mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

drm/cirrus: Fix NULL pointer dereference when registering the fbdev 

cirrus_modeset_init() is initializing/registering the emulated fbdev
and, since commit c61b93fe51 ("drm/atomic: Fix remaining places where
!funcs->best_encoder is valid"), DRM internals can access/test some of
the fields in mode_config->funcs as part of the fbdev registration
process.
Make sure dev->mode_config.funcs is properly set to avoid dereferencing
a NULL pointer.

Reported-by: Mike Marshall <hubcap@omnibond.com>
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Fixes: c61b93fe51 ("drm/atomic: Fix remaining places where !funcs->best_encoder is valid")
Signed-off-by: Dave Airlie <airlied@redhat.com>
This commit is contained in:
Boris Brezillon 2016-08-09 02:16:18 +02:00 committed by Dave Airlie
parent 210a021dab
commit 36e9d08b58
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
drivers/gpu/drm/cirrus/cirrus_main.c
View File

@ -185,14 +185,23 @@ int cirrus_driver_load(struct drm_device *dev, unsigned long flags)
goto out;
}
/*
* cirrus_modeset_init() is initializing/registering the emulated fbdev
* and DRM internals can access/test some of the fields in
* mode_config->funcs as part of the fbdev registration process.
* Make sure dev->mode_config.funcs is properly set to avoid
* dereferencing a NULL pointer.
* FIXME: mode_config.funcs assignment should probably be done in
* cirrus_modeset_init() (that's a common pattern seen in other DRM
* drivers).
*/
dev->mode_config.funcs = &cirrus_mode_funcs;
r = cirrus_modeset_init(cdev);
if (r) {
dev_err(&dev->pdev->dev, "Fatal error during modeset init: %d\n", r);
goto out;
}
dev->mode_config.funcs = (void *)&cirrus_mode_funcs;
return 0;
out:
cirrus_driver_unload(dev);