diff options
| author | Qasim Ijaz <qasdev00@gmail.com> | 2025-04-08 18:22:23 +0100 |
|---|---|---|
| committer | Abhinav Kumar <quic_abhinavk@quicinc.com> | 2025-04-10 13:22:12 -0700 |
| commit | 2a34496fef841e8d89a4ccd1a48c7fd664b5c84f (patch) | |
| tree | 99bc9c182c59484f65c9418cfad9b941bddfc45f | |
| parent | 5cb1b130e1cd04239cc9c26a98279f4660dce583 (diff) | |
| download | linux-stable-2a34496fef841e8d89a4ccd1a48c7fd664b5c84f.tar.gz linux-stable-2a34496fef841e8d89a4ccd1a48c7fd664b5c84f.tar.bz2 linux-stable-2a34496fef841e8d89a4ccd1a48c7fd664b5c84f.zip | |
drm/msm/dpu: reorder pointer operations after sanity checks to avoid NULL deref
_dpu_encoder_trigger_start dereferences "struct dpu_encoder_phys *phys"
before the sanity checks which can lead to a NULL pointer dereference if
phys is NULL.
Fix this by reordering the dereference after the sanity checks.
Fixes: 8144d17a81d9 ("drm/msm/dpu: Skip trigger flush and start for CWB")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Reviewed-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/647536/
Link: https://lore.kernel.org/r/20250408172223.10827-1-qasdev00@gmail.com
Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
| -rw-r--r-- | drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index 284e69bb47c1..dd13dc4e95a4 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -1666,7 +1666,7 @@ static void _dpu_encoder_trigger_flush(struct drm_encoder *drm_enc, */ static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys) { - struct dpu_encoder_virt *dpu_enc = to_dpu_encoder_virt(phys->parent); + struct dpu_encoder_virt *dpu_enc; if (!phys) { DPU_ERROR("invalid argument(s)\n"); @@ -1678,6 +1678,8 @@ static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys) return; } + dpu_enc = to_dpu_encoder_virt(phys->parent); + if (phys->parent->encoder_type == DRM_MODE_ENCODER_VIRTUAL && dpu_enc->cwb_mask) { DPU_DEBUG("encoder %d CWB enabled, skipping\n", DRMID(phys->parent)); |