[PATCH] drm/fb-helper: Fix drm_fb_helper_firmware_config() NULL pointer deref

Daniel Vetter daniel at ffwll.ch
Wed Apr 24 14:22:33 UTC 2019 

On Wed, Apr 24, 2019 at 4:06 PM Noralf Trønnes <noralf at tronnes.org> wrote:
>
>
>
> Den 23.04.2019 21.01, skrev Daniel Vetter:
> > On Tue, Apr 23, 2019 at 04:53:53PM +0200, Noralf Trønnes wrote:
> >> Non-atomic drivers like ast doesn't have connector->state set resulting
> >> in a NULL pointer deref:
> >>
> >> [   29.609593] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
> >> [   29.609619] Call Trace:
> >> [   29.609630]  ? drm_helper_probe_single_connector_modes+0x27f/0x680
> >> [   29.609640]  drm_setup_crtcs+0x431/0xd80 [drm_kms_helper]
> >> [   29.753065]  __drm_fb_helper_initial_config_and_unlock+0x6f/0x6a0
> >> [   29.753160]  ? drm_modeset_unlock_all+0x31/0x50 [drm]
> >> [   29.765758]  ast_fbdev_init+0xa8/0xc0 [ast]
> >> [   29.765762]  ast_driver_load.cold.7+0x2b3/0xe11 [ast]
> >> [   29.765775]  drm_dev_register+0x111/0x150 [drm]
> >>
> >> Fix by bailing out if the driver does not support atomic modesetting.
> >>
> >> Fixes: 09ded8af57bc ("drm/i915/fbdev: Move intel_fb_initial_config() to fbdev helper")
> >> Reported-by: Thomas Zimmermann <tzimmermann at suse.de>
> >> Cc: Daniel Vetter <daniel.vetter at ffwll.ch>
> >> Cc: Jani Nikula <jani.nikula at linux.intel.com>
> >> Signed-off-by: Noralf Trønnes <noralf at tronnes.org>
> >> ---
> >>  drivers/gpu/drm/drm_fb_helper.c | 3 +++
> >>  1 file changed, 3 insertions(+)
> >>
> >> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> >> index 2339f0f8f5a8..899c2eca26d1 100644
> >> --- a/drivers/gpu/drm/drm_fb_helper.c
> >> +++ b/drivers/gpu/drm/drm_fb_helper.c
> >> @@ -2588,6 +2588,9 @@ static bool drm_fb_helper_firmware_config(struct drm_fb_helper *fb_helper,
> >>      int num_connectors_detected = 0;
> >>      struct drm_modeset_acquire_ctx ctx;
> >>
> >> +    if (!drm_drv_uses_atomic_modeset(dev))
> >> +            return false;
> >
> > Reviewed-by: Daniel Vetter <daniel.vetter at ffwll.ch>
> >
> > I think for merging we're already past feature freeze, but
> > drm-misc-next-fixes hasn't been rolled forward yet. I think you need to
> > wait for drm-misc maintainers to do that (I pinged them already), and then
> > put this one there.
>
> I saw that -fixes was updated including Dave's i915 backported revert,
> so I have applied this to drm-misc-next-fixes.
>
> How/when will this show up in drm-misc-next? My drm_fb_helper
> refactoring needs to be rebased on this.

Ask drm-misc maintainers that they need to send out a pull request and
then backmerge drm-next into drm-misc-next for you. Adding them.
-Daniel
-- 
Daniel Vetter
Software Engineer, Intel Corporation
+41 (0) 79 365 57 48 - http://blog.ffwll.ch

More information about the dri-devel mailing list