Re: [PATCH] drm/vc4: Fix NULL pointer access in vc4_platform_drm_probe()
From: Dave Stevenson
Date: Mon Nov 21 2022 - 06:19:38 EST
Hi Lino
On Sun, 20 Nov 2022 at 15:26, Lino Sanfilippo <LinoSanfilippo@xxxxxx> wrote:
>
> From: Lino Sanfilippo <l.sanfilippo@xxxxxxxxxx>
>
> In vc4_platform_drm_probe() function vc4_match_add_drivers() is called to
> find component matches for the component drivers. If no such match is found
> the passed variable "match" is still NULL after the function returns.
This would imply a very strange device tree that has bothered to add
the drm device but none of the devices that are required to run the
DRM pipeline, but avoiding a NULL deref is certainly preferable.
> Do not pass "match" to component_master_add_with_match() in this case since
> this results in a NULL pointer access as soon as match->num is used to
> allocate a component_match array. Instead return with -ENODEV from the
> drivers probe function.
>
> Fixes: c8b75bca92cb ("drm/vc4: Add KMS support for Raspberry Pi.")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Lino Sanfilippo <l.sanfilippo@xxxxxxxxxx>
Acked-by: Dave Stevenson <dave.stevenson@xxxxxxxxxxxxxxx>
> ---
> drivers/gpu/drm/vc4/vc4_drv.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/gpu/drm/vc4/vc4_drv.c b/drivers/gpu/drm/vc4/vc4_drv.c
> index 2027063fdc30..2e53d7f8ad44 100644
> --- a/drivers/gpu/drm/vc4/vc4_drv.c
> +++ b/drivers/gpu/drm/vc4/vc4_drv.c
> @@ -437,6 +437,9 @@ static int vc4_platform_drm_probe(struct platform_device *pdev)
> vc4_match_add_drivers(dev, &match,
> component_drivers, ARRAY_SIZE(component_drivers));
>
> + if (!match)
> + return -ENODEV;
> +
> return component_master_add_with_match(dev, &vc4_drm_ops, match);
> }
>
>
> base-commit: 30a0b95b1335e12efef89dd78518ed3e4a71a763
> --
> 2.36.1
>