If attach has not been called, unloading the driver can result in a null
pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
yet.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
Signed-off-by: Jonathan Liu <[email protected]>
---
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
index 750f2172ef08..8e9f45c5c7c1 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
@@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
{
struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi);
- mipi_dsi_device_unregister(ctx->dsi);
+ if (ctx->dsi) {
+ mipi_dsi_detach(ctx->dsi);
+ mipi_dsi_device_unregister(ctx->dsi);
+ }
+
drm_bridge_remove(&ctx->bridge);
of_node_put(ctx->host_node);
--
2.32.0
On 6/17/21 1:19 PM, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
>
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <[email protected]>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
Looks OK to me.
Reviewed-by: Marek Vasut <[email protected]>
Thanks !
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
Shouldn't this be done in a brige .detach() operation instead ?
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <[email protected]>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
>
--
Regards,
Laurent Pinchart
Hi Marek,
On Fri, 18 Jun 2021 at 00:14, Laurent Pinchart
<[email protected]> wrote:
>
> Hi Jonathan,
>
> Thank you for the patch.
>
> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> > If attach has not been called, unloading the driver can result in a null
> > pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> > yet.
>
> Shouldn't this be done in a brige .detach() operation instead ?
>
Could you please take a look?
I don't have a working setup to test moving the code to detach.
> > Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> > Signed-off-by: Jonathan Liu <[email protected]>
> > ---
> > drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > index 750f2172ef08..8e9f45c5c7c1 100644
> > --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> > {
> > struct sn65dsi83 *ctx = i2c_get_clientdata(client);
> >
> > - mipi_dsi_detach(ctx->dsi);
> > - mipi_dsi_device_unregister(ctx->dsi);
> > + if (ctx->dsi) {
> > + mipi_dsi_detach(ctx->dsi);
> > + mipi_dsi_device_unregister(ctx->dsi);
> > + }
> > +
> > drm_bridge_remove(&ctx->bridge);
> > of_node_put(ctx->host_node);
> >
Thanks.
Regards,
Jonathan
On 6/18/21 5:06 AM, Jonathan Liu wrote:
> Hi Marek,
Hi,
>> Hi Jonathan,
>>
>> Thank you for the patch.
>>
>> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
>>> If attach has not been called, unloading the driver can result in a null
>>> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
>>> yet.
>>
>> Shouldn't this be done in a brige .detach() operation instead ?
>>
>
> Could you please take a look?
> I don't have a working setup to test moving the code to detach.
I just replied to your other email regarding bringing the chip up, so
please bring your setup up first, then test this patch again, and then
let's revisit this topic.