[PATCH] drm: sun4i: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind

Maxime Ripard maxime.ripard at bootlin.com
Mon Apr 8 08:31:10 UTC 2019


On Sat, Apr 06, 2019 at 01:30:48AM +0200, megous at megous.com wrote:
> From: Ondrej Jirman <megous at megous.com>
>
> There are two problems here:
>
> 1. Not all clk_data->hws[] need to be initialized, depending on various
>    configured quirks. This leads to NULL ptr deref in
>    clk_hw_unregister_gate() in sun8i_tcon_top_unbind()
> 2. If there is error when registering the clk_data->hws[],
>    err_unregister_gates error path will try to unregister
>    IS_ERR()=true (invalid) pointer.
>
> For problem (1) I have this stack trace:
>
> Unable to handle kernel NULL pointer dereference at virtual
>   address 0000000000000008
> Call trace:
>  clk_hw_unregister+0x8/0x18
>  clk_hw_unregister_gate+0x14/0x28
>  sun8i_tcon_top_unbind+0x2c/0x60
>  component_unbind.isra.4+0x2c/0x50
>  component_bind_all+0x1d4/0x230
>  sun4i_drv_bind+0xc4/0x1a0
>  try_to_bring_up_master+0x164/0x1c0
>  __component_add+0xa0/0x168
>  component_add+0x10/0x18
>  sun8i_dw_hdmi_probe+0x18/0x20
>  platform_drv_probe+0x3c/0x70
>  really_probe+0xcc/0x278
>  driver_probe_device+0x34/0xa8
>
> Problem (2) was identified by head scratching.
>
> Signed-off-by: Ondrej Jirman <megous at megous.com>

Changed the prefix to drm/sun4i: tcon top: and applied

Thanks!
Maxime

--
Maxime Ripard, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/dri-devel/attachments/20190408/05734481/attachment.sig>


More information about the dri-devel mailing list