[PATCH 1/2] drm/atomic: Don't pollute crtc_state->mode_blob with error pointers

Ville Syrjälä ville.syrjala at linux.intel.com
Wed Feb 16 11:19:35 UTC 2022


On Wed, Feb 09, 2022 at 11:19:27AM +0200, Ville Syrjala wrote:
> From: Ville Syrjälä <ville.syrjala at linux.intel.com>
> 
> Make sure we don't assign an error pointer to crtc_state->mode_blob
> as that will break all kinds of places that assume either NULL or a
> valid pointer (eg. drm_property_blob_put()).
> 
> Reported-by: fuyufan <fuyufan at huawei.com>
> Signed-off-by: Ville Syrjälä <ville.syrjala at linux.intel.com>

Slapped on a cc:stable just in case this can actually happen
in the wild, and pushed to drm-misc-fixes with Maxime's irc ack
(thanks).

> ---
>  drivers/gpu/drm/drm_atomic_uapi.c | 14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_atomic_uapi.c b/drivers/gpu/drm/drm_atomic_uapi.c
> index 9781722519c3..54d62fdb4ef9 100644
> --- a/drivers/gpu/drm/drm_atomic_uapi.c
> +++ b/drivers/gpu/drm/drm_atomic_uapi.c
> @@ -76,15 +76,17 @@ int drm_atomic_set_mode_for_crtc(struct drm_crtc_state *state,
>  	state->mode_blob = NULL;
>  
>  	if (mode) {
> +		struct drm_property_blob *blob;
> +
>  		drm_mode_convert_to_umode(&umode, mode);
> -		state->mode_blob =
> -			drm_property_create_blob(state->crtc->dev,
> -						 sizeof(umode),
> -						 &umode);
> -		if (IS_ERR(state->mode_blob))
> -			return PTR_ERR(state->mode_blob);
> +		blob = drm_property_create_blob(crtc->dev,
> +						sizeof(umode), &umode);
> +		if (IS_ERR(blob))
> +			return PTR_ERR(blob);
>  
>  		drm_mode_copy(&state->mode, mode);
> +
> +		state->mode_blob = blob;
>  		state->enable = true;
>  		drm_dbg_atomic(crtc->dev,
>  			       "Set [MODE:%s] for [CRTC:%d:%s] state %p\n",
> -- 
> 2.34.1

-- 
Ville Syrjälä
Intel


More information about the dri-devel mailing list