Commit 796762f0 authored by Thomas Zimmermann's avatar Thomas Zimmermann Committed by Rob Clark

drm/msm: Fix possible uninitialized access in fbdev

Do not run drm_fb_helper_unprepare() if fbdev allocation fails. Avoids
access to an uninitialized pointer. Original bug report is at [1].
Reported-by: default avatarkernel test robot <lkp@intel.com>
Signed-off-by: default avatarThomas Zimmermann <tzimmermann@suse.de>
Fixes: 3fb1f62f ("drm/fb-helper: Remove drm_fb_helper_unprepare() from drm_fb_helper_fini()")
Link: https://lore.kernel.org/oe-kbuild-all/202302220810.9dymwCQ8-lkp@intel.com/ # 1
Reviewed-by: default avatarDmitry Baryshkov <dmitry.baryshkov@linaro.org>
Patchwork: https://patchwork.freedesktop.org/patch/523715/
Link: https://lore.kernel.org/r/20230222123712.5049-1-tzimmermann@suse.deSigned-off-by: default avatarRob Clark <robdclark@chromium.org>
parent 8a86f213
...@@ -136,13 +136,13 @@ static const struct drm_fb_helper_funcs msm_fb_helper_funcs = { ...@@ -136,13 +136,13 @@ static const struct drm_fb_helper_funcs msm_fb_helper_funcs = {
struct drm_fb_helper *msm_fbdev_init(struct drm_device *dev) struct drm_fb_helper *msm_fbdev_init(struct drm_device *dev)
{ {
struct msm_drm_private *priv = dev->dev_private; struct msm_drm_private *priv = dev->dev_private;
struct msm_fbdev *fbdev = NULL; struct msm_fbdev *fbdev;
struct drm_fb_helper *helper; struct drm_fb_helper *helper;
int ret; int ret;
fbdev = kzalloc(sizeof(*fbdev), GFP_KERNEL); fbdev = kzalloc(sizeof(*fbdev), GFP_KERNEL);
if (!fbdev) if (!fbdev)
goto fail; return NULL;
helper = &fbdev->base; helper = &fbdev->base;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment