linux/drivers
Wang YanQing ec0d22e4d5 video:uvesafb: Fix oops that uvesafb try to execute NX-protected page
This patch fixes the oops below

[   81.560602] uvesafb: NVIDIA Corporation, GT216 Board - 0696a290, Chip Rev   , OEM: NVIDIA, VBE v3.0
[   81.609384] uvesafb: protected mode interface info at c000:d350
[   81.609388] uvesafb: pmi: set display start = c00cd3b3, set palette = c00cd40e
[   81.609390] uvesafb: pmi: ports = 3b4 3b5 3ba 3c0 3c1 3c4 3c5 3c6 3c7 3c8 3c9 3cc 3ce 3cf 3d0 3d1 3d2 3d3 3d4 3d5 3da
[   81.614558] uvesafb: VBIOS/hardware doesn't support DDC transfers
[   81.614562] uvesafb: no monitor limits have been set, default refresh rate will be used
[   81.614994] uvesafb: scrolling: ypan using protected mode interface, yres_virtual=4915
[   81.744147] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[   81.744153] BUG: unable to handle kernel paging request at c00cd3b3
[   81.744159] IP: [<c00cd3b3>] 0xc00cd3b2
[   81.744167] *pdpt = 00000000016d6001 *pde = 0000000001c7b067 *pte = 80000000000cd163
[   81.744171] Oops: 0011 [#1] SMP
[   81.744174] Modules linked in: uvesafb(+) cfbcopyarea cfbimgblt cfbfillrect
[   81.744178]
[   81.744181] Pid: 3497, comm: modprobe Not tainted 3.3.0-rc4NX+ #71 Acer            Aspire 4741                    /Aspire 4741
[   81.744185] EIP: 0060:[<c00cd3b3>] EFLAGS: 00010246 CPU: 0
[   81.744187] EIP is at 0xc00cd3b3
[   81.744189] EAX: 00004f07 EBX: 00000000 ECX: 00000000 EDX: 00000000
[   81.744191] ESI: f763f000 EDI: f763f6e8 EBP: f57f3a0c ESP: f57f3a00
[   81.744192]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[   81.744195] Process modprobe (pid: 3497, ti=f57f2000 task=f748c600 task.ti=f57f2000)
[   81.744196] Stack:
[   81.744197]  f82512c5 f759341c 00000000 f57f3a30 c124a9bc 00000001 00000001 000001e0
[   81.744202]  f8251280 f763f000 f7593400 00000000 f57f3a40 c12598dd f5c0c000 00000000
[   81.744206]  f57f3b10 c1255efe c125a21a 00000006 f763f09c 00000000 c1c6cb60 f7593400
[   81.744210] Call Trace:
[   81.744215]  [<f82512c5>] ? uvesafb_pan_display+0x45/0x60 [uvesafb]
[   81.744222]  [<c124a9bc>] fb_pan_display+0x10c/0x160
[   81.744226]  [<f8251280>] ? uvesafb_vbe_find_mode+0x180/0x180 [uvesafb]
[   81.744230]  [<c12598dd>] bit_update_start+0x1d/0x50
[   81.744232]  [<c1255efe>] fbcon_switch+0x39e/0x550
[   81.744235]  [<c125a21a>] ? bit_cursor+0x4ea/0x560
[   81.744240]  [<c129b6cb>] redraw_screen+0x12b/0x220
[   81.744245]  [<c128843b>] ? tty_do_resize+0x3b/0xc0
[   81.744247]  [<c129ef42>] vc_do_resize+0x3d2/0x3e0
[   81.744250]  [<c129efb4>] vc_resize+0x14/0x20
[   81.744253]  [<c12586bd>] fbcon_init+0x29d/0x500
[   81.744255]  [<c12984c4>] ? set_inverse_trans_unicode+0xe4/0x110
[   81.744258]  [<c129b378>] visual_init+0xb8/0x150
[   81.744261]  [<c129c16c>] bind_con_driver+0x16c/0x360
[   81.744264]  [<c129b47e>] ? register_con_driver+0x6e/0x190
[   81.744267]  [<c129c3a1>] take_over_console+0x41/0x50
[   81.744269]  [<c1257b7a>] fbcon_takeover+0x6a/0xd0
[   81.744272]  [<c12594b8>] fbcon_event_notify+0x758/0x790
[   81.744277]  [<c10929e2>] notifier_call_chain+0x42/0xb0
[   81.744280]  [<c1092d30>] __blocking_notifier_call_chain+0x60/0x90
[   81.744283]  [<c1092d7a>] blocking_notifier_call_chain+0x1a/0x20
[   81.744285]  [<c124a5a1>] fb_notifier_call_chain+0x11/0x20
[   81.744288]  [<c124b759>] register_framebuffer+0x1d9/0x2b0
[   81.744293]  [<c1061c73>] ? ioremap_wc+0x33/0x40
[   81.744298]  [<f82537c6>] uvesafb_probe+0xaba/0xc40 [uvesafb]
[   81.744302]  [<c12bb81f>] platform_drv_probe+0xf/0x20
[   81.744306]  [<c12ba558>] driver_probe_device+0x68/0x170
[   81.744309]  [<c12ba731>] __device_attach+0x41/0x50
[   81.744313]  [<c12b9088>] bus_for_each_drv+0x48/0x70
[   81.744316]  [<c12ba7f3>] device_attach+0x83/0xa0
[   81.744319]  [<c12ba6f0>] ? __driver_attach+0x90/0x90
[   81.744321]  [<c12b991f>] bus_probe_device+0x6f/0x90
[   81.744324]  [<c12b8a45>] device_add+0x5e5/0x680
[   81.744329]  [<c122a1a3>] ? kvasprintf+0x43/0x60
[   81.744332]  [<c121e6e4>] ? kobject_set_name_vargs+0x64/0x70
[   81.744335]  [<c121e6e4>] ? kobject_set_name_vargs+0x64/0x70
[   81.744339]  [<c12bbe9f>] platform_device_add+0xff/0x1b0
[   81.744343]  [<f8252906>] uvesafb_init+0x50/0x9b [uvesafb]
[   81.744346]  [<c100111f>] do_one_initcall+0x2f/0x170
[   81.744350]  [<f82528b6>] ? uvesafb_is_valid_mode+0x66/0x66 [uvesafb]
[   81.744355]  [<c10c6994>] sys_init_module+0xf4/0x1410
[   81.744359]  [<c1157fc0>] ? vfsmount_lock_local_unlock_cpu+0x30/0x30
[   81.744363]  [<c144cb10>] sysenter_do_call+0x12/0x36
[   81.744365] Code: f5 00 00 00 32 f6 66 8b da 66 d1 e3 66 ba d4 03 8a e3 b0 1c 66 ef b0 1e 66 ef 8a e7 b0 1d 66 ef b0 1f 66 ef e8 fa 00 00 00 61 c3 <60> e8 c8 00 00 00 66 8b f3 66 8b da 66 ba d4 03 b0 0c 8a e5 66
[   81.744388] EIP: [<c00cd3b3>] 0xc00cd3b3 SS:ESP 0068:f57f3a00
[   81.744391] CR2: 00000000c00cd3b3
[   81.744393] ---[ end trace 18b2c87c925b54d6 ]---

Signed-off-by: Wang YanQing <udknight@gmail.com>
Signed-off-by: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
Cc: stable@vger.kernel.org
2012-03-08 18:12:53 +00:00
..
accessibility
acpi ACPI: remove duplicated lines of merging problems with acpi_processor_add 2012-02-08 15:07:03 -08:00
amba
ata pata/at91: use newly introduced SMC accessors 2012-02-13 18:31:37 +01:00
atm drivers/atm/solos-pci.c: exchange pci_iounmaps 2012-02-19 18:57:51 -05:00
auxdisplay
base Fixes a bootstrapping issue for some registers when a less commonly used 2012-02-18 15:37:25 -08:00
bcma bcma: don't fail for bad SPROM CRC 2012-02-06 14:37:52 -05:00
block asm-generic: architecture independent readq/writeq for 32bit environment 2012-02-21 16:47:28 -08:00
bluetooth Bluetooth: btusb: Add vendor specific ID (0a5c 21f3) for BCM20702A0 2012-02-15 13:09:26 +02:00
cdrom cdrom: move shared static to cdrom_device_info 2012-02-08 20:03:14 +01:00
char agp: fix scratch page cleanup 2012-01-26 18:36:48 +00:00
clk
clocksource
connector
cpufreq
cpuidle cpuidle: Default y on powerpc pSeries 2012-02-22 16:48:51 +11:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2012-03-03 09:31:49 -08:00
dca
devfreq
dio
dma i.MX SDMA: Fix burstsize settings 2012-02-02 14:00:43 +05:30
edac asm-generic: architecture independent readq/writeq for 32bit environment 2012-02-21 16:47:28 -08:00
eisa
firewire firewire: ohci: disable MSI on Ricoh controllers 2012-01-30 21:33:34 +01:00
firmware
gpio gpio: Add missing spin_lock_init in gpio-ml-ioh driver 2012-02-01 21:59:37 -07:00
gpu drm/radeon/kms/vm: fix possible bug in radeon_vm_bo_rmv() 2012-02-29 17:47:57 +00:00
hid HID: wiimote: fix invalid power_supply_powers call 2012-02-07 13:40:56 +01:00
hv
hwmon hwmon: (f75375s) Catch some attempts to write to r/o registers 2012-03-02 12:02:23 -08:00
hwspinlock
i2c i2c: mxs: only flag completion when queue is completely done 2012-02-24 22:28:27 +01:00
ide ARM: at91: drop ide driver in favor of the pata one 2012-02-13 18:31:37 +01:00
idle ACPI processor hotplug: Delay acpi_processor_start() call for hotplugged cores 2012-01-19 21:26:32 -05:00
ieee802154
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-02-10 14:18:46 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2012-02-04 10:57:42 -08:00
iommu ARM: OMAP: make iommu subsys_initcall to fix builtin omap3isp 2012-02-27 14:18:42 +01:00
isdn isdn: type bug in isdn_net_header() 2012-02-09 15:41:29 -05:00
leds drivers/leds/leds-lm3530.c: fix setting pltfm->als_vmax 2012-02-08 19:03:51 -08:00
lguest
macintosh powerpc/adb: Use set_current_state() 2012-02-16 16:15:12 +11:00
mca
md Some simple md-related fixes. 2012-02-08 19:06:30 -08:00
media Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media 2012-02-24 12:32:51 -08:00
memstick
message
mfd Merge branch 'omap-fixes-warnings' of git://git.linaro.org/people/rmk/linux-arm 2012-02-13 14:16:07 -08:00
misc Minor char-misc fixes for 3.3-rc3 2012-02-09 13:51:13 -08:00
mmc mmc: dw_mmc: Fix PIO mode with support of highmem 2012-02-13 20:39:05 -05:00
mtd - Fix a regression in 16-bit Atmel NAND flash which was introduced in 3.1 2012-02-04 07:17:47 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-02-26 12:47:17 -08:00
nfc
nubus
of
oprofile
parisc [PARISC] include <linux/prefetch.h> in drivers/parisc/iommu-helpers.h 2012-02-27 09:44:15 -06:00
parport
pci Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci 2012-02-18 15:26:11 -08:00
pcmcia ARM: pxa: fix error handling in pxa2xx_drv_pcmcia_probe 2012-02-16 10:41:23 +08:00
pinctrl pinctrl: restore pin naming 2012-02-01 19:35:21 +01:00
platform asm-generic: architecture independent readq/writeq for 32bit environment 2012-02-21 16:47:28 -08:00
pnp
power lp8727_charger: Add terminating entry for i2c_device_id table 2012-02-01 21:34:26 +04:00
pps
ps3
ptp
rapidio
regulator regulator: fix the ldo configure according to 88pm860x spec 2012-02-24 14:56:32 +00:00
rtc ARM: at91:rtc/rtc-at91sam9: ioremap register bank 2012-02-13 18:31:36 +01:00
s390 compat: fix compile breakage on s390 2012-02-27 07:54:27 -08:00
sbus
scsi [SCSI] osd_uld: Bump MAX_OSD_DEVICES from 64 to 1,048,576 2012-02-25 08:25:09 -06:00
sfi
sh sh: clkfwk: bugfix: use clk_reparent() for div6 clocks 2012-01-24 10:44:49 +09:00
sn
spi spi-topcliff-pch: rename pch_spi_pcidev to pch_spi_pcidev_driver 2012-02-05 23:24:17 -07:00
ssb ssb: fix cardbus slot in hostmode 2012-02-01 15:26:00 -05:00
staging staging: pohmelfs: remove drivers/staging/pohmelfs 2012-02-08 16:19:06 -08:00
target target: Fix unsupported WRITE_SAME sense payload 2012-02-07 06:48:58 +00:00
tc
telephony
thermal thermal: Rename generate_netlink_event 2012-01-23 03:15:25 -05:00
tty tty: serial: omap-serial: wakeup latency constraint is in microseconds, not milliseconds 2012-02-09 10:48:36 -08:00
uio
usb USB: Added Kamstrup VID/PIDs to cp210x serial driver. 2012-02-21 16:29:15 -08:00
uwb
vhost
video video:uvesafb: Fix oops that uvesafb try to execute NX-protected page 2012-03-08 18:12:53 +00:00
virt
virtio virtio: balloon: leak / fill balloon across S4 2012-03-01 09:28:41 +10:30
vlynq
w1
watchdog watchdog: fix GETTIMEOUT ioctl in booke_wdt 2012-02-29 09:46:13 +01:00
xen xenbus_dev: add missing error check to watch handling 2012-02-03 16:07:05 -05:00
zorro
Kconfig
Makefile