From: Abhinav Kumar <abhinavk@codeaurora.org>
To: dri-devel@lists.freedesktop.org
Cc: Abhinav Kumar <abhinavk@codeaurora.org>,
linux-arm-msm@vger.kernel.org, robdclark@gmail.com,
jsanka@codeaurora.org, seanpaul@chromium.org,
nganji@codeaurora.org, chandanu@codeaurora.org,
hoegsberg@google.com
Subject: [PATCH v2] drm/msm/dsi: add protection against NULL dsi device
Date: Fri, 31 May 2019 19:43:27 -0700 [thread overview]
Message-ID: <1559357007-21004-1-git-send-email-abhinavk@codeaurora.org> (raw)
When panel probe happens after DSI probe, the DSI probe is deferred as
per current design. In the probe defer path dsi device is destroyed.
This NULL dsi device could be deferenced by the panel probe in the
mipi_dsi_attach path.
Check for NULL dsi device before accessing it.
Changes in v2:
- Add more comments on how this NULL pointer situation will be hit
Reported-by: Jeffrey Hugo <jhugo@codeaurora.org>
Tested-by: Jeffrey Hugo <jhugo@codeaurora.org>
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
---
drivers/gpu/drm/msm/dsi/dsi_manager.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/dsi/dsi_manager.c b/drivers/gpu/drm/msm/dsi/dsi_manager.c
index 80aa634..8fcb13f 100644
--- a/drivers/gpu/drm/msm/dsi/dsi_manager.c
+++ b/drivers/gpu/drm/msm/dsi/dsi_manager.c
@@ -769,7 +769,7 @@ bool msm_dsi_manager_cmd_xfer_trigger(int id, u32 dma_base, u32 len)
void msm_dsi_manager_attach_dsi_device(int id, u32 device_flags)
{
struct msm_dsi *msm_dsi = dsi_mgr_get_dsi(id);
- struct drm_device *dev = msm_dsi->dev;
+ struct drm_device *dev;
struct msm_drm_private *priv;
struct msm_kms *kms;
struct drm_encoder *encoder;
@@ -781,7 +781,17 @@ void msm_dsi_manager_attach_dsi_device(int id, u32 device_flags)
* (generally the case when we're connected to a drm_panel of the type
* mipi_dsi_device), this would be NULL. In such cases, try to set the
* encoder mode in the DSI connector's detect() op.
+ *
+ * msm_dsi pointer is assigned to a valid dsi device only when
+ * msm_dsi_manager_register() succeeds. When panel hasnt probed yet
+ * dsi_mgr_setup_components() could potentially return -EDEFER and
+ * assign the msm_dsi->dev to NULL. When the panel now probes and calls
+ * mipi_dsi_attach(), this will call msm_dsi_manager_attach_dsi_device()
+ * which will result in a NULL pointer dereference
*/
+
+ dev = msm_dsi ? msm_dsi->dev : NULL;
+
if (!dev)
return;
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
reply other threads:[~2019-06-01 2:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1559357007-21004-1-git-send-email-abhinavk@codeaurora.org \
--to=abhinavk@codeaurora.org \
--cc=chandanu@codeaurora.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=hoegsberg@google.com \
--cc=jsanka@codeaurora.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=nganji@codeaurora.org \
--cc=robdclark@gmail.com \
--cc=seanpaul@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).