[PATCH] drm/i915/dsi: Fix NULL pointer deref in vlv_dphy_param_init()

Thu Jun 26 15:58:37 UTC 2025

Hi,

On 26-Jun-25 17:24, Jani Nikula wrote:
> On Thu, 26 Jun 2025, Hans de Goede <hansg at kernel.org> wrote:
>> Commit 77ba0b856225 ("drm/i915/dsi: convert vlv_dsi.[ch] to struct
>> intel_display") added a to_intel_display(connector) call to
>> vlv_dphy_param_init() but when vlv_dphy_param_init() gets called
>> the connector object has not been initialized yet, so this leads
>> to a NULL pointer deref:
>>
>>  BUG: kernel NULL pointer dereference, address: 000000000000000c
>>  ...
>>  Hardware name: ASUSTeK COMPUTER INC. T100TA/T100TA, BIOS T100TA.314 08/13/2015
>>  RIP: 0010:vlv_dsi_init+0x4e6/0x1600 [i915]
>>  ...
>>  Call Trace:
>>   <TASK>
>>   ? intel_step_name+0x4be8/0x5c30 [i915]
>>   intel_setup_outputs+0x2d6/0xbd0 [i915]
>>   intel_display_driver_probe_nogem+0x13f/0x220 [i915]
>>   i915_driver_probe+0x3d9/0xaf0 [i915]
>>
>> Use to_intel_display(&intel_dsi->base) instead to fix this.
> 
> Oops, my bad. It's misleading that the DSI init handles uninitialized
> connector so much, and the encoder has been initialized much
> earlier. But I guess this is the simplest fix.
> 
> Reviewed-by: Jani Nikula <jani.nikula at intel.com>

Thanks, I also have this fix pending which seems to have
fallen through the cracks (it was never reviewed):

https://lore.kernel.org/dri-devel/20241116093426.4989-1-hdegoede@redhat.com/

I don't have a drm git tree setup on my laptop atm, can you push
this patch (or maybe both) to the fixes branch ?

Regards,

Hans

> 
>>
>> Fixes: 77ba0b856225 ("drm/i915/dsi: convert vlv_dsi.[ch] to struct intel_display")
>> Signed-off-by: Hans de Goede <hansg at kernel.org>
>> ---
>>  drivers/gpu/drm/i915/display/vlv_dsi.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/i915/display/vlv_dsi.c b/drivers/gpu/drm/i915/display/vlv_dsi.c
>> index 21c1e10caf68..2007bb9d974d 100644
>> --- a/drivers/gpu/drm/i915/display/vlv_dsi.c
>> +++ b/drivers/gpu/drm/i915/display/vlv_dsi.c
>> @@ -1589,8 +1589,8 @@ static void vlv_dsi_add_properties(struct intel_connector *connector)
>>  
>>  static void vlv_dphy_param_init(struct intel_dsi *intel_dsi)
>>  {
>> +	struct intel_display *display = to_intel_display(&intel_dsi->base);
>>  	struct intel_connector *connector = intel_dsi->attached_connector;
>> -	struct intel_display *display = to_intel_display(connector);
>>  	struct mipi_config *mipi_config = connector->panel.vbt.dsi.config;
>>  	u32 tlpx_ns, extra_byte_count, tlpx_ui;
>>  	u32 ui_num, ui_den;
> 