[PATCH 1/2] drm/vc4: Fix NULL pointer dereference in the async update path
Eric Anholt
eric at anholt.net
Tue Nov 13 21:24:07 UTC 2018
Boris Brezillon <boris.brezillon at bootlin.com> writes:
> vc4_plane_atomic_async_update() calls vc4_plane_atomic_check()
> which in turn calls vc4_plane_setup_clipping_and_scaling(), and since
> commit 58a6a36fe8e0 ("drm/vc4: Use
> drm_atomic_helper_check_plane_state() to simplify the logic"), this
> function accesses plane_state->state which will be NULL when called
> from the async update path since we're passing previous plane state,
> and plane_state->state has been assigned to NULL in
> drm_atomic_helper_swap_state().
>
> Assign plane->state->state to new_plane_state->state before calling
> vc4_plane_atomic_check() and reset it to NULL after
> vc4_plane_atomic_check() as returned.
>
> Fixes: 58a6a36fe8e0 ("drm/vc4: Use drm_atomic_helper_check_plane_state() to simplify the logic")
> Signed-off-by: Boris Brezillon <boris.brezillon at bootlin.com>
Hmm. Could we pass in the new state instead, and then pick the dlist
items out of the new state's dlist to write into both our dlist copy and
the hw dlist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20181113/06eddba9/attachment.sig>
More information about the dri-devel
mailing list