Commit 2a34496f authored Apr 08, 2025 by Qasim Ijaz Committed by Abhinav Kumar Apr 10, 2025

drm/msm/dpu: reorder pointer operations after sanity checks to avoid NULL deref



_dpu_encoder_trigger_start dereferences "struct dpu_encoder_phys *phys"
before the sanity checks which can lead to a NULL pointer dereference if
phys is NULL.

Fix this by reordering the dereference after the sanity checks.

Fixes: 8144d17a ("drm/msm/dpu: Skip trigger flush and start for CWB")
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
Reviewed-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
Patchwork: https://patchwork.freedesktop.org/patch/647536/
Link: https://lore.kernel.org/r/20250408172223.10827-1-qasdev00@gmail.com


Signed-off-by: Abhinav Kumar <quic_abhinavk@quicinc.com>

parent 5cb1b130

drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -1666,7 +1666,7 @@ static void _dpu_encoder_trigger_flush(struct drm_encoder *drm_enc,
		*/
		static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys)
		{
		struct dpu_encoder_virt *dpu_enc = to_dpu_encoder_virt(phys->parent);
		struct dpu_encoder_virt *dpu_enc;

		if (!phys) {
		DPU_ERROR("invalid argument(s)\n");
		@@ -1678,6 +1678,8 @@ static void _dpu_encoder_trigger_start(struct dpu_encoder_phys *phys)
		return;
		}

		dpu_enc = to_dpu_encoder_virt(phys->parent);

		if (phys->parent->encoder_type == DRM_MODE_ENCODER_VIRTUAL &&
		dpu_enc->cwb_mask) {
		DPU_DEBUG("encoder %d CWB enabled, skipping\n", DRMID(phys->parent));