2023-03-06 10:10:01

by Johan Hovold

[permalink] [raw]
Subject: [PATCH 04/10] drm/msm: fix NULL-deref on irq uninstall

In case of early initialisation errors and on platforms that do not use
the DPU controller, the deinitilisation code can be called with the kms
pointer set to NULL.

Fixes: f026e431cf86 ("drm/msm: Convert to Linux IRQ interfaces")
Cc: [email protected] # 5.14
Cc: Thomas Zimmermann <[email protected]>
Signed-off-by: Johan Hovold <[email protected]>
---
drivers/gpu/drm/msm/msm_drv.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
index 17a59d73fe01..2f2bcdb671d2 100644
--- a/drivers/gpu/drm/msm/msm_drv.c
+++ b/drivers/gpu/drm/msm/msm_drv.c
@@ -251,9 +251,11 @@ static int msm_drm_uninit(struct device *dev)
drm_bridge_remove(priv->bridges[i]);
priv->num_bridges = 0;

- pm_runtime_get_sync(dev);
- msm_irq_uninstall(ddev);
- pm_runtime_put_sync(dev);
+ if (kms) {
+ pm_runtime_get_sync(dev);
+ msm_irq_uninstall(ddev);
+ pm_runtime_put_sync(dev);
+ }

if (kms && kms->funcs)
kms->funcs->destroy(kms);
--
2.39.2



2023-03-21 15:17:53

by Dmitry Baryshkov

[permalink] [raw]
Subject: Re: [PATCH 04/10] drm/msm: fix NULL-deref on irq uninstall

On 06/03/2023 12:07, Johan Hovold wrote:
> In case of early initialisation errors and on platforms that do not use
> the DPU controller, the deinitilisation code can be called with the kms
> pointer set to NULL.
>
> Fixes: f026e431cf86 ("drm/msm: Convert to Linux IRQ interfaces")
> Cc: [email protected] # 5.14
> Cc: Thomas Zimmermann <[email protected]>
> Signed-off-by: Johan Hovold <[email protected]>

Reviewed-by: Dmitry Baryshkov <[email protected]>

> ---
> drivers/gpu/drm/msm/msm_drv.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/gpu/drm/msm/msm_drv.c b/drivers/gpu/drm/msm/msm_drv.c
> index 17a59d73fe01..2f2bcdb671d2 100644
> --- a/drivers/gpu/drm/msm/msm_drv.c
> +++ b/drivers/gpu/drm/msm/msm_drv.c
> @@ -251,9 +251,11 @@ static int msm_drm_uninit(struct device *dev)
> drm_bridge_remove(priv->bridges[i]);
> priv->num_bridges = 0;
>
> - pm_runtime_get_sync(dev);
> - msm_irq_uninstall(ddev);
> - pm_runtime_put_sync(dev);
> + if (kms) {
> + pm_runtime_get_sync(dev);
> + msm_irq_uninstall(ddev);
> + pm_runtime_put_sync(dev);
> + }
>
> if (kms && kms->funcs)
> kms->funcs->destroy(kms);

--
With best wishes
Dmitry