Re: [PATCH 1/6] drm/fb-helper: Avoid NULL ptr dereference in fb_set_suspend()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 28, 2017 at 07:17:43PM +0200, Noralf Trønnes wrote:
> drm_fb_helper_resume_worker() uses fb_helper->fbdev to call
> fb_set_suspend() which dereferences the pointer.
> Move sync-canceling of the resume worker in drm_fb_helper_fini() before
> setting fb_helper->fbdev to NULL.
> 
> Signed-off-by: Noralf Trønnes <noralf@xxxxxxxxxxx>
> ---
>  drivers/gpu/drm/drm_fb_helper.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/gpu/drm/drm_fb_helper.c b/drivers/gpu/drm/drm_fb_helper.c
> index 1b8f013..2e33467 100644
> --- a/drivers/gpu/drm/drm_fb_helper.c
> +++ b/drivers/gpu/drm/drm_fb_helper.c
> @@ -910,6 +910,8 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper)
>  	if (!drm_fbdev_emulation || !fb_helper)
>  		return;
>  
> +	cancel_work_sync(&fb_helper->resume_work);
> +
>  	info = fb_helper->fbdev;
>  	if (info) {
>  		if (info->cmap.len)
> @@ -918,7 +920,6 @@ void drm_fb_helper_fini(struct drm_fb_helper *fb_helper)
>  	}
>  	fb_helper->fbdev = NULL;
>  
> -	cancel_work_sync(&fb_helper->resume_work);
>  	cancel_work_sync(&fb_helper->dirty_work);

Hm, I would have moved both up, just for safety. Either way:

Reviewed-by: Daniel Vetter <daniel.vetter@xxxxxxxx>

>  
>  	mutex_lock(&kernel_fb_helper_lock);
> -- 
> 2.7.4
> 

-- 
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
_______________________________________________
dri-devel mailing list
dri-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/dri-devel




[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux