphics cards support it. Print vesafb's warning [1] if
the hardware palette cannot be set at all.

If unsupported the field PrimaryPalette in struct vesadrm.pmi is
NULL, which results in a segmentation fault. Happens with qemu's
Cirrus emulation.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
Fixes: 814d270b ("drm/sysfb: vesadrm: Add gamma correction")
Link: https://elixir.bootlin.com/linux/v6.15/source/drivers/video/fbdev/vesafb.c#L375

 # 1
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: Javier Martinez Canillas <javierm@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Acked-by: Javier Martinez Canillas <javierm@redhat.com>
Link: https://lore.kernel.org/r/20250617140944.142392-1-tzimmermann@suse.de

parent f6faebc1

drivers/gpu/drm/sysfb/vesadrm.c

+9 −4

Original line number	Diff line number	Diff line
		@@ -362,14 +362,19 @@ static struct vesadrm_device vesadrm_device_create(struct drm_driver drv,

		if (!__screen_info_vbe_mode_nonvga(si)) {
		vesa->cmap_write = vesadrm_vga_cmap_write;
		#if defined(CONFIG_X86_32)
		} else {
		#if defined(CONFIG_X86_32)
		phys_addr_t pmi_base = __screen_info_vesapm_info_base(si);

		if (pmi_base) {
		const u16 *pmi_addr = phys_to_virt(pmi_base);

		vesa->pmi.PrimaryPalette = (u8 *)pmi_addr + pmi_addr[2];
		vesa->cmap_write = vesadrm_pmi_cmap_write;
		} else
		#endif
		if (format->is_color_indexed)
		drm_warn(dev, "hardware palette is unchangeable, colors may be incorrect\n");
		}

		#ifdef CONFIG_X86