It is possible that both dev->master and file_priv->master are NULL when
passed to drm_master_release, which would result in dev being passed to
drm_drop_master (as NULL == NULL here). This would result in a NULL
pointer dereference when passing dev->master to drm_master_put in
drm_drop_master.
Only call drm_drop_master if dev->master exists. Also, make sure the
original calling requirement is maintained (dev->master ==
file_priv->master).
This fixes a static analysis issue.
Signed-off-by: Jonathan Cavitt <jonathan.cavitt@intel.com>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <mripard@kernel.org>
Cc: Thomas Zimmermann <tzimmermann@suse.de>
Cc: David Airlie <airlied@gmail.com>
Cc: Simona Vetter <simona@ffwll.ch>
Acked-by: Luben Tuikov <ltuikov89@gmail.com>
Reviewed-by: Maciej Patelczyk <maciej.patelczyk@intel.com>
Link: https://patch.msgid.link/20260416210047.3904106-1-jonathan.cavitt@intel.com
if (!drm_is_current_master_locked(file_priv))
goto out;
- if (dev->master == file_priv->master)
+ if (dev->master && dev->master == file_priv->master)
drm_drop_master(dev, file_priv);
out:
if (drm_core_check_feature(dev, DRIVER_MODESET) && file_priv->is_master) {
projects / thirdparty / kernel / linux.git / commitdiff
