[PATCH 1/6] drm/fb-helper: Avoid NULL ptr dereference in fb_set_suspend()
Daniel Vetter
daniel at ffwll.ch
Mon Aug 28 21:34:57 UTC 2017
On Mon, Aug 28, 2017 at 07:17:43PM +0200, Noralf Trønnes wrote:
> drm_fb_helper_resume_worker() uses fb_helper->fbdev to call
> fb_set_suspend() which dereferences the pointer.
> Move sync-canceling of the resume worker in drm_fb_helper_fini() before
> setting fb_helper->fbdev to NULL.
>
> Signed-off-by: Noralf Trønnes <noralf at tronnes.org>
> ---
> drivers/gpu/drm/drm_fb_helper.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 1b8f013..2e33467 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -910,6 +910,8 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper)
> if (!drm_fbdev_emulation || !fb_helper)
> return;
>
> + cancel_work_sync(&fb_helper->resume_work);
> +
> info = fb_helper->fbdev;
> if (info) {
> if (info->cmap.len)
> @@ -918,7 +920,6 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper)
> }
> fb_helper->fbdev = NULL;
>
> - cancel_work_sync(&fb_helper->resume_work);
> cancel_work_sync(&fb_helper->dirty_work);
Hm, I would have moved both up, just for safety. Either way:
Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
>
> mutex_lock(&kernel_fb_helper_lock);
> --
> 2.7.4
>
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
More information about the dri-devel
mailing list