From 002c845be525939ee22899452fbe2b597d27b424 Mon Sep 17 00:00:00 2001 From: Sean Paul Date: Wed, 19 Jun 2019 14:19:47 -0400 Subject: [PATCH] drm/self_refresh: Fix possible NULL deref in failure path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If state allocation fails, we still try to give back the reference on it. Also initialize ret in case the crtc is not enabled and we hit the eject button. Fixes: 1452c25b0e60 ("drm: Add helpers to kick off self refresh mode in drivers") Cc: Daniel Vetter Cc: Jose Souza Cc: Zain Wang Cc: Tomasz Figa Cc: Ville Syrjälä Cc: Sam Ravnborg Cc: Sean Paul Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: Sean Paul Cc: David Airlie Cc: dri-devel@lists.freedesktop.org Reported-by: Dan Carpenter Reviewed-by: Daniel Vetter Signed-off-by: Sean Paul Link: https://patchwork.freedesktop.org/patch/msgid/20190619181951.192305-1-sean@poorly.run --- drivers/gpu/drm/drm_self_refresh_helper.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_self_refresh_helper.c b/drivers/gpu/drm/drm_self_refresh_helper.c index e0d2ad1f070c..4b9424a8f1f1 100644 --- a/drivers/gpu/drm/drm_self_refresh_helper.c +++ b/drivers/gpu/drm/drm_self_refresh_helper.c @@ -69,14 +69,14 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) struct drm_connector *conn; struct drm_connector_state *conn_state; struct drm_crtc_state *crtc_state; - int i, ret; + int i, ret = 0; drm_modeset_acquire_init(&ctx, 0); state = drm_atomic_state_alloc(dev); if (!state) { ret = -ENOMEM; - goto out; + goto out_drop_locks; } retry: @@ -116,6 +116,8 @@ static void drm_self_refresh_helper_entry_work(struct work_struct *work) } drm_atomic_state_put(state); + +out_drop_locks: drm_modeset_drop_locks(&ctx); drm_modeset_acquire_fini(&ctx); }