* [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-17 11:19 ` Jonathan Liu
0 siblings, 0 replies; 10+ messages in thread
From: Jonathan Liu @ 2021-06-17 11:19 UTC (permalink / raw)
To: dri-devel, linux-kernel
Cc: Jonathan Liu, Andrzej Hajda, Neil Armstrong, Robert Foss,
Laurent Pinchart, Jonas Karlman, Jernej Skrabec, David Airlie,
Daniel Vetter, Linus Walleij, Marek Vasut, Frieder Schrempf
If attach has not been called, unloading the driver can result in a null
pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
yet.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
Signed-off-by: Jonathan Liu <net147@gmail.com>
---
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
index 750f2172ef08..8e9f45c5c7c1 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
@@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
{
struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi);
- mipi_dsi_device_unregister(ctx->dsi);
+ if (ctx->dsi) {
+ mipi_dsi_detach(ctx->dsi);
+ mipi_dsi_device_unregister(ctx->dsi);
+ }
+
drm_bridge_remove(&ctx->bridge);
of_node_put(ctx->host_node);
--
2.32.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-17 11:19 ` Jonathan Liu
0 siblings, 0 replies; 10+ messages in thread
From: Jonathan Liu @ 2021-06-17 11:19 UTC (permalink / raw)
To: dri-devel, linux-kernel
Cc: Marek Vasut, Jonathan Liu, Jernej Skrabec, Jonas Karlman,
David Airlie, Neil Armstrong, Robert Foss, Frieder Schrempf,
Andrzej Hajda, Laurent Pinchart
If attach has not been called, unloading the driver can result in a null
pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
yet.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
Signed-off-by: Jonathan Liu <net147@gmail.com>
---
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
index 750f2172ef08..8e9f45c5c7c1 100644
--- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
+++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
@@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
{
struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi);
- mipi_dsi_device_unregister(ctx->dsi);
+ if (ctx->dsi) {
+ mipi_dsi_detach(ctx->dsi);
+ mipi_dsi_device_unregister(ctx->dsi);
+ }
+
drm_bridge_remove(&ctx->bridge);
of_node_put(ctx->host_node);
--
2.32.0
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
2021-06-17 11:19 ` Jonathan Liu
@ 2021-06-17 12:49 ` Marek Vasut
-1 siblings, 0 replies; 10+ messages in thread
From: Marek Vasut @ 2021-06-17 12:49 UTC (permalink / raw)
To: Jonathan Liu, dri-devel, linux-kernel
Cc: Andrzej Hajda, Neil Armstrong, Robert Foss, Laurent Pinchart,
Jonas Karlman, Jernej Skrabec, David Airlie, Daniel Vetter,
Linus Walleij, Frieder Schrempf
On 6/17/21 1:19 PM, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
>
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <net147@gmail.com>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
Looks OK to me.
Reviewed-by: Marek Vasut <marex@denx.de>
Thanks !
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-17 12:49 ` Marek Vasut
0 siblings, 0 replies; 10+ messages in thread
From: Marek Vasut @ 2021-06-17 12:49 UTC (permalink / raw)
To: Jonathan Liu, dri-devel, linux-kernel
Cc: Jonas Karlman, David Airlie, Robert Foss, Neil Armstrong,
Jernej Skrabec, Frieder Schrempf, Andrzej Hajda,
Laurent Pinchart
On 6/17/21 1:19 PM, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
>
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <net147@gmail.com>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
Looks OK to me.
Reviewed-by: Marek Vasut <marex@denx.de>
Thanks !
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
2021-06-17 11:19 ` Jonathan Liu
@ 2021-06-17 14:13 ` Laurent Pinchart
-1 siblings, 0 replies; 10+ messages in thread
From: Laurent Pinchart @ 2021-06-17 14:13 UTC (permalink / raw)
To: Jonathan Liu
Cc: dri-devel, linux-kernel, Andrzej Hajda, Neil Armstrong,
Robert Foss, Jonas Karlman, Jernej Skrabec, David Airlie,
Daniel Vetter, Linus Walleij, Marek Vasut, Frieder Schrempf
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
Shouldn't this be done in a brige .detach() operation instead ?
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <net147@gmail.com>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
>
--
Regards,
Laurent Pinchart
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-17 14:13 ` Laurent Pinchart
0 siblings, 0 replies; 10+ messages in thread
From: Laurent Pinchart @ 2021-06-17 14:13 UTC (permalink / raw)
To: Jonathan Liu
Cc: Marek Vasut, Jernej Skrabec, Jonas Karlman, David Airlie,
Neil Armstrong, linux-kernel, Robert Foss, Frieder Schrempf,
Andrzej Hajda, dri-devel
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> If attach has not been called, unloading the driver can result in a null
> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> yet.
Shouldn't this be done in a brige .detach() operation instead ?
> Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> Signed-off-by: Jonathan Liu <net147@gmail.com>
> ---
> drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> index 750f2172ef08..8e9f45c5c7c1 100644
> --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> {
> struct sn65dsi83 *ctx = i2c_get_clientdata(client);
>
> - mipi_dsi_detach(ctx->dsi);
> - mipi_dsi_device_unregister(ctx->dsi);
> + if (ctx->dsi) {
> + mipi_dsi_detach(ctx->dsi);
> + mipi_dsi_device_unregister(ctx->dsi);
> + }
> +
> drm_bridge_remove(&ctx->bridge);
> of_node_put(ctx->host_node);
>
--
Regards,
Laurent Pinchart
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
2021-06-17 14:13 ` Laurent Pinchart
@ 2021-06-18 3:06 ` Jonathan Liu
-1 siblings, 0 replies; 10+ messages in thread
From: Jonathan Liu @ 2021-06-18 3:06 UTC (permalink / raw)
To: Laurent Pinchart, Marek Vasut
Cc: dri-devel, linux-kernel, Andrzej Hajda, Neil Armstrong,
Robert Foss, Jonas Karlman, Jernej Skrabec, David Airlie,
Daniel Vetter, Linus Walleij, Frieder Schrempf
Hi Marek,
On Fri, 18 Jun 2021 at 00:14, Laurent Pinchart
<laurent.pinchart@ideasonboard.com> wrote:
>
> Hi Jonathan,
>
> Thank you for the patch.
>
> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> > If attach has not been called, unloading the driver can result in a null
> > pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> > yet.
>
> Shouldn't this be done in a brige .detach() operation instead ?
>
Could you please take a look?
I don't have a working setup to test moving the code to detach.
> > Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> > Signed-off-by: Jonathan Liu <net147@gmail.com>
> > ---
> > drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > index 750f2172ef08..8e9f45c5c7c1 100644
> > --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> > {
> > struct sn65dsi83 *ctx = i2c_get_clientdata(client);
> >
> > - mipi_dsi_detach(ctx->dsi);
> > - mipi_dsi_device_unregister(ctx->dsi);
> > + if (ctx->dsi) {
> > + mipi_dsi_detach(ctx->dsi);
> > + mipi_dsi_device_unregister(ctx->dsi);
> > + }
> > +
> > drm_bridge_remove(&ctx->bridge);
> > of_node_put(ctx->host_node);
> >
Thanks.
Regards,
Jonathan
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-18 3:06 ` Jonathan Liu
0 siblings, 0 replies; 10+ messages in thread
From: Jonathan Liu @ 2021-06-18 3:06 UTC (permalink / raw)
To: Laurent Pinchart, Marek Vasut
Cc: Jernej Skrabec, Jonas Karlman, David Airlie, Neil Armstrong,
linux-kernel, Robert Foss, Frieder Schrempf, Andrzej Hajda,
dri-devel
Hi Marek,
On Fri, 18 Jun 2021 at 00:14, Laurent Pinchart
<laurent.pinchart@ideasonboard.com> wrote:
>
> Hi Jonathan,
>
> Thank you for the patch.
>
> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
> > If attach has not been called, unloading the driver can result in a null
> > pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
> > yet.
>
> Shouldn't this be done in a brige .detach() operation instead ?
>
Could you please take a look?
I don't have a working setup to test moving the code to detach.
> > Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver")
> > Signed-off-by: Jonathan Liu <net147@gmail.com>
> > ---
> > drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > index 750f2172ef08..8e9f45c5c7c1 100644
> > --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c
> > @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client)
> > {
> > struct sn65dsi83 *ctx = i2c_get_clientdata(client);
> >
> > - mipi_dsi_detach(ctx->dsi);
> > - mipi_dsi_device_unregister(ctx->dsi);
> > + if (ctx->dsi) {
> > + mipi_dsi_detach(ctx->dsi);
> > + mipi_dsi_device_unregister(ctx->dsi);
> > + }
> > +
> > drm_bridge_remove(&ctx->bridge);
> > of_node_put(ctx->host_node);
> >
Thanks.
Regards,
Jonathan
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
2021-06-18 3:06 ` Jonathan Liu
@ 2021-06-18 5:40 ` Marek Vasut
-1 siblings, 0 replies; 10+ messages in thread
From: Marek Vasut @ 2021-06-18 5:40 UTC (permalink / raw)
To: Jonathan Liu, Laurent Pinchart
Cc: dri-devel, linux-kernel, Andrzej Hajda, Neil Armstrong,
Robert Foss, Jonas Karlman, Jernej Skrabec, David Airlie,
Daniel Vetter, Linus Walleij, Frieder Schrempf
On 6/18/21 5:06 AM, Jonathan Liu wrote:
> Hi Marek,
Hi,
>> Hi Jonathan,
>>
>> Thank you for the patch.
>>
>> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
>>> If attach has not been called, unloading the driver can result in a null
>>> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
>>> yet.
>>
>> Shouldn't this be done in a brige .detach() operation instead ?
>>
>
> Could you please take a look?
> I don't have a working setup to test moving the code to detach.
I just replied to your other email regarding bringing the chip up, so
please bring your setup up first, then test this patch again, and then
let's revisit this topic.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback
@ 2021-06-18 5:40 ` Marek Vasut
0 siblings, 0 replies; 10+ messages in thread
From: Marek Vasut @ 2021-06-18 5:40 UTC (permalink / raw)
To: Jonathan Liu, Laurent Pinchart
Cc: Jernej Skrabec, Jonas Karlman, David Airlie, Neil Armstrong,
linux-kernel, Robert Foss, Frieder Schrempf, Andrzej Hajda,
dri-devel
On 6/18/21 5:06 AM, Jonathan Liu wrote:
> Hi Marek,
Hi,
>> Hi Jonathan,
>>
>> Thank you for the patch.
>>
>> On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
>>> If attach has not been called, unloading the driver can result in a null
>>> pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned
>>> yet.
>>
>> Shouldn't this be done in a brige .detach() operation instead ?
>>
>
> Could you please take a look?
> I don't have a working setup to test moving the code to detach.
I just replied to your other email regarding bringing the chip up, so
please bring your setup up first, then test this patch again, and then
let's revisit this topic.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2021-06-18 5:41 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-17 11:19 [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback Jonathan Liu
2021-06-17 11:19 ` Jonathan Liu
2021-06-17 12:49 ` Marek Vasut
2021-06-17 12:49 ` Marek Vasut
2021-06-17 14:13 ` Laurent Pinchart
2021-06-17 14:13 ` Laurent Pinchart
2021-06-18 3:06 ` Jonathan Liu
2021-06-18 3:06 ` Jonathan Liu
2021-06-18 5:40 ` Marek Vasut
2021-06-18 5:40 ` Marek Vasut
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.