[PATCH] drm/exynos: Check for NULL dereference of crtc

Inki Dae inki.dae at samsung.com
Fri Mar 6 05:13:42 PST 2015


On 2015년 02월 18일 02:14, Charles Keepax wrote:
> The commit "drm/exynos: remove exynos_plane_dpms" (d9ea6256) removed the
> use of the enabled flag, which means that the code may attempt to call
> win_enable on a NULL crtc. This results in the following oops on

Hmm... it's strange. plane->funcs->destroy() is called prior to
crtc->funcs->destroy() so it should be exynos_crtc is not NULL. However,
it seems there is any corner case we didn't catch up.

Applied.

Thanks,
Inki Dae

> Arndale:
> 
> [    1.673479] Unable to handle kernel NULL pointer dereference at virtual address 00000368
> [    1.681500] pgd = c0004000
> [    1.684154] [00000368] *pgd=00000000
> [    1.687713] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
> [    1.693012] Modules linked in:
> [    1.696045] CPU: 1 PID: 1 Comm: swapper/0 Not tainted
> 3.19.0-07545-g57485fa #1907
> [    1.703524] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
> (....)
> [    2.014803] [<c02f9cfc>] (exynos_plane_destroy) from [<c02e61b4>] (drm_mode_config_cleanup+0x168/0x20c)
> [    2.024178] [<c02e61b4>] (drm_mode_config_cleanup) from [<c02f66fc>] (exynos_drm_load+0xac/0x12c)
> 
> This patch adds in a check to ensure exynos_crtc is not NULL before it
> is dereferenced.
> 
> Signed-off-by: Charles Keepax <ckeepax at opensource.wolfsonmicro.com>
> ---
>  drivers/gpu/drm/exynos/exynos_drm_plane.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/drivers/gpu/drm/exynos/exynos_drm_plane.c b/drivers/gpu/drm/exynos/exynos_drm_plane.c
> index 2dfb847..78fc0a1 100644
> --- a/drivers/gpu/drm/exynos/exynos_drm_plane.c
> +++ b/drivers/gpu/drm/exynos/exynos_drm_plane.c
> @@ -176,7 +176,7 @@ static int exynos_disable_plane(struct drm_plane *plane)
>  	struct exynos_drm_plane *exynos_plane = to_exynos_plane(plane);
>  	struct exynos_drm_crtc *exynos_crtc = to_exynos_crtc(plane->crtc);
>  
> -	if (exynos_crtc->ops->win_disable)
> +	if (exynos_crtc && exynos_crtc->ops->win_disable)
>  		exynos_crtc->ops->win_disable(exynos_crtc,
>  					      exynos_plane->zpos);
>  
> 



More information about the dri-devel mailing list