]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5cb1b13)
drm/msm/dpu: reorder pointer operations after sanity checks to avoid NULL deref
authorQasim Ijaz <qasdev00@gmail.com>
Tue, 8 Apr 2025 17:22:23 +0000 (18:22 +0100)
committerAbhinav Kumar <quic_abhinavk@quicinc.com>
Thu, 10 Apr 2025 20:22:12 +0000 (13:22 -0700)
_dpu_encoder_trigger_start dereferences "struct dpu_encoder_phys *phys"
before the sanity checks which can lead to a NULL pointer dereference if
phys is NULL.

Fix this by reordering the dereference after the sanity checks.

Fixes: 8144d17a81d9 ("drm/msm/dpu: Skip trigger flush and start for CWB")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Reviewed-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/647536/
Link: https://lore.kernel.org/r/20250408172223.10827-1-qasdev00@gmail.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c patch | blob | blame | history

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
index 284e69bb47c179ba62363b2df2cebd5172c44f8a..dd13dc4e95a4be11df3e7173fe648878b3fcbac8 100644 (file)
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c
@@ -1666,7 +1666,7 @@ static void _dpu_encoder_trigger_flush(struct drm_encoder *drm_enc,
  */
 static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys)
 {
-       struct dpu_encoder_virt *dpu_enc = to_dpu_encoder_virt(phys->parent);
+       struct dpu_encoder_virt *dpu_enc;
 
        if (!phys) {
                DPU_ERROR("invalid argument(s)\n");
@@ -1678,6 +1678,8 @@ static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys)
                return;
        }
 
+       dpu_enc = to_dpu_encoder_virt(phys->parent);
+
        if (phys->parent->encoder_type == DRM_MODE_ENCODER_VIRTUAL &&
            dpu_enc->cwb_mask) {
                DPU_DEBUG("encoder %d CWB enabled, skipping\n", DRMID(phys->parent));
A mirror of Linus' kernel repository