Re: [PATCH 1/1] drm/mediatek: Fix access violation in mtk_drm_crtc_dma_dev_get
From: CK Hu (胡俊光)
Date: Thu Nov 09 2023 - 21:00:43 EST
Hi, Stuart:
On Fri, 2023-11-10 at 09:29 +0800, Stuart Lee wrote:
> Add error handling to check NULL input in
> mtk_drm_crtc_dma_dev_get function.
>
> While display path is not configured correctly, none of crtc is
> established. So the caller of mtk_drm_crtc_dma_dev_get may pass
> input parameter *crtc as NULL, Which may cause coredump when
> we try to get the container of NULL pointer.
Reviewed-by: CK Hu <ck.hu@xxxxxxxxxxxx>
>
> Fixes: cb1d6bcca542 ("drm/mediatek: Add dma dev get function")
> Signed-off-by: Stuart Lee <stuart.lee@xxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> ---
> drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> index c277b9fae950..047c9a31d306 100644
> --- a/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> +++ b/drivers/gpu/drm/mediatek/mtk_drm_crtc.c
> @@ -921,7 +921,14 @@ static int mtk_drm_crtc_init_comp_planes(struct
> drm_device *drm_dev,
>
> struct device *mtk_drm_crtc_dma_dev_get(struct drm_crtc *crtc)
> {
> - struct mtk_drm_crtc *mtk_crtc = to_mtk_crtc(crtc);
> + struct mtk_drm_crtc *mtk_crtc = NULL;
> +
> + if (!crtc)
> + return NULL;
> +
> + mtk_crtc = to_mtk_crtc(crtc);
> + if (!mtk_crtc)
> + return NULL;
>
> return mtk_crtc->dma_dev;
> }