From: fuyufan <fuyufan@xxxxxxxxxx>
we get (Unable to handle kernel NULL pointer dereference at virtual
address 000000000000000c) when call drm_property_blob_put().
After analysis, we get the following process:
alloc faild:
drm_atomic_set_mode_for_crtc()
drm_property_create_blob() // failed
state->mode_blob = ERR_PTR(-ENOMEM)
free illegal pointer:
__drm_atomic_helper_crtc_destroy_state()
drm_property_blob_put(state->mode_blob)
drm_mode_object_put(&blob->base); // here blob is ERR_PTR(-ENOMEM)
So do we have to determine if blob is an error code before calling drm_mode_object_put().
Signed-off-by: fuyufan <fuyufan@xxxxxxxxxx>
---
drivers/gpu/drm/drm_property.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_property.c b/drivers/gpu/drm/drm_property.c
index 69dfed57c..05dba22fe 100644
--- a/drivers/gpu/drm/drm_property.c
+++ b/drivers/gpu/drm/drm_property.c
@@ -597,7 +597,7 @@ EXPORT_SYMBOL(drm_property_create_blob);
*/
void drm_property_blob_put(struct drm_property_blob *blob)
{
- if (!blob)
+ if (IS_ERR_OR_NULL(blob))
return;
drm_mode_object_put(&blob->base);
--
2.23.0
