diff options
author | Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com> | 2018-02-22 08:09:19 +0200 |
---|---|---|
committer | Daniel Vetter <daniel.vetter@ffwll.ch> | 2018-02-22 17:11:46 +0100 |
commit | 4751cf733a1170876dd5ac46f225f5a25f59a67f (patch) | |
tree | becf80850d1043683ad7cd1a603f8fe82f4f8dbf | |
parent | 35152d1159dbb0277b18ae664dfb5b11c27fdefa (diff) |
drm/simple_kms_helper: Fix NULL pointer dereference with no active CRTC
It is possible that drm_simple_kms_plane_atomic_check called
with no CRTC set, e.g. when user-space application sets CRTC_ID/FB_ID
to 0 before doing any actual drawing. This leads to NULL pointer
dereference because in this case new CRTC state is NULL and must be
checked before accessing.
Signed-off-by: Oleksandr Andrushchenko <oleksandr_andrushchenko@epam.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/1519279759-7803-1-git-send-email-andr2000@gmail.com
-rw-r--r-- | drivers/gpu/drm/drm_simple_kms_helper.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/drivers/gpu/drm/drm_simple_kms_helper.c b/drivers/gpu/drm/drm_simple_kms_helper.c index 6c327fdbaaee..2d324a5515f9 100644 --- a/drivers/gpu/drm/drm_simple_kms_helper.c +++ b/drivers/gpu/drm/drm_simple_kms_helper.c @@ -112,12 +112,6 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane, pipe = container_of(plane, struct drm_simple_display_pipe, plane); crtc_state = drm_atomic_get_new_crtc_state(plane_state->state, &pipe->crtc); - if (!crtc_state->enable) - return 0; /* nothing to check when disabling or disabled */ - - if (crtc_state->enable) - drm_mode_get_hv_timing(&crtc_state->mode, - &clip.x2, &clip.y2); ret = drm_atomic_helper_check_plane_state(plane_state, crtc_state, &clip, @@ -128,7 +122,9 @@ static int drm_simple_kms_plane_atomic_check(struct drm_plane *plane, return ret; if (!plane_state->visible) - return -EINVAL; + return 0; + + drm_mode_get_hv_timing(&crtc_state->mode, &clip.x2, &clip.y2); if (!pipe->funcs || !pipe->funcs->check) return 0; |