diff mbox series

[v2] drm: bridge: it66121: Fix invalid connector dereference

Message ID 20230901-it66121_edid-v2-1-aa59605336b9@ti.com (mailing list archive)
State New, archived
Headers show
Series [v2] drm: bridge: it66121: Fix invalid connector dereference | expand

Commit Message

Jai Luthra Sept. 1, 2023, 9:31 a.m. UTC
Fix the NULL pointer dereference when no monitor is connected, and the
sound card is opened from userspace.

Instead return an empty buffer (of zeroes) as the EDID information to
the sound framework if there is no connector attached.

Fixes: e0fd83dbe924 ("drm: bridge: it66121: Add audio support")
Reported-by: Nishanth Menon <nm@ti.com>
Closes: https://lore.kernel.org/all/20230825105849.crhon42qndxqif4i@gondola/
Reviewed-by: Helen Koike <helen.koike@collabora.com>
Signed-off-by: Jai Luthra <j-luthra@ti.com>
---
Changes in v2:
- Return an empty buffer of 0s instead of returning an error
- Lock the mutex before accessing ctx->connector
- Link to v1: https://lore.kernel.org/r/20230825-it66121_edid-v1-1-3ab54923e472@ti.com
---
 drivers/gpu/drm/bridge/ite-it66121.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)


---
base-commit: 99d99825fc075fd24b60cc9cf0fb1e20b9c16b0f
change-id: 20230825-it66121_edid-6ee98517808b

Best regards,

Comments

Aradhya Bhatia Sept. 1, 2023, 11:31 a.m. UTC | #1
On 01-Sep-23 15:01, Jai Luthra wrote:
> Fix the NULL pointer dereference when no monitor is connected, and the
> sound card is opened from userspace.
> 
> Instead return an empty buffer (of zeroes) as the EDID information to
> the sound framework if there is no connector attached.
> 
> Fixes: e0fd83dbe924 ("drm: bridge: it66121: Add audio support")
> Reported-by: Nishanth Menon <nm@ti.com>
> Closes: https://lore.kernel.org/all/20230825105849.crhon42qndxqif4i@gondola/
> Reviewed-by: Helen Koike <helen.koike@collabora.com>
> Signed-off-by: Jai Luthra <j-luthra@ti.com>

Reviewed-by: Aradhya Bhatia <a-bhatia1@ti.com>

Regards
Aradhya

> ---
> Changes in v2:
> - Return an empty buffer of 0s instead of returning an error
> - Lock the mutex before accessing ctx->connector
> - Link to v1: https://lore.kernel.org/r/20230825-it66121_edid-v1-1-3ab54923e472@ti.com
> ---
>  drivers/gpu/drm/bridge/ite-it66121.c | 12 ++++++++----
>  1 file changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/gpu/drm/bridge/ite-it66121.c b/drivers/gpu/drm/bridge/ite-it66121.c
> index 466641c77fe9..fc7f5ec5fb38 100644
> --- a/drivers/gpu/drm/bridge/ite-it66121.c
> +++ b/drivers/gpu/drm/bridge/ite-it66121.c
> @@ -1447,10 +1447,14 @@ static int it66121_audio_get_eld(struct device *dev, void *data,
>  	struct it66121_ctx *ctx = dev_get_drvdata(dev);
>  
>  	mutex_lock(&ctx->lock);
> -
> -	memcpy(buf, ctx->connector->eld,
> -	       min(sizeof(ctx->connector->eld), len));
> -
> +	if (!ctx->connector) {
> +		/* Pass en empty ELD if connector not available */
> +		dev_dbg(dev, "No connector present, passing empty EDID data");
> +		memset(buf, 0, len);
> +	} else {
> +		memcpy(buf, ctx->connector->eld,
> +		       min(sizeof(ctx->connector->eld), len));
> +	}
>  	mutex_unlock(&ctx->lock);
>  
>  	return 0;
> 
> ---
> base-commit: 99d99825fc075fd24b60cc9cf0fb1e20b9c16b0f
> change-id: 20230825-it66121_edid-6ee98517808b
> 
> Best regards,
Nishanth Menon Sept. 1, 2023, 2:10 p.m. UTC | #2
On 17:01-20230901, Aradhya Bhatia wrote:
> On 01-Sep-23 15:01, Jai Luthra wrote:
> > Fix the NULL pointer dereference when no monitor is connected, and the
> > sound card is opened from userspace.
> > 
> > Instead return an empty buffer (of zeroes) as the EDID information to
> > the sound framework if there is no connector attached.
> > 
> > Fixes: e0fd83dbe924 ("drm: bridge: it66121: Add audio support")
> > Reported-by: Nishanth Menon <nm@ti.com>
> > Closes: https://lore.kernel.org/all/20230825105849.crhon42qndxqif4i@gondola/
> > Reviewed-by: Helen Koike <helen.koike@collabora.com>
> > Signed-off-by: Jai Luthra <j-luthra@ti.com>
> 
> Reviewed-by: Aradhya Bhatia <a-bhatia1@ti.com>
> 

Tested-by: Nishanth Menon <nm@ti.com>

Log (beagleplay): https://gist.github.com/nmenon/17fea9316cbcc5ee47597a39fa5e2d6f

Tested on 99d99825fc07 (origin/master, origin/HEAD) Merge tag 'nfs-for-6.6-1' of git://git.linux-nfs.org/projects/anna/linux-nfs

Could we get this merged for rc1 cycle?
Robert Foss Sept. 5, 2023, 2:26 p.m. UTC | #3
On Fri, 1 Sep 2023 15:01:23 +0530, Jai Luthra wrote:
> Fix the NULL pointer dereference when no monitor is connected, and the
> sound card is opened from userspace.
> 
> Instead return an empty buffer (of zeroes) as the EDID information to
> the sound framework if there is no connector attached.
> 
> 
> [...]

Applied, thanks!

[1/1] drm: bridge: it66121: Fix invalid connector dereference
      https://cgit.freedesktop.org/drm/drm-misc/commit/?id=d0375f6858c4



Rob
diff mbox series

Patch

diff --git a/drivers/gpu/drm/bridge/ite-it66121.c b/drivers/gpu/drm/bridge/ite-it66121.c
index 466641c77fe9..fc7f5ec5fb38 100644
--- a/drivers/gpu/drm/bridge/ite-it66121.c
+++ b/drivers/gpu/drm/bridge/ite-it66121.c
@@ -1447,10 +1447,14 @@  static int it66121_audio_get_eld(struct device *dev, void *data,
 	struct it66121_ctx *ctx = dev_get_drvdata(dev);
 
 	mutex_lock(&ctx->lock);
-
-	memcpy(buf, ctx->connector->eld,
-	       min(sizeof(ctx->connector->eld), len));
-
+	if (!ctx->connector) {
+		/* Pass en empty ELD if connector not available */
+		dev_dbg(dev, "No connector present, passing empty EDID data");
+		memset(buf, 0, len);
+	} else {
+		memcpy(buf, ctx->connector->eld,
+		       min(sizeof(ctx->connector->eld), len));
+	}
 	mutex_unlock(&ctx->lock);
 
 	return 0;