| From bfeb74ce60f89c65a174f7d121ee8fc9d3eed77f Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Wed, 20 Oct 2021 10:57:33 -0700 |
| Subject: drm/msm: Fix potential NULL dereference in DPU SSPP |
| |
| From: Jessica Zhang <jesszhan@codeaurora.org> |
| |
| [ Upstream commit 8bf71a5719b6cc5b6ba358096081e5d50ea23ab6 ] |
| |
| Move initialization of sblk in _sspp_subblk_offset() after NULL check to |
| avoid potential NULL pointer dereference. |
| |
| Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support") |
| Reported-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Signed-off-by: Jessica Zhang <jesszhan@codeaurora.org> |
| Link: https://lore.kernel.org/r/20211020175733.3379-1-jesszhan@codeaurora.org |
| Signed-off-by: Rob Clark <robdclark@chromium.org> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c | 8 +++++--- |
| 1 file changed, 5 insertions(+), 3 deletions(-) |
| |
| diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c |
| index 4f8b813aab810..8256f06218d0f 100644 |
| --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c |
| +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.c |
| @@ -137,11 +137,13 @@ static int _sspp_subblk_offset(struct dpu_hw_pipe *ctx, |
| u32 *idx) |
| { |
| int rc = 0; |
| - const struct dpu_sspp_sub_blks *sblk = ctx->cap->sblk; |
| + const struct dpu_sspp_sub_blks *sblk; |
| |
| - if (!ctx) |
| + if (!ctx || !ctx->cap || !ctx->cap->sblk) |
| return -EINVAL; |
| |
| + sblk = ctx->cap->sblk; |
| + |
| switch (s_id) { |
| case DPU_SSPP_SRC: |
| *idx = sblk->src_blk.base; |
| @@ -404,7 +406,7 @@ static void _dpu_hw_sspp_setup_scaler3(struct dpu_hw_pipe *ctx, |
| |
| (void)pe; |
| if (_sspp_subblk_offset(ctx, DPU_SSPP_SCALER_QSEED3, &idx) || !sspp |
| - || !scaler3_cfg || !ctx || !ctx->cap || !ctx->cap->sblk) |
| + || !scaler3_cfg) |
| return; |
| |
| dpu_hw_setup_scaler3(&ctx->hw, scaler3_cfg, idx, |
| -- |
| 2.33.0 |
| |