| Message ID | 20230324035909.1727356-1-treapking@chromium.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | drm/bridge: ps8640: Return NULL immediately when EDID read fail | expand |
Hi, On Thu, Mar 23, 2023 at 8:59 PM Pin-yen Lin <treapking@chromium.org> wrote: > > drm_edid_read returns NULL on error, so feeding it directly into > drm_edid_duplicate may lead to NULL pointer dereference. Add a check to > guard this. > > Fixes: 6a17b4d1b52f ("drm/bridge: ps8640: Add a cache for EDID") > Signed-off-by: Pin-yen Lin <treapking@chromium.org> > --- > > drivers/gpu/drm/bridge/parade-ps8640.c | 6 ++++++ > 1 file changed, 6 insertions(+) Given that the other patch just landed and this is a straightforward fix, I'm not doing the customary "delay" before landing and I've pushed this to drm-misc-next: 14aed8ea48e2 drm/bridge: ps8640: Return NULL immediately when EDID read fail If someone else had extra feedback on this it could always be handled in a followon patch. -Doug
On Fri, Mar 24, 2023 at 4:59 AM Pin-yen Lin <treapking@chromium.org> wrote: > > drm_edid_read returns NULL on error, so feeding it directly into > drm_edid_duplicate may lead to NULL pointer dereference. Add a check to > guard this. > > Fixes: 6a17b4d1b52f ("drm/bridge: ps8640: Add a cache for EDID") > Signed-off-by: Pin-yen Lin <treapking@chromium.org> > --- > > drivers/gpu/drm/bridge/parade-ps8640.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c > index cddbfe91f75e..b823e55650b1 100644 > --- a/drivers/gpu/drm/bridge/parade-ps8640.c > +++ b/drivers/gpu/drm/bridge/parade-ps8640.c > @@ -543,6 +543,7 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge, > struct drm_connector *connector) > { > struct ps8640 *ps_bridge = bridge_to_ps8640(bridge); > + struct device *dev = &ps_bridge->page[PAGE0_DP_CNTL]->dev; > bool poweroff = !ps_bridge->pre_enabled; > > if (!ps_bridge->edid) { > @@ -574,6 +575,11 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge, > connector->state->state); > } > > + if (!ps_bridge->edid) { > + dev_err(dev, "Failed to get EDID\n"); > + return NULL; > + } > + > return drm_edid_duplicate(ps_bridge->edid); > } > > -- > 2.40.0.348.gf938b09366-goog > Reviewed-by: Robert Foss <rfoss@kernel.org>
diff --git a/drivers/gpu/drm/bridge/parade-ps8640.c b/drivers/gpu/drm/bridge/parade-ps8640.c index cddbfe91f75e..b823e55650b1 100644 --- a/drivers/gpu/drm/bridge/parade-ps8640.c +++ b/drivers/gpu/drm/bridge/parade-ps8640.c @@ -543,6 +543,7 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge, struct drm_connector *connector) { struct ps8640 *ps_bridge = bridge_to_ps8640(bridge); + struct device *dev = &ps_bridge->page[PAGE0_DP_CNTL]->dev; bool poweroff = !ps_bridge->pre_enabled; if (!ps_bridge->edid) { @@ -574,6 +575,11 @@ static struct edid *ps8640_bridge_get_edid(struct drm_bridge *bridge, connector->state->state); } + if (!ps_bridge->edid) { + dev_err(dev, "Failed to get EDID\n"); + return NULL; + } + return drm_edid_duplicate(ps_bridge->edid); }
drm_edid_read returns NULL on error, so feeding it directly into drm_edid_duplicate may lead to NULL pointer dereference. Add a check to guard this. Fixes: 6a17b4d1b52f ("drm/bridge: ps8640: Add a cache for EDID") Signed-off-by: Pin-yen Lin <treapking@chromium.org> --- drivers/gpu/drm/bridge/parade-ps8640.c | 6 ++++++ 1 file changed, 6 insertions(+)