If attach has not been called, unloading the driver can result in a null pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned yet.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver") Signed-off-by: Jonathan Liu net147@gmail.com --- drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c index 750f2172ef08..8e9f45c5c7c1 100644 --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client) { struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi); - mipi_dsi_device_unregister(ctx->dsi); + if (ctx->dsi) { + mipi_dsi_detach(ctx->dsi); + mipi_dsi_device_unregister(ctx->dsi); + } + drm_bridge_remove(&ctx->bridge); of_node_put(ctx->host_node);
On 6/17/21 1:19 PM, Jonathan Liu wrote:
If attach has not been called, unloading the driver can result in a null pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned yet.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver") Signed-off-by: Jonathan Liu net147@gmail.com
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c index 750f2172ef08..8e9f45c5c7c1 100644 --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client) { struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi);
- mipi_dsi_device_unregister(ctx->dsi);
- if (ctx->dsi) {
mipi_dsi_detach(ctx->dsi);mipi_dsi_device_unregister(ctx->dsi);- }
- drm_bridge_remove(&ctx->bridge); of_node_put(ctx->host_node);
Looks OK to me.
Reviewed-by: Marek Vasut marex@denx.de
Thanks !
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
If attach has not been called, unloading the driver can result in a null pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned yet.
Shouldn't this be done in a brige .detach() operation instead ?
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver") Signed-off-by: Jonathan Liu net147@gmail.com
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c index 750f2172ef08..8e9f45c5c7c1 100644 --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client) { struct sn65dsi83 *ctx = i2c_get_clientdata(client);
- mipi_dsi_detach(ctx->dsi);
- mipi_dsi_device_unregister(ctx->dsi);
- if (ctx->dsi) {
mipi_dsi_detach(ctx->dsi);mipi_dsi_device_unregister(ctx->dsi);- }
- drm_bridge_remove(&ctx->bridge); of_node_put(ctx->host_node);
Hi Marek,
On Fri, 18 Jun 2021 at 00:14, Laurent Pinchart laurent.pinchart@ideasonboard.com wrote:
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
If attach has not been called, unloading the driver can result in a null pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned yet.
Shouldn't this be done in a brige .detach() operation instead ?
Could you please take a look? I don't have a working setup to test moving the code to detach.
Fixes: ceb515ba29ba6b ("drm/bridge: ti-sn65dsi83: Add TI SN65DSI83 and SN65DSI84 driver") Signed-off-by: Jonathan Liu net147@gmail.com
drivers/gpu/drm/bridge/ti-sn65dsi83.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/bridge/ti-sn65dsi83.c b/drivers/gpu/drm/bridge/ti-sn65dsi83.c index 750f2172ef08..8e9f45c5c7c1 100644 --- a/drivers/gpu/drm/bridge/ti-sn65dsi83.c +++ b/drivers/gpu/drm/bridge/ti-sn65dsi83.c @@ -671,8 +671,11 @@ static int sn65dsi83_remove(struct i2c_client *client) { struct sn65dsi83 *ctx = i2c_get_clientdata(client);
mipi_dsi_detach(ctx->dsi);mipi_dsi_device_unregister(ctx->dsi);
if (ctx->dsi) {mipi_dsi_detach(ctx->dsi);mipi_dsi_device_unregister(ctx->dsi);}drm_bridge_remove(&ctx->bridge); of_node_put(ctx->host_node);
Thanks.
Regards, Jonathan
On 6/18/21 5:06 AM, Jonathan Liu wrote:
Hi Marek,
Hi,
Hi Jonathan,
Thank you for the patch.
On Thu, Jun 17, 2021 at 09:19:25PM +1000, Jonathan Liu wrote:
If attach has not been called, unloading the driver can result in a null pointer dereference in mipi_dsi_detach as ctx->dsi has not been assigned yet.
Shouldn't this be done in a brige .detach() operation instead ?
Could you please take a look? I don't have a working setup to test moving the code to detach.
I just replied to your other email regarding bringing the chip up, so please bring your setup up first, then test this patch again, and then let's revisit this topic.
dri-devel@lists.freedesktop.org
-
Jonathan Liu -
Laurent Pinchart -
Marek Vasut