From: sashiko-bot@kernel.org
To: "Maxime Ripard" <mripard@kernel.org>
Cc: linux-sunxi@lists.linux.dev
Subject: Re: [PATCH v4 20/20] drm/bridge_connector: Convert to atomic_create_state
Date: Thu, 14 May 2026 02:48:17 +0000 [thread overview]
Message-ID: <20260514024820.95369C19425@smtp.kernel.org> (raw)
In-Reply-To: <20260512-drm-mode-config-init-v4-20-591dfdcc1bf9@kernel.org>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Critical] Removing the `.reset` hook from `drm_bridge_connector_funcs` causes a guaranteed NULL pointer dereference and kernel panic during HDMI bridge initialization in `drmm_connector_hdmi_init()`.
--
commit 4d1b1d55e3ba2c5d7992c514db2a00581120fa32
Author: Maxime Ripard <mripard@kernel.org>
drm/bridge_connector: Convert to atomic_create_state
This commit converts the drm_bridge_connector to use atomic_create_state
instead of reset to initialize its state. It removes the reset hook from
drm_bridge_connector_funcs and replaces it with atomic_create_state.
> diff --git a/drivers/gpu/drm/display/drm_bridge_connector.c b/drivers/gpu/drm/display/drm_bridge_connector.c
> index 50408af746d84..cafa498c38482 100644
> --- a/drivers/gpu/drm/display/drm_bridge_connector.c
> +++ b/drivers/gpu/drm/display/drm_bridge_connector.c
[ ... ]
> @@ -265,22 +265,29 @@ static void drm_bridge_connector_debugfs_init(struct drm_connector *connector,
> static const struct drm_connector_funcs drm_bridge_connector_funcs = {
> - .reset = drm_bridge_connector_reset,
Does removing the reset hook cause a null pointer dereference regression
during HDMI bridge initialization?
When an HDMI bridge is present, drm_bridge_connector_init() delegates setup
to drmm_connector_hdmi_init(). Looking at drmm_connector_hdmi_init(), it
expects to allocate and initialize the connector's state by calling its
reset hook:
drmm_connector_hdmi_init() {
...
if (connector->funcs->reset)
connector->funcs->reset(connector);
...
}
Since the reset hook is removed here, the state allocation is skipped,
leaving connector->state as null.
Immediately after this, drmm_connector_hdmi_init() calls
drm_connector_attach_max_bpc_property(), which unconditionally dereferences
connector->state:
drm_connector_attach_max_bpc_property() {
...
connector->state->max_requested_bpc = max;
connector->state->max_bpc = max;
...
}
Could this lead to a crash when an HDMI bridge connector is initialized?
> .detect = drm_bridge_connector_detect,
> .force = drm_bridge_connector_force,
> .fill_modes = drm_helper_probe_single_connector_modes,
> + .atomic_create_state = drm_bridge_connector_create_state,
> .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state,
> .atomic_destroy_state = drm_atomic_helper_connector_destroy_state,
> .debugfs_init = drm_bridge_connector_debugfs_init,
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260512-drm-mode-config-init-v4-0-591dfdcc1bf9@kernel.org?part=20
next prev parent reply other threads:[~2026-05-14 2:48 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 13:05 [PATCH v4 00/20] drm/atomic: Rework initial state allocation Maxime Ripard
2026-05-12 13:05 ` [PATCH v4 01/20] drm/atomic: Document atomic commit lifetime Maxime Ripard
2026-05-13 21:25 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 02/20] drm/colorop: Fix typos in the doc Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 03/20] drm/atomic: Drop drm_private_obj.state assignment from create_state Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 04/20] drm/atomic: Expand atomic_create_state expectations for drm_private_obj Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 05/20] drm/mode-config: Document drm_private_obj exclusion from drm_mode_config_reset() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 06/20] drm/colorop: Rename __drm_colorop_state_reset() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 07/20] drm/colorop: Create drm_atomic_helper_colorop_create_state() Maxime Ripard
2026-05-13 22:50 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 08/20] drm/atomic-state-helper: Fix __drm_atomic_helper_plane_reset() doc typo Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 09/20] drm/atomic-state-helper: Rename __drm_atomic_helper_plane_state_reset() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 10/20] drm/plane: Add new atomic_create_state callback Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 11/20] drm/atomic-state-helper: Rename __drm_atomic_helper_crtc_state_reset() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 12/20] drm/crtc: Add new atomic_create_state callback Maxime Ripard
2026-05-14 0:03 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 13/20] drm/atomic-state-helper: Rename __drm_atomic_helper_connector_state_reset() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 14/20] drm/hdmi: Rename __drm_atomic_helper_connector_hdmi_reset() Maxime Ripard
2026-05-14 0:22 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 15/20] drm/connector: Add new atomic_create_state callback Maxime Ripard
2026-05-14 0:45 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 16/20] drm/mode-config: Create drm_mode_config_create_initial_state() Maxime Ripard
2026-05-14 0:57 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 17/20] drm/drv: Switch skeleton to drm_mode_config_create_initial_state() Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 18/20] drm/tidss: Switch " Maxime Ripard
2026-05-14 1:25 ` sashiko-bot
2026-05-12 13:06 ` [PATCH v4 19/20] drm/tidss: Convert to atomic_create_state Maxime Ripard
2026-05-12 13:06 ` [PATCH v4 20/20] drm/bridge_connector: " Maxime Ripard
2026-05-14 2:48 ` sashiko-bot [this message]
2026-05-12 14:02 ` ✓ i915.CI.BAT: success for drm/atomic: Rework initial state allocation (rev3) Patchwork
2026-05-12 18:03 ` ✗ CI.checkpatch: warning " Patchwork
2026-05-12 18:05 ` ✓ CI.KUnit: success " Patchwork
2026-05-12 19:35 ` ✓ Xe.CI.BAT: " Patchwork
2026-05-13 6:45 ` ✗ i915.CI.Full: failure " Patchwork
2026-05-13 9:41 ` ✗ Xe.CI.FULL: " Patchwork
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260514024820.95369C19425@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=linux-sunxi@lists.linux.dev \
--cc=mripard@kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.