| Message ID | 20190619181951.192305-1-sean@poorly.run (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/self_refresh: Fix possible NULL deref in failure path | expand |
On Wed, Jun 19, 2019 at 02:19:47PM -0400, Sean Paul wrote: > From: Sean Paul <seanpaul@chromium.org> > > If state allocation fails, we still try to give back the reference on > it. Also initialize ret in case the crtc is not enabled and we hit the > eject button. > > Fixes: 1452c25b0e60 ("drm: Add helpers to kick off self refresh mode in drivers") > Cc: Daniel Vetter <daniel@ffwll.ch> > Cc: Jose Souza <jose.souza@intel.com> > Cc: Zain Wang <wzz@rock-chips.com> > Cc: Tomasz Figa <tfiga@chromium.org> > Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> > Cc: Sam Ravnborg <sam@ravnborg.org> > Cc: Sean Paul <seanpaul@chromium.org> > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > Cc: Maxime Ripard <maxime.ripard@bootlin.com> > Cc: Sean Paul <sean@poorly.run> > Cc: David Airlie <airlied@linux.ie> > Cc: dri-devel@lists.freedesktop.org > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > Signed-off-by: Sean Paul <seanpaul@chromium.org> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> > --- > drivers/gpu/drm/drm_self_refresh_helper.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c > index e0d2ad1f070cb..4b9424a8f1f1c 100644 > --- a/drivers/gpu/drm/drm_self_refresh_helper.c > +++ b/drivers/gpu/drm/drm_self_refresh_helper.c > @@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > struct drm_connector *conn; > struct drm_connector_state *conn_state; > struct drm_crtc_state *crtc_state; > - int i, ret; > + int i, ret = 0; > > drm_modeset_acquire_init(&ctx, 0); > > state = drm_atomic_state_alloc(dev); > if (!state) { > ret = -ENOMEM; > - goto out; > + goto out_drop_locks; > } > > retry: > @@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > } > > drm_atomic_state_put(state); > + > +out_drop_locks: > drm_modeset_drop_locks(&ctx); > drm_modeset_acquire_fini(&ctx); > } > -- > Sean Paul, Software Engineer, Google / Chromium OS >
On Thu, Jun 20, 2019 at 01:28:55PM +0200, Daniel Vetter wrote: > On Wed, Jun 19, 2019 at 02:19:47PM -0400, Sean Paul wrote: > > From: Sean Paul <seanpaul@chromium.org> > > > > If state allocation fails, we still try to give back the reference on > > it. Also initialize ret in case the crtc is not enabled and we hit the > > eject button. > > > > Fixes: 1452c25b0e60 ("drm: Add helpers to kick off self refresh mode in drivers") > > Cc: Daniel Vetter <daniel@ffwll.ch> > > Cc: Jose Souza <jose.souza@intel.com> > > Cc: Zain Wang <wzz@rock-chips.com> > > Cc: Tomasz Figa <tfiga@chromium.org> > > Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> > > Cc: Sam Ravnborg <sam@ravnborg.org> > > Cc: Sean Paul <seanpaul@chromium.org> > > Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> > > Cc: Maxime Ripard <maxime.ripard@bootlin.com> > > Cc: Sean Paul <sean@poorly.run> > > Cc: David Airlie <airlied@linux.ie> > > Cc: dri-devel@lists.freedesktop.org > > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > > Signed-off-by: Sean Paul <seanpaul@chromium.org> > > Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> > Applied to -misc-next, thanks! Sean > > --- > > drivers/gpu/drm/drm_self_refresh_helper.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c > > index e0d2ad1f070cb..4b9424a8f1f1c 100644 > > --- a/drivers/gpu/drm/drm_self_refresh_helper.c > > +++ b/drivers/gpu/drm/drm_self_refresh_helper.c > > @@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > > struct drm_connector *conn; > > struct drm_connector_state *conn_state; > > struct drm_crtc_state *crtc_state; > > - int i, ret; > > + int i, ret = 0; > > > > drm_modeset_acquire_init(&ctx, 0); > > > > state = drm_atomic_state_alloc(dev); > > if (!state) { > > ret = -ENOMEM; > > - goto out; > > + goto out_drop_locks; > > } > > > > retry: > > @@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) > > } > > > > drm_atomic_state_put(state); > > + > > +out_drop_locks: > > drm_modeset_drop_locks(&ctx); > > drm_modeset_acquire_fini(&ctx); > > } > > -- > > Sean Paul, Software Engineer, Google / Chromium OS > > > > -- > Daniel Vetter > Software Engineer, Intel Corporation > http://blog.ffwll.ch
diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c index e0d2ad1f070cb..4b9424a8f1f1c 100644 --- a/drivers/gpu/drm/drm_self_refresh_helper.c +++ b/drivers/gpu/drm/drm_self_refresh_helper.c @@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) struct drm_connector *conn; struct drm_connector_state *conn_state; struct drm_crtc_state *crtc_state; - int i, ret; + int i, ret = 0; drm_modeset_acquire_init(&ctx, 0); state = drm_atomic_state_alloc(dev); if (!state) { ret = -ENOMEM; - goto out; + goto out_drop_locks; } retry: @@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) } drm_atomic_state_put(state); + +out_drop_locks: drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); }