From: Dan Carpenter <dan.carpenter@linaro.org>
Date: Tue, 25 Feb 2025 07:30:26 +0000 (+0300)
Subject: drm/msm/dpu: fix error pointer dereference in msm_kms_init_aspace()
X-Git-Tag: v6.15-rc1~120^2~11^2~27
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f9d1b528219beea3f42cc75504541611e1b8ca83;p=thirdparty%2Fkernel%2Fstable.git

drm/msm/dpu: fix error pointer dereference in msm_kms_init_aspace()

If msm_gem_address_space_create() fails, then return right away.
Otherwise it leads to a Oops when we dereference "aspace" on the next
line.

Fixes: eabba31a839a ("drm/msm: register a fault handler for display mmu faults")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/639357/
Link: https://lore.kernel.org/r/3221e88c-3351-42e6-aeb1-69f4f014b509@stanley.mountain
[DB: fixed commit id]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
---

diff --git a/drivers/gpu/drm/msm/msm_kms.c b/drivers/gpu/drm/msm/msm_kms.c
index b877278888e62..35d5397e73b4c 100644
--- a/drivers/gpu/drm/msm/msm_kms.c
+++ b/drivers/gpu/drm/msm/msm_kms.c
@@ -209,6 +209,7 @@ struct msm_gem_address_space *msm_kms_init_aspace(struct drm_device *dev)
 	if (IS_ERR(aspace)) {
 		dev_err(mdp_dev, "aspace create, error %pe\n", aspace);
 		mmu->funcs->destroy(mmu);
+		return aspace;
 	}
 
 	msm_mmu_set_fault_handler(aspace->mmu, kms, msm_kms_fault_handler);