Hi Russell,
Am Mittwoch, den 25.11.2015, 10:25 +0000 schrieb Russell King:
ipu_crtc_handle_pageflip() was calling drm_send_vblank_event() with a pipe argument of -1. Commit cc1ef118fc09 ("drm/irq: Make pipe unsigned and name consistent") now makes this error obvious, as we now may get a warning from:
if (WARN_ON(pipe >= dev->num_crtcs))
in drm_vblank_count_and_time(). Prior to this change, we would end up making out-of-bounds array accesses via:
struct drm_vblank_crtc *vblank = &dev->vblank[crtc]; and *vblanktime = vblanktimestamp(dev, pipe, cur_vblank);
So, this has been broken for a very long time, and is not a result of the above commit. Since we don't care about the staging versions, I've tagged this with the earliest mainline commit where we do care, even though this commit did not introduce the bug.
Fixes: 6556f7f82b9c ("drm: imx: Move imx-drm driver out of staging") Signed-off-by: Russell King rmk+kernel@arm.linux.org.uk
thank you for the patch. Thierry had sent a fix previously [1], but I don't think it is applied yet. If nobody minds, I'd like to add this to imx-drm/fixes as opposed to the older patch.
[1] https://patchwork.kernel.org/patch/7258101/
regards Philipp