[PATCH] drm/nouveau/mxm: fix null deref on load

[Ilia Mirkin]

Since commit 61b365a50 (drm/nouveau: populate master subdev pointer only
when fully constructed), the nouveau_mxm(bios) call will return NULL,
since it's still being called from the constructor. Instead, pass the
mxm pointer via the unused data field.

See https://bugs.freedesktop.org/show_bug.cgi?id=73791

Reported-by: Andreas Reis <andreas.reis at gmail.com>
Tested-by: Andreas Reis <andreas.reis at gmail.com>
Signed-off-by: Ilia Mirkin <imirkin at alum.mit.edu>
---

3.13 release time is approaching, so I'm expanding the To list, as this is a
crashing bug for potentially a lot of people (not sure how common the MXM
stuff is) and it'd be silly not to include the fix because someone along the
chain wasn't around. Hope I'm not stepping on any toes by sending to the full
upstream path...

 drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
index af129c2..0bd3774 100644
--- a/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
+++ b/drivers/gpu/drm/nouveau/core/subdev/mxm/nv50.c
@@ -100,7 +100,7 @@ mxm_match_dcb(struct nouveau_mxm *mxm, u8 *data, void *info)
 static int
 mxm_dcb_sanitise_entry(struct nouveau_bios *bios, void *data, int idx, u16 pdcb)
 {
-	struct nouveau_mxm *mxm = nouveau_mxm(bios);
+	struct nouveau_mxm *mxm = data;
 	struct context ctx = { .outp = (u32 *)(bios->data + pdcb) };
 	u8 type, i2cidx, link, ver, len;
 	u8 *conn;
@@ -199,7 +199,7 @@ mxm_dcb_sanitise(struct nouveau_mxm *mxm)
 		return;
 	}
 
-	dcb_outp_foreach(bios, NULL, mxm_dcb_sanitise_entry);
+	dcb_outp_foreach(bios, mxm, mxm_dcb_sanitise_entry);
 	mxms_foreach(mxm, 0x01, mxm_show_unmatched, NULL);
 }
 
-- 
1.8.3.2