From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 524C4C49361 for ; Fri, 18 Jun 2021 03:06:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2A1226117A for ; Fri, 18 Jun 2021 03:06:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231693AbhFRDI2 (ORCPT ); Thu, 17 Jun 2021 23:08:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231209AbhFRDI1 (ORCPT ); Thu, 17 Jun 2021 23:08:27 -0400 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5BB4C061574 for ; Thu, 17 Jun 2021 20:06:18 -0700 (PDT) Received: by mail-pj1-x1032.google.com with SMTP id g4so4949064pjk.0 for ; Thu, 17 Jun 2021 20:06:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MF+HvSh2Ph2aJcSQ8YS6FS+dV1UC86cI16zR69oJ2u8=; b=jYJn0PjuLeGUOI9PsxEFTmfohuH85BJzoU5Rq7Fst9tN15oc/M1M6mieCH2th80v0h +56mhuRuaWRmjRG3dECTL4xdtK9p2nica6EyBFtZYTNyrxY5oo6ArQhm4nR8Q/reji2G MhbNSTEpCBm9snqP44Xr93566LvXK1Jlv52/Nii/MhWe7XSGe0efrZCezH/nA3AP0Qmf dcIUHFaQbGdlcy9KzG9UybuyDDxpd21jHoMGH4Jrdafx8i+r28H9yDrcbLFn75ov5xhm JvmoNp2SMIoGuSaU2ntbtrSdpOBxnEm0XhGbnXGtFZVQJMiaFg1PAF+JGmLTOK2+6oAj pvUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MF+HvSh2Ph2aJcSQ8YS6FS+dV1UC86cI16zR69oJ2u8=; b=RMZNqYh07lfX2s4K70epw4USFTrxrk465Y8nHmh4shDjTTJcMYUYEUC54ubJaLPKKA VkOue9L5jcP4Y4xcEzJXL8mVoOBJmshLSwFQY2q7NDOOgFggvPzvXRfeENIBQCjIkcYr 2etvqipuB42GV1VxHlNIdHb4pQh0gVrJxm9oCe4+6pg6/+YCcWXmKN+X9rF9TmnAqifo rKw+4d43tP5OdD1FM8XU5W/Iqa65l65UzU6rwHPoX6HHZUkTI5js3YQzx9GuX7wk+Gvd c07GHHzRvDdrGbX6hNU5x+5v1Yd48Zguutke7C84NhnNFVTuB9VVl2yvv3O7aVY8e01q UCAg== X-Gm-Message-State: AOAM532Css7tKIEA9qCfORUxPe+8nu6rAWDYV8flkxXXrK/tfgJm9tM7 DYSsjp1FsyOb+nImG1WmRP/xQiJxonJxP8zpa4M= X-Google-Smtp-Source: ABdhPJzd3QjZo222960R4VEwMcg19qhdCaLwAOfwGm2SrRnSgF82Mc4zLEOH80+DEn9D9NbzapHzspaopRQih7B/NHE= X-Received: by 2002:a17:90a:e98f:: with SMTP id v15mr19574185pjy.235.1623985578289; Thu, 17 Jun 2021 20:06:18 -0700 (PDT) MIME-Version: 1.0 References: <20210617111925.162120-1-net147@gmail.com> In-Reply-To: From: Jonathan Liu Date: Fri, 18 Jun 2021 13:06:07 +1000 Message-ID: Subject: Re: [PATCH] drm/bridge: ti-sn65dsi83: Fix null pointer dereference in remove callback To: Laurent Pinchart , Marek Vasut Cc: dri-devel , linux-kernel , Andrzej Hajda , Neil Armstrong , Robert Foss , Jonas Karlman , Jernej Skrabec , David Airlie , Daniel Vetter , Linus Walleij , Frieder Schrempf Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Marek, On Fri, 18 Jun 2021 at 00:14, Laurent Pinchart wrote: > > Hi Jonathan, > > Thank you for the patch. > > On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote: > > If attach has not been called, unloading the driver can result in a null > > pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned > > yet. > > Shouldn't this be done in a brige .detach() operation instead ? > Could you please take a look? I don't have a working setup to test moving the code to detach. > > Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver") > > Signed-off-by: Jonathan Liu > > --- > > drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++-- > > 1 file changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c > > index 750f2172ef08..8e9f45c5c7c1 100644 > > --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c > > +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c > > @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client) > > { > > struct sn65dsi83 *ctx = i2c_get_clientdata(client); > > > > - mipi_dsi_detach(ctx->dsi); > > - mipi_dsi_device_unregister(ctx->dsi); > > + if (ctx->dsi) { > > + mipi_dsi_detach(ctx->dsi); > > + mipi_dsi_device_unregister(ctx->dsi); > > + } > > + > > drm_bridge_remove(&ctx->bridge); > > of_node_put(ctx->host_node); > > Thanks. Regards, Jonathan