drm/self_refresh: Fix possible NULL deref in failure path [Linux 5.3]

This Linux kernel change "drm/self_refresh: Fix possible NULL deref in failure path" is included in the Linux 5.3 release. This change is authored by Sean Paul <seanpaul [at] chromium.org> on Wed Jun 19 14:19:47 2019 -0400. The commit for this change in Linux stable tree is 002c845 (patch).

drm/self_refresh: Fix possible NULL deref in failure path

If state allocation fails, we still try to give back the reference on
it. Also initialize ret in case the crtc is not enabled and we hit the
eject button.

Fixes: 1452c25b0e60 ("drm: Add helpers to kick off self refresh mode in drivers")
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: Jose Souza <jose.souza@intel.com>
Cc: Zain Wang <wzz@rock-chips.com>
Cc: Tomasz Figa <tfiga@chromium.org>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Sean Paul <seanpaul@chromium.org>
Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Cc: Maxime Ripard <maxime.ripard@bootlin.com>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: dri-devel@lists.freedesktop.org
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20190619181951.192305-1-sean@poorly.run

There are 6 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 drivers/gpu/drm/drm_self_refresh_helper.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c
index e0d2ad1f..4b9424a 100644
--- a/drivers/gpu/drm/drm_self_refresh_helper.c
+++ b/drivers/gpu/drm/drm_self_refresh_helper.c
@@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
    struct drm_connector *conn;
    struct drm_connector_state *conn_state;
    struct drm_crtc_state *crtc_state;
-   int i, ret;
+   int i, ret = 0;

    drm_modeset_acquire_init(&ctx, 0);

    state = drm_atomic_state_alloc(dev);
    if (!state) {
        ret = -ENOMEM;
-       goto out;
+       goto out_drop_locks;
    }

 retry:
@@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work)
    }

    drm_atomic_state_put(state);
+
+out_drop_locks:
    drm_modeset_drop_locks(&ctx);
    drm_modeset_acquire_fini(&ctx);
 }

Leave a Reply

Your email address will not be published. Required fields are marked *