general protection fault in drm_mode_object_put() is hit on 5.4/5.10 if
drm_property_create_blob() fails for some reason and state->mode_blob is
assigned an error pointer which is not treated correctly in some places as
mentioned in patch description.
The following patch fixes the issue and can be cleanly applied to 5.4/5.10
stable branches.
Seems the patch could not be initially backported due to DRM_DEBUG_ATOMIC
-> drm_dbg_atomic() change.
From: Ville Syrjälä <[email protected]>
commit 439cf34c8e0a8a33d8c15a31be1b7423426bc765 upstream.
Make sure we don't assign an error pointer to crtc_state->mode_blob
as that will break all kinds of places that assume either NULL or a
valid pointer (eg. drm_property_blob_put()).
Cc: [email protected]
Reported-by: fuyufan <[email protected]>
Signed-off-by: Ville Syrjälä <[email protected]>
Link: https://patchwork.freedesktop.org/patch/msgid/[email protected]
Acked-by: Maxime Ripard <[email protected]>
Signed-off-by: Fedor Pchelkin <[email protected]>
---
drivers/gpu/drm/drm_atomic_uapi.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c
index 25c269bc4681..b6062833370f 100644
--- a/drivers/gpu/drm/drm_atomic_uapi.c
+++ b/drivers/gpu/drm/drm_atomic_uapi.c
@@ -75,15 +75,17 @@ int drm_atomic_set_mode_for_crtc(struct drm_crtc_state *state,
state->mode_blob = NULL;
if (mode) {
+ struct drm_property_blob *blob;
+
drm_mode_convert_to_umode(&umode, mode);
- state->mode_blob =
- drm_property_create_blob(state->crtc->dev,
- sizeof(umode),
- &umode);
- if (IS_ERR(state->mode_blob))
- return PTR_ERR(state->mode_blob);
+ blob = drm_property_create_blob(crtc->dev,
+ sizeof(umode), &umode);
+ if (IS_ERR(blob))
+ return PTR_ERR(blob);
drm_mode_copy(&state->mode, mode);
+
+ state->mode_blob = blob;
state->enable = true;
DRM_DEBUG_ATOMIC("Set [MODE:%s] for [CRTC:%d:%s] state %p\n",
mode->name, crtc->base.id, crtc->name, state);
--
2.34.1