* [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
@ 2025-12-15 20:33 Karunika Choo
2025-12-16 10:39 ` Boris Brezillon
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Karunika Choo @ 2025-12-15 20:33 UTC (permalink / raw)
To: dri-devel
Cc: nd, Boris Brezillon, Steven Price, Liviu Dudau, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
linux-kernel, aishwarya.tcv
This patch removes the MCU halt and wait for halt procedures during
panthor_fw_unplug() as the MCU can be in a variety of states or the FW
may not even be loaded/initialized at all, the latter of which can lead
to a NULL pointer dereference.
It should be safe on unplug to just disable the MCU without waiting for
it to halt as it may not be able to.
Fixes: 514072549865 ("drm/panthor: Support GLB_REQ.STATE field for Mali-G1 GPUs")
Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
Signed-off-by: Karunika Choo <karunika.choo@arm.com>
---
drivers/gpu/drm/panthor/panthor_fw.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
index 4beaa589ba66..a64ec8756bed 100644
--- a/drivers/gpu/drm/panthor/panthor_fw.c
+++ b/drivers/gpu/drm/panthor/panthor_fw.c
@@ -1261,10 +1261,6 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
if (ptdev->fw->irq.irq)
panthor_job_irq_suspend(&ptdev->fw->irq);
- panthor_fw_halt_mcu(ptdev);
- if (!panthor_fw_wait_mcu_halted(ptdev))
- drm_warn(&ptdev->base, "Failed to halt MCU on unplug");
-
panthor_fw_stop(ptdev);
}
--
2.49.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
2025-12-15 20:33 [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug Karunika Choo
@ 2025-12-16 10:39 ` Boris Brezillon
2025-12-16 12:51 ` Liviu Dudau
2025-12-16 17:32 ` Markus Elfring
2 siblings, 0 replies; 6+ messages in thread
From: Boris Brezillon @ 2025-12-16 10:39 UTC (permalink / raw)
To: Karunika Choo
Cc: dri-devel, nd, Steven Price, Liviu Dudau, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
linux-kernel, aishwarya.tcv
On Mon, 15 Dec 2025 20:33:12 +0000
Karunika Choo <karunika.choo@arm.com> wrote:
> This patch removes the MCU halt and wait for halt procedures during
> panthor_fw_unplug() as the MCU can be in a variety of states or the FW
> may not even be loaded/initialized at all, the latter of which can lead
> to a NULL pointer dereference.
>
> It should be safe on unplug to just disable the MCU without waiting for
> it to halt as it may not be able to.
>
> Fixes: 514072549865 ("drm/panthor: Support GLB_REQ.STATE field for Mali-G1 GPUs")
> Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
> Signed-off-by: Karunika Choo <karunika.choo@arm.com>
Reviewed-by: Boris Brezillon <boris.brezillon@collabora.com>
> ---
> drivers/gpu/drm/panthor/panthor_fw.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
> index 4beaa589ba66..a64ec8756bed 100644
> --- a/drivers/gpu/drm/panthor/panthor_fw.c
> +++ b/drivers/gpu/drm/panthor/panthor_fw.c
> @@ -1261,10 +1261,6 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
> if (ptdev->fw->irq.irq)
> panthor_job_irq_suspend(&ptdev->fw->irq);
>
> - panthor_fw_halt_mcu(ptdev);
> - if (!panthor_fw_wait_mcu_halted(ptdev))
> - drm_warn(&ptdev->base, "Failed to halt MCU on unplug");
> -
> panthor_fw_stop(ptdev);
> }
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
2025-12-15 20:33 [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug Karunika Choo
2025-12-16 10:39 ` Boris Brezillon
@ 2025-12-16 12:51 ` Liviu Dudau
2026-01-19 6:33 ` Andy Yan
2025-12-16 17:32 ` Markus Elfring
2 siblings, 1 reply; 6+ messages in thread
From: Liviu Dudau @ 2025-12-16 12:51 UTC (permalink / raw)
To: Karunika Choo
Cc: dri-devel, nd, Boris Brezillon, Steven Price, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
linux-kernel, aishwarya.tcv
On Mon, Dec 15, 2025 at 08:33:12PM +0000, Karunika Choo wrote:
> This patch removes the MCU halt and wait for halt procedures during
> panthor_fw_unplug() as the MCU can be in a variety of states or the FW
> may not even be loaded/initialized at all, the latter of which can lead
> to a NULL pointer dereference.
>
> It should be safe on unplug to just disable the MCU without waiting for
> it to halt as it may not be able to.
>
> Fixes: 514072549865 ("drm/panthor: Support GLB_REQ.STATE field for Mali-G1 GPUs")
> Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
> Signed-off-by: Karunika Choo <karunika.choo@arm.com>
Reviewed-by: Liviu Dudau <liviu@dudau.co.uk>
Best regards,
Liviu
> ---
> drivers/gpu/drm/panthor/panthor_fw.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
> index 4beaa589ba66..a64ec8756bed 100644
> --- a/drivers/gpu/drm/panthor/panthor_fw.c
> +++ b/drivers/gpu/drm/panthor/panthor_fw.c
> @@ -1261,10 +1261,6 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
> if (ptdev->fw->irq.irq)
> panthor_job_irq_suspend(&ptdev->fw->irq);
>
> - panthor_fw_halt_mcu(ptdev);
> - if (!panthor_fw_wait_mcu_halted(ptdev))
> - drm_warn(&ptdev->base, "Failed to halt MCU on unplug");
> -
> panthor_fw_stop(ptdev);
> }
>
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
2025-12-15 20:33 [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug Karunika Choo
2025-12-16 10:39 ` Boris Brezillon
2025-12-16 12:51 ` Liviu Dudau
@ 2025-12-16 17:32 ` Markus Elfring
2 siblings, 0 replies; 6+ messages in thread
From: Markus Elfring @ 2025-12-16 17:32 UTC (permalink / raw)
To: Karunika Choo, dri-devel
Cc: LKML, Aishwarya TCV, Boris Brezillon, David Airlie, Liviu Dudau,
Maarten Lankhorst, Maxime Ripard, Simona Vetter, Steven Price,
Thomas Zimmermann, nd
> This patch removes the …
See also once more:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.19-rc1#n94
Regards,
Markus
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re:Re: [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
2025-12-16 12:51 ` Liviu Dudau
@ 2026-01-19 6:33 ` Andy Yan
2026-01-19 8:18 ` Steven Price
0 siblings, 1 reply; 6+ messages in thread
From: Andy Yan @ 2026-01-19 6:33 UTC (permalink / raw)
To: Liviu Dudau
Cc: Karunika Choo, dri-devel, nd, Boris Brezillon, Steven Price,
Maarten Lankhorst, Maxime Ripard, Thomas Zimmermann, David Airlie,
Simona Vetter, linux-kernel, aishwarya.tcv
Hello,
At 2025-12-16 20:51:53, "Liviu Dudau" <liviu.dudau@arm.com> wrote:
>On Mon, Dec 15, 2025 at 08:33:12PM +0000, Karunika Choo wrote:
>> This patch removes the MCU halt and wait for halt procedures during
>> panthor_fw_unplug() as the MCU can be in a variety of states or the FW
>> may not even be loaded/initialized at all, the latter of which can lead
>> to a NULL pointer dereference.
>>
>> It should be safe on unplug to just disable the MCU without waiting for
>> it to halt as it may not be able to.
>>
>> Fixes: 514072549865 ("drm/panthor: Support GLB_REQ.STATE field for Mali-G1 GPUs")
>> Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
>> Signed-off-by: Karunika Choo <karunika.choo@arm.com>
>
>Reviewed-by: Liviu Dudau <liviu@dudau.co.uk>
Tested-by: Andy Yan <andyshrk@163.com>
Hope can be merged in 6.19 release cycle.
>
>Best regards,
>Liviu
>
>> ---
>> drivers/gpu/drm/panthor/panthor_fw.c | 4 ----
>> 1 file changed, 4 deletions(-)
>>
>> diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
>> index 4beaa589ba66..a64ec8756bed 100644
>> --- a/drivers/gpu/drm/panthor/panthor_fw.c
>> +++ b/drivers/gpu/drm/panthor/panthor_fw.c
>> @@ -1261,10 +1261,6 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
>> if (ptdev->fw->irq.irq)
>> panthor_job_irq_suspend(&ptdev->fw->irq);
>>
>> - panthor_fw_halt_mcu(ptdev);
>> - if (!panthor_fw_wait_mcu_halted(ptdev))
>> - drm_warn(&ptdev->base, "Failed to halt MCU on unplug");
>> -
>> panthor_fw_stop(ptdev);
>> }
>>
>> --
>> 2.49.0
>>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
2026-01-19 6:33 ` Andy Yan
@ 2026-01-19 8:18 ` Steven Price
0 siblings, 0 replies; 6+ messages in thread
From: Steven Price @ 2026-01-19 8:18 UTC (permalink / raw)
To: Andy Yan, Liviu Dudau
Cc: Karunika Choo, dri-devel, nd, Boris Brezillon, Maarten Lankhorst,
Maxime Ripard, Thomas Zimmermann, David Airlie, Simona Vetter,
linux-kernel, aishwarya.tcv
On 19/01/2026 06:33, Andy Yan wrote:
>
> Hello,
>
> At 2025-12-16 20:51:53, "Liviu Dudau" <liviu.dudau@arm.com> wrote:
>> On Mon, Dec 15, 2025 at 08:33:12PM +0000, Karunika Choo wrote:
>>> This patch removes the MCU halt and wait for halt procedures during
>>> panthor_fw_unplug() as the MCU can be in a variety of states or the FW
>>> may not even be loaded/initialized at all, the latter of which can lead
>>> to a NULL pointer dereference.
>>>
>>> It should be safe on unplug to just disable the MCU without waiting for
>>> it to halt as it may not be able to.
>>>
>>> Fixes: 514072549865 ("drm/panthor: Support GLB_REQ.STATE field for Mali-G1 GPUs")
>>> Suggested-by: Boris Brezillon <boris.brezillon@collabora.com>
>>> Signed-off-by: Karunika Choo <karunika.choo@arm.com>
>>
>> Reviewed-by: Liviu Dudau <liviu@dudau.co.uk>
>
> Tested-by: Andy Yan <andyshrk@163.com>
>
> Hope can be merged in 6.19 release cycle.
Boris has already merged this:
commit 920c6af98e98e6afedf6318a75bac95af8415c6c
Author: Karunika Choo <karunika.choo@arm.com>
Date: Mon Dec 15 20:33:12 2025 +0000
drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug
However it's in the drm-misc-next branch which means it won't be pulled
until the merge window. Ideally it would have gone in via
drm-misc-fixes, but given this (AFAIK) only triggers in the combination
of loading the panthor driver *and* not having the correct firmware I
didn't think it was worth worrying about - and so haven't asked the DRM
maintainers to cherry pick it. The fix should get backported into a
6.19.x stable release.
If I've missed something then let me (and the DRM maintainers) know and
the commit can be cherry-picked.
Thanks,
Steve
>
>>
>> Best regards,
>> Liviu
>>
>>> ---
>>> drivers/gpu/drm/panthor/panthor_fw.c | 4 ----
>>> 1 file changed, 4 deletions(-)
>>>
>>> diff --git a/drivers/gpu/drm/panthor/panthor_fw.c b/drivers/gpu/drm/panthor/panthor_fw.c
>>> index 4beaa589ba66..a64ec8756bed 100644
>>> --- a/drivers/gpu/drm/panthor/panthor_fw.c
>>> +++ b/drivers/gpu/drm/panthor/panthor_fw.c
>>> @@ -1261,10 +1261,6 @@ void panthor_fw_unplug(struct panthor_device *ptdev)
>>> if (ptdev->fw->irq.irq)
>>> panthor_job_irq_suspend(&ptdev->fw->irq);
>>>
>>> - panthor_fw_halt_mcu(ptdev);
>>> - if (!panthor_fw_wait_mcu_halted(ptdev))
>>> - drm_warn(&ptdev->base, "Failed to halt MCU on unplug");
>>> -
>>> panthor_fw_stop(ptdev);
>>> }
>>>
>>> --
>>> 2.49.0
>>>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-01-19 8:18 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-15 20:33 [PATCH] drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug Karunika Choo
2025-12-16 10:39 ` Boris Brezillon
2025-12-16 12:51 ` Liviu Dudau
2026-01-19 6:33 ` Andy Yan
2026-01-19 8:18 ` Steven Price
2025-12-16 17:32 ` Markus Elfring
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.