Hi

Am 29.07.22 um 05:07 schrieb Zeng Jingxiang:
> From: Zeng Jingxiang <linuszeng@tencent.com>
> 
> The "plane" pointer was access before checking if it was NULL.
> 
> The drm_atomic_get_old_plane_state() function will dereference
> the pointer "plane".
> 345	struct drm_plane_state *old_plane_state =
> 		drm_atomic_get_old_plane_state(state, plane);
> 346	struct drm_plane_state *new_plane_state =
> 		drm_atomic_get_new_plane_state(state, plane);
> 
> A NULL check for "plane" indicates that it may be NULL
> 363	if (!plane || !new_plane_state || !old_plane_state)

Is this an actual bug that happens?

All planes should always have a state. Therefore the tests for 
!new_plane_state and !old_plane_state can be removed, I'd say.

Best regards
Thomas

> 
> Fixes: 977697e20b3d ("drm/atomic: Pass the full state to planes atomic disable and update")
> Fixes: 37418bf14c13 ("drm: Use state helper instead of the plane state pointer")
> Signed-off-by: Zeng Jingxiang <linuszeng@tencent.com>
> ---
>   drivers/gpu/drm/kmb/kmb_plane.c | 13 ++++++++-----
>   1 file changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/drivers/gpu/drm/kmb/kmb_plane.c b/drivers/gpu/drm/kmb/kmb_plane.c
> index 2735b8eb3537..d2bc998b65ce 100644
> --- a/drivers/gpu/drm/kmb/kmb_plane.c
> +++ b/drivers/gpu/drm/kmb/kmb_plane.c
> @@ -342,10 +342,7 @@ static void kmb_plane_set_alpha(struct kmb_drm_private *kmb,
>   static void kmb_plane_atomic_update(struct drm_plane *plane,
>   				    struct drm_atomic_state *state)
>   {
> -	struct drm_plane_state *old_plane_state = drm_atomic_get_old_plane_state(state,
> -										 plane);
> -	struct drm_plane_state *new_plane_state = drm_atomic_get_new_plane_state(state,
> -										 plane);
> +	struct drm_plane_state *old_plane_state, *new_plane_state;
>   	struct drm_framebuffer *fb;
>   	struct kmb_drm_private *kmb;
>   	unsigned int width;
> @@ -360,7 +357,13 @@ static void kmb_plane_atomic_update(struct drm_plane *plane,
>   	static dma_addr_t addr[MAX_SUB_PLANES];
>   	struct disp_cfg *init_disp_cfg;
>   
> -	if (!plane || !new_plane_state || !old_plane_state)
> +	if (!plane)
> +		return;
> +
> +	old_plane_state = drm_atomic_get_old_plane_state(state, plane);
> +	new_plane_state = drm_atomic_get_new_plane_state(state, plane);
> +
> +	if (!new_plane_state || !old_plane_state)
>   		return;
>   
>   	fb = new_plane_state->fb;

-- 
Thomas Zimmermann
Graphics Driver Developer
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev