drm/tegra: Fix a possible null pointer dereference

commit 780351a5f61416ed2ba1199cc57e4a076fca644d upstream.

In tegra_crtc_reset(), new memory is allocated with kzalloc(), but
no check is performed. Before calling __drm_atomic_helper_crtc_reset,
state should be checked to prevent possible null pointer dereference.

Fixes: b7e0b04ae450 ("drm/tegra: Convert to using __drm_atomic_helper_crtc_reset() for reset.")
Cc: stable@vger.kernel.org
Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20241106095906.15247-1-chenqiuji666@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
index b016c3c95a844bfe19c3f64730ea1510dc53419c..980d85bc7f3745d5884f106e48a3053febb4025c 100644 (file)
--- a/drivers/gpu/drm/tegra/dc.c
+++ b/drivers/gpu/drm/tegra/dc.c
@@ -1392,7 +1392,10 @@ static void tegra_crtc_reset(struct drm_crtc *crtc)
        if (crtc->state)
                tegra_crtc_atomic_destroy_state(crtc, crtc->state);
 
-       __drm_atomic_helper_crtc_reset(crtc, &state->base);
+       if (state)
+               __drm_atomic_helper_crtc_reset(crtc, &state->base);
+       else
+               __drm_atomic_helper_crtc_reset(crtc, NULL);
 }
 
 static struct drm_crtc_state *