The MediaTek DisplayPort interface bridge driver starts its interrupts
as soon as its probed. However when the interrupts trigger the bridge
might not have been attached to a DRM device. As drm_helper_hpd_irq_event()
does not check whether the passed in drm_device is valid or not, a NULL
pointer passed in results in a kernel NULL pointer dereference in it.
Check whether the bridge is attached and only trigger an HPD event if
it is.
Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
Signed-off-by: Chen-Yu Tsai <[email protected]>
Reviewed-by: Guillaume Ranquet <[email protected]>
---
Changes since v1
- Dropped prerequisite-patch-ids
- Added Guillaume's Reviewed-by
This applies on top of mediatek-drm-next.
drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
index 1f94fcc144d3..a82f53e1a146 100644
--- a/drivers/gpu/drm/mediatek/mtk_dp.c
+++ b/drivers/gpu/drm/mediatek/mtk_dp.c
@@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev)
spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags);
if (status & MTK_DP_THREAD_CABLE_STATE_CHG) {
- drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
+ if (mtk_dp->bridge.dev)
+ drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
if (!mtk_dp->train_info.cable_plugged_in) {
mtk_dp_disable_sdp_aui(mtk_dp);
--
2.39.1.456.gfc5497dd1b-goog
Il 02/02/23 05:57, Chen-Yu Tsai ha scritto:
> The MediaTek DisplayPort interface bridge driver starts its interrupts
> as soon as its probed. However when the interrupts trigger the bridge
> might not have been attached to a DRM device. As drm_helper_hpd_irq_event()
> does not check whether the passed in drm_device is valid or not, a NULL
> pointer passed in results in a kernel NULL pointer dereference in it.
>
> Check whether the bridge is attached and only trigger an HPD event if
> it is.
>
> Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
> Signed-off-by: Chen-Yu Tsai <[email protected]>
> Reviewed-by: Guillaume Ranquet <[email protected]>
Reviewed-by: AngeloGioacchino Del Regno <[email protected]>
On 02/02/2023 05:57, Chen-Yu Tsai wrote:
> The MediaTek DisplayPort interface bridge driver starts its interrupts
> as soon as its probed. However when the interrupts trigger the bridge
> might not have been attached to a DRM device. As drm_helper_hpd_irq_event()
> does not check whether the passed in drm_device is valid or not, a NULL
> pointer passed in results in a kernel NULL pointer dereference in it.
>
> Check whether the bridge is attached and only trigger an HPD event if
> it is.
>
> Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
> Signed-off-by: Chen-Yu Tsai <[email protected]>
> Reviewed-by: Guillaume Ranquet <[email protected]>
Reviewed-by: Matthias Brugger <[email protected]>
> ---
> Changes since v1
> - Dropped prerequisite-patch-ids
> - Added Guillaume's Reviewed-by
>
> This applies on top of mediatek-drm-next.
>
> drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
> index 1f94fcc144d3..a82f53e1a146 100644
> --- a/drivers/gpu/drm/mediatek/mtk_dp.c
> +++ b/drivers/gpu/drm/mediatek/mtk_dp.c
> @@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev)
> spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags);
>
> if (status & MTK_DP_THREAD_CABLE_STATE_CHG) {
> - drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
> + if (mtk_dp->bridge.dev)
> + drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
>
> if (!mtk_dp->train_info.cable_plugged_in) {
> mtk_dp_disable_sdp_aui(mtk_dp);
Hi, Chen-Yu:
Chen-Yu Tsai <[email protected]> 於 2023年2月2日 週四 下午12:57寫道:
>
> The MediaTek DisplayPort interface bridge driver starts its interrupts
> as soon as its probed. However when the interrupts trigger the bridge
> might not have been attached to a DRM device. As drm_helper_hpd_irq_event()
> does not check whether the passed in drm_device is valid or not, a NULL
> pointer passed in results in a kernel NULL pointer dereference in it.
>
> Check whether the bridge is attached and only trigger an HPD event if
> it is.
Applied to mediatek-drm-next [1], thanks.
[1] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/log/?h=mediatek-drm-next
Regards,
Chun-Kuang.
>
> Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
> Signed-off-by: Chen-Yu Tsai <[email protected]>
> Reviewed-by: Guillaume Ranquet <[email protected]>
> ---
> Changes since v1
> - Dropped prerequisite-patch-ids
> - Added Guillaume's Reviewed-by
>
> This applies on top of mediatek-drm-next.
>
> drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
> index 1f94fcc144d3..a82f53e1a146 100644
> --- a/drivers/gpu/drm/mediatek/mtk_dp.c
> +++ b/drivers/gpu/drm/mediatek/mtk_dp.c
> @@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev)
> spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags);
>
> if (status & MTK_DP_THREAD_CABLE_STATE_CHG) {
> - drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
> + if (mtk_dp->bridge.dev)
> + drm_helper_hpd_irq_event(mtk_dp->bridge.dev);
>
> if (!mtk_dp->train_info.cable_plugged_in) {
> mtk_dp_disable_sdp_aui(mtk_dp);
> --
> 2.39.1.456.gfc5497dd1b-goog
>