| Message ID | 20230202045734.2773503-1-wenst@chromium.org (mailing list archive) |
|---|---|
| State | Mainlined, archived |
| Headers | show |
| Series | [v2] drm/mediatek: dp: Only trigger DRM HPD events if bridge is attached | expand |
Il 02/02/23 05:57, Chen-Yu Tsai ha scritto: > The MediaTek DisplayPort interface bridge driver starts its interrupts > as soon as its probed. However when the interrupts trigger the bridge > might not have been attached to a DRM device. As drm_helper_hpd_irq_event() > does not check whether the passed in drm_device is valid or not, a NULL > pointer passed in results in a kernel NULL pointer dereference in it. > > Check whether the bridge is attached and only trigger an HPD event if > it is. > > Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") > Signed-off-by: Chen-Yu Tsai <wenst@chromium.org> > Reviewed-by: Guillaume Ranquet <granquet@baylibre.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
On 02/02/2023 05:57, Chen-Yu Tsai wrote: > The MediaTek DisplayPort interface bridge driver starts its interrupts > as soon as its probed. However when the interrupts trigger the bridge > might not have been attached to a DRM device. As drm_helper_hpd_irq_event() > does not check whether the passed in drm_device is valid or not, a NULL > pointer passed in results in a kernel NULL pointer dereference in it. > > Check whether the bridge is attached and only trigger an HPD event if > it is. > > Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") > Signed-off-by: Chen-Yu Tsai <wenst@chromium.org> > Reviewed-by: Guillaume Ranquet <granquet@baylibre.com> Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com> > --- > Changes since v1 > - Dropped prerequisite-patch-ids > - Added Guillaume's Reviewed-by > > This applies on top of mediatek-drm-next. > > drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c > index 1f94fcc144d3..a82f53e1a146 100644 > --- a/drivers/gpu/drm/mediatek/mtk_dp.c > +++ b/drivers/gpu/drm/mediatek/mtk_dp.c > @@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev) > spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags); > > if (status & MTK_DP_THREAD_CABLE_STATE_CHG) { > - drm_helper_hpd_irq_event(mtk_dp->bridge.dev); > + if (mtk_dp->bridge.dev) > + drm_helper_hpd_irq_event(mtk_dp->bridge.dev); > > if (!mtk_dp->train_info.cable_plugged_in) { > mtk_dp_disable_sdp_aui(mtk_dp);
Hi, Chen-Yu: Chen-Yu Tsai <wenst@chromium.org> 於 2023年2月2日 週四 下午12:57寫道: > > The MediaTek DisplayPort interface bridge driver starts its interrupts > as soon as its probed. However when the interrupts trigger the bridge > might not have been attached to a DRM device. As drm_helper_hpd_irq_event() > does not check whether the passed in drm_device is valid or not, a NULL > pointer passed in results in a kernel NULL pointer dereference in it. > > Check whether the bridge is attached and only trigger an HPD event if > it is. Applied to mediatek-drm-next [1], thanks. [1] https://git.kernel.org/pub/scm/linux/kernel/git/chunkuang.hu/linux.git/log/?h=mediatek-drm-next Regards, Chun-Kuang. > > Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") > Signed-off-by: Chen-Yu Tsai <wenst@chromium.org> > Reviewed-by: Guillaume Ranquet <granquet@baylibre.com> > --- > Changes since v1 > - Dropped prerequisite-patch-ids > - Added Guillaume's Reviewed-by > > This applies on top of mediatek-drm-next. > > drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c > index 1f94fcc144d3..a82f53e1a146 100644 > --- a/drivers/gpu/drm/mediatek/mtk_dp.c > +++ b/drivers/gpu/drm/mediatek/mtk_dp.c > @@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev) > spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags); > > if (status & MTK_DP_THREAD_CABLE_STATE_CHG) { > - drm_helper_hpd_irq_event(mtk_dp->bridge.dev); > + if (mtk_dp->bridge.dev) > + drm_helper_hpd_irq_event(mtk_dp->bridge.dev); > > if (!mtk_dp->train_info.cable_plugged_in) { > mtk_dp_disable_sdp_aui(mtk_dp); > -- > 2.39.1.456.gfc5497dd1b-goog >
diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c index 1f94fcc144d3..a82f53e1a146 100644 --- a/drivers/gpu/drm/mediatek/mtk_dp.c +++ b/drivers/gpu/drm/mediatek/mtk_dp.c @@ -1823,7 +1823,8 @@ static irqreturn_t mtk_dp_hpd_event_thread(int hpd, void *dev) spin_unlock_irqrestore(&mtk_dp->irq_thread_lock, flags); if (status & MTK_DP_THREAD_CABLE_STATE_CHG) { - drm_helper_hpd_irq_event(mtk_dp->bridge.dev); + if (mtk_dp->bridge.dev) + drm_helper_hpd_irq_event(mtk_dp->bridge.dev); if (!mtk_dp->train_info.cable_plugged_in) { mtk_dp_disable_sdp_aui(mtk_dp);
The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as its probed. However when the interrupts trigger the bridge might not have been attached to a DRM device. As drm_helper_hpd_irq_event() does not check whether the passed in drm_device is valid or not, a NULL pointer passed in results in a kernel NULL pointer dereference in it. Check whether the bridge is attached and only trigger an HPD event if it is. Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver") Signed-off-by: Chen-Yu Tsai <wenst@chromium.org> Reviewed-by: Guillaume Ranquet <granquet@baylibre.com> --- Changes since v1 - Dropped prerequisite-patch-ids - Added Guillaume's Reviewed-by This applies on top of mediatek-drm-next. drivers/gpu/drm/mediatek/mtk_dp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)